[ tor-browser ].git.dasho

permissions-policy-frame-policy-allowed-for-all.https.sub.html (7487B)
      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4  <meta name="timeout" content="long">
      5  <script src=/resources/testharness.js></script>
      6  <script src=/resources/testharnessreport.js></script>
      7 </head>
      8 <body>
      9  <script src=/permissions-policy/resources/permissions-policy.js></script>
     10  <!-- Permissions-Policy: fullscreen=*; -->
     11  <script>
     12  'use strict';
     13  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
     14  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     15  var same_origin_src = '/permissions-policy/resources/permissions-policy-allowedfeatures.html';
     16  var cross_origin_src = cross_origin + same_origin_src;
     17  var data_src = 'data:text/html,<h1>data: URL</h1>';
     18  var policies = [
     19    {allow: "*", sameOriginTestExpect: true, crossOriginTestExpect: true, dataOriginTestExpect: true},
     20    {allow: "'self'", sameOriginTestExpect: true, crossOriginTestExpect: false, dataOriginTestExpect: false},
     21    {allow: "'none'", sameOriginTestExpect: false, crossOriginTestExpect: false, dataOriginTestExpect: false},
     22    {allow: "'self' " + cross_origin + " https://www.example.com", sameOriginTestExpect: true, crossOriginTestExpect: true, dataOriginTestExpect: false}];
     23  var pipe_front = '?pipe=sub|header(Permissions-Policy,fullscreen=';
     24  var pipe_end = ';)';
     25  var header_policies = ["*", "self", "()"];
     26 
     27  // Test that frame.policy inherits from parent's header policy when allow
     28  // attribute is not specified.
     29  test(function() {
     30    test_frame_policy('fullscreen', same_origin_src, undefined, true);
     31  }, 'Test frame policy on same origin iframe inherit from header policy.');
     32  test(function() {
     33    test_frame_policy('fullscreen', cross_origin_src, undefined, false);
     34  }, 'Test frame policy on cross origin iframe does not inherit from header policy.');
     35  test(function() {
     36    test_frame_policy('fullscreen', undefined, true, true);
     37  }, 'Test frame policy on srcdoc iframe inherit from header policy.');
     38  test(function() {
     39    test_frame_policy('fullscreen', same_origin_src, true, true);
     40  }, 'Test frame policy on srcdoc+ same origin iframe inherit from header policy.');
     41  test(function() {
     42    test_frame_policy('fullscreen', cross_origin_src, true, true);
     43  }, 'Test frame policy on srcdoc+ cross origin iframe inherit from header policy.');
     44  test(function() {
     45    test_frame_policy('fullscreen', data_src, undefined, false);
     46  }, 'Test frame policy on data: URL cross origin iframe does not inherit from header policy.');
     47 
     48  // Test frame policy with allow attribute set to be one of the policies above.
     49  for (var i = 0; i < policies.length; i++) {
     50    test(function() {
     51      test_frame_policy(
     52        'fullscreen', same_origin_src, undefined,
     53        policies[i].sameOriginTestExpect,
     54        'fullscreen ' + policies[i].allow + ';');
     55    }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow + '".');
     56    test(function() {
     57      test_frame_policy(
     58        'fullscreen', cross_origin_src, undefined,
     59        policies[i].crossOriginTestExpect,
     60        'fullscreen ' + policies[i].allow + ';');
     61    }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow + '".');
     62    test(function() {
     63      test_frame_policy(
     64        'fullscreen', undefined, true, policies[i].sameOriginTestExpect,
     65        'fullscreen ' + policies[i].allow + ';');
     66    }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow + '".');
     67    test(function() {
     68      test_frame_policy(
     69        'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect,
     70        'fullscreen ' + policies[i].allow + ';');
     71    }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow + '".');
     72    test(function() {
     73      test_frame_policy(
     74        'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect,
     75        'fullscreen ' + policies[i].allow + ';');
     76    }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow + '".');
     77    test(function() {
     78      test_frame_policy(
     79        'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect,
     80        'fullscreen ' + policies[i].allow + ';');
     81    }, 'Test frame policy on data: URL cross origin iframe with allow = "' + policies[i].allow + '".');
     82  }
     83 
     84  // Test that the header policy of the iframe document does not change the
     85  // frame policy.
     86  for (var i = 0; i < policies.length; i++) {
     87    for (var j = 0; j < header_policies.length; j++) {
     88      test(function() {
     89        test_frame_policy(
     90          'fullscreen',
     91          same_origin_src + pipe_front + header_policies[j].replace(")", "\\)") + pipe_end,
     92          undefined, policies[i].sameOriginTestExpect,
     93          'fullscreen ' + policies[i].allow + ';');
     94      }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow +
     95         '" and header policy = "Permissions-Policy: fullscreen=' + header_policies[j] + ';".');
     96      test(function() {
     97        test_frame_policy(
     98          'fullscreen',
     99          cross_origin_src + pipe_front + header_policies[j].replace(")", "\\)") + pipe_end,
    100          undefined, policies[i].crossOriginTestExpect,
    101          'fullscreen ' + policies[i].allow + ';');
    102      }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow +
    103         '" and header policy = "Permissions-Policy: fullscreen=' + header_policies[j] + ';".');
    104    }
    105  }
    106 
    107  // Test that the allow attribute overrides allowfullscreen.
    108  for (var i = 0; i < policies.length; i++) {
    109    test(function() {
    110      test_frame_policy(
    111        'fullscreen', same_origin_src, undefined,
    112        policies[i].sameOriginTestExpect,
    113        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    114    }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow +
    115       '" and allowfullscreen.');
    116    test(function() {
    117      test_frame_policy(
    118        'fullscreen', cross_origin_src, undefined,
    119        policies[i].crossOriginTestExpect,
    120        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    121    }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow +
    122       '" and allowfullscreen.');
    123    test(function() {
    124      test_frame_policy(
    125        'fullscreen', undefined, true, policies[i].sameOriginTestExpect,
    126        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    127    }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow +
    128       '" and allowfullscreen.');
    129    test(function() {
    130      test_frame_policy(
    131        'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect,
    132        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    133    }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow +
    134       '" and allowfullscreen.');
    135    test(function() {
    136      test_frame_policy(
    137        'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect,
    138        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    139    }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow +
    140       '" and allowfullscreen.');
    141    test(function() {
    142      test_frame_policy(
    143        'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect,
    144        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    145    }, 'Test frame policy on data: URL cross origin iframe with allow = "' + policies[i].allow +
    146       '" and allowfullscreen.');
    147  }
    148  </script>
    149 </body>
    150 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE