tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

focus-without-user-activation-enabled.sub.html (2321B)

      1 <!DOCTYPE html>
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/testharnessreport.js"></script>
      4 <script src="./resources/common.js"></script>
      5 <title> 'focus-without-user-activation' Policy : Correctly block automatic focus when policy disabled
      6 </title>
      7 <body>
      8 <script>
      9  "use strict"
     10  // Note: According to html spec: https://html.spec.whatwg.org/#attr-fe-autofocus,
     11  // topDocument's autofocus processed flag initially is false and is set to true
     12  // after flushing autofocus candidates, i.e. flush of autofocus candidates
     13  // only happens once per page load.
     14  // In order to test the behaviour with both focus-without-user-activation on and off:
     15  // two test files are necessary:
     16  // - focus-without-user-activation-disabled-tentative.html
     17  // - focus-without-user-activation-enabled-tentative.sub.html
     18 
     19  // Cross origin subframe should not be able to use autofocus to steal focus
     20  // from main frame by default. However, with focus-without-user-activation
     21  // enabled for subframe, subframe should be able to autofocus.
     22  const url = "http://{{hosts[alt][www1]}}:{{ports[http][0]}}/permissions-policy/experimental-features/resources/focus-without-user-activation-iframe-tentative.html";
     23 
     24  function subframe_focused(subframe, event_name, timeout) {
     25    return new Promise(resolve => {
     26      window.onmessage = m => resolve(m.data.focused);
     27      subframe.contentWindow.postMessage({
     28        event: event_name,
     29        timeout: timeout
     30      }, "*");
     31    });
     32  }
     33 
     34  promise_test( async (instance) => {
     35    const frame = createIframe(document.body, {
     36      sandbox: "allow-scripts allow-same-origin",
     37      allow: "focus-without-user-activation *",
     38      src: url
     39    });
     40 
     41    await wait_for_load(frame);
     42    assert_true(await subframe_focused(frame, "autofocus", /*timeout=*/1000), "'autofocus' should work.");
     43    window.focus(); // Reset focus state in subframe.
     44    assert_true(await subframe_focused(frame, "focus-input"), "'element.focus' should work.");
     45    window.focus(); // Reset focus state in subframe.
     46    assert_true(await subframe_focused(frame, "focus-window"), "'window.focus' should work.");
     47    window.focus(); // Reset focus state in subframe.
     48  }, "When the policy is enabled, 'autofocus' and scripted focus do focus " +
     49     "the document.");
     50 </script>
     51 </body>