[ tor-browser ].git.dasho

permissions-policy-frame-policy-allowed-for-self.https.sub.html (9246B)
      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4  <meta name="timeout" content="long">
      5  <script src=/resources/testharness.js></script>
      6  <script src=/resources/testharnessreport.js></script>
      7 </head>
      8 <body>
      9  <script src=/permissions-policy/resources/permissions-policy.js></script>
     10  <!-- Permissions-Policy: fullscreen=self; -->
     11  <script>
     12  'use strict';
     13  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
     14  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     15  var same_origin_src = '/permissions-policy/resources/permissions-policy-allowedfeatures.html';
     16  var cross_origin_src = cross_origin + same_origin_src;
     17  var data_src = 'data:text/html,<h1>data: URL</h1>';
     18  var policies = [
     19    {allow: "*", sameOriginTestExpect: true, crossOriginTestExpect: false, dataOriginTestExpect: false},
     20    {allow: "'self'", sameOriginTestExpect: true, crossOriginTestExpect: false, dataOriginTestExpect: false},
     21    {allow: "'none'", sameOriginTestExpect: false, crossOriginTestExpect: false, dataOriginTestExpect: false},
     22    {allow: "'self' " + cross_origin + " https://www.example.com", sameOriginTestExpect: true, crossOriginTestExpect: false, dataOriginTestExpect: false}];
     23  var pipe_front = '?pipe=sub|header(Permissions-Policy, fullscreen=';
     24  var pipe_end = ';)';
     25  var header_policies = ["*", "self", "()"];
     26 
     27  // Test that frame.policy inherits from parent's header policy when allow
     28  // attribute is not specified.
     29  test(function() {
     30    test_frame_policy('fullscreen', same_origin_src, undefined, true);
     31  }, 'Test frame policy on same origin iframe inherit from header policy.');
     32  test(function() {
     33    test_frame_policy('fullscreen', cross_origin_src, undefined, false);
     34  }, 'Test frame policy on cross origin iframe inherit from header policy.');
     35  test(function() {
     36    test_frame_policy('fullscreen', undefined, true, true);
     37  }, 'Test frame policy on srcdoc iframe inherit from header policy.');
     38  test(function() {
     39    test_frame_policy('fullscreen', same_origin_src, true, true);
     40  }, 'Test frame policy on srcdoc + same origin iframe inherit from header policy.');
     41  test(function() {
     42    test_frame_policy('fullscreen', cross_origin_src, true, true);
     43  }, 'Test frame policy on srcdoc + cross origin iframe inherit from header policy.');
     44  test(function() {
     45    test_frame_policy('fullscreen', data_src, undefined, false);
     46  }, 'Test frame policy on data: URL cross origin iframe inherit from header policy.');
     47 
     48  // Test that frame policy can be used for sandboxed frames
     49  test(function() {
     50    test_frame_policy(
     51      'fullscreen', same_origin_src, undefined, false, undefined, false, true);
     52    }, 'Test frame policy on sandboxed iframe with no allow attribute.');
     53  test(function() {
     54    test_frame_policy(
     55      'fullscreen', same_origin_src, undefined, false, 'fullscreen', false, true);
     56    }, 'Test frame policy on sandboxed iframe with allow="fullscreen".');
     57  test(function() {
     58    test_frame_policy(
     59      'fullscreen', same_origin_src, undefined, false, 'fullscreen \'src\'', false, true);
     60    }, 'Test frame policy on sandboxed iframe with allow="fullscreen \'src\'".');
     61  test(function() {
     62    test_frame_policy(
     63      'fullscreen', cross_origin_src, undefined, false, 'fullscreen ' + cross_origin, false, true);
     64    }, 'Test frame policy on sandboxed iframe with allow="fullscreen ' + cross_origin + '".');
     65  test(function() {
     66    test_frame_policy(
     67      'fullscreen', undefined, true, false, 'fullscreen', false, true);
     68    }, 'Test frame policy on srcdoc sandboxed iframe with allow="fullscreen".');
     69  test(function() {
     70    test_frame_policy(
     71      'fullscreen', same_origin_src, true, false, 'fullscreen', false, true);
     72    }, 'Test frame policy on srcdoc + same origin sandboxed iframe with allow="fullscreen".');
     73  test(function() {
     74    test_frame_policy(
     75      'fullscreen', cross_origin_src, true, false, 'fullscreen', false, true);
     76    }, 'Test frame policy on srcdoc + cross origin sandboxed iframe with allow="fullscreen".');
     77  test(function() {
     78    test_frame_policy(
     79      'fullscreen', data_src, undefined, false, 'fullscreen ' + cross_origin, false, true);
     80    }, 'Test frame policy on sandboxed srcdoc iframe with allow="fullscreen ' + cross_origin + '".');
     81 
     82  // Test frame policy with allow attribute set to be one of the policies above.
     83  for (var i = 0; i < policies.length; i++) {
     84    test(function() {
     85      test_frame_policy(
     86        'fullscreen', same_origin_src, undefined,
     87        policies[i].sameOriginTestExpect,
     88        'fullscreen ' + policies[i].allow + ';');
     89    }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow + '".');
     90    test(function() {
     91      test_frame_policy(
     92        'fullscreen', cross_origin_src, undefined,
     93        policies[i].crossOriginTestExpect,
     94        'fullscreen ' + policies[i].allow + ';');
     95    }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow + '".');
     96    test(function() {
     97      test_frame_policy(
     98        'fullscreen', undefined, true, policies[i].sameOriginTestExpect,
     99        'fullscreen ' + policies[i].allow + ';');
    100    }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow + '".');
    101    test(function() {
    102      test_frame_policy(
    103        'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect,
    104        'fullscreen ' + policies[i].allow + ';');
    105    }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow + '".');
    106    test(function() {
    107      test_frame_policy(
    108        'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect,
    109        'fullscreen ' + policies[i].allow + ';');
    110    }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow + '".');
    111    test(function() {
    112      test_frame_policy(
    113        'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect,
    114        'fullscreen ' + policies[i].allow + ';');
    115    }, 'Test frame policy on data: URL origin iframe with allow = "' + policies[i].allow + '".');
    116  }
    117 
    118  // Test that the header policy of the iframe document does not change the
    119  // frame policy.
    120  for (var i = 0; i < policies.length; i++) {
    121    for (var j = 0; j < header_policies.length; j++) {
    122      test(function() {
    123        test_frame_policy(
    124          'fullscreen',
    125          same_origin_src + pipe_front + header_policies[j].replace(")", "\\)") + pipe_end,
    126          undefined, policies[i].sameOriginTestExpect,
    127          'fullscreen ' + policies[i].allow + ';');
    128      }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow +
    129         '" and header policy = "Permissions-Policy: fullscreen=' + header_policies[j] + ';".');
    130      test(function() {
    131        test_frame_policy(
    132          'fullscreen',
    133          cross_origin_src + pipe_front + header_policies[j].replace(")", "\\)") + pipe_end,
    134          undefined, policies[i].crossOriginTestExpect,
    135          'fullscreen ' + policies[i].allow + ';');
    136      }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow +
    137         '" and header policy = "Permissions-Policy: fullscreen=' + header_policies[j] + ';".');
    138    }
    139  }
    140 
    141  // Test that the allow attribute overrides allowfullscreen.
    142  for (var i = 0; i < policies.length; i++) {
    143    test(function() {
    144      test_frame_policy(
    145        'fullscreen', same_origin_src, undefined,
    146        policies[i].sameOriginTestExpect,
    147        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    148    }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow +
    149       '" and allowfullscreen.');
    150    test(function() {
    151      test_frame_policy(
    152        'fullscreen', cross_origin_src, undefined,
    153        policies[i].crossOriginTestExpect,
    154        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    155    }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow +
    156       '" and allowfullscreen.');
    157    test(function() {
    158      test_frame_policy(
    159        'fullscreen', undefined, true, policies[i].sameOriginTestExpect,
    160        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    161    }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow +
    162       '" and allowfullscreen.');
    163    test(function() {
    164      test_frame_policy(
    165        'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect,
    166        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    167    }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow +
    168       '" and allowfullscreen.');
    169    test(function() {
    170      test_frame_policy(
    171        'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect,
    172        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    173    }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow +
    174       '" and allowfullscreen.');
    175    test(function() {
    176      test_frame_policy(
    177        'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect,
    178        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
    179    }, 'Test frame policy on data: URL origin iframe with allow = "' + policies[i].allow +
    180       '" and allowfullscreen.');
    181  }
    182  </script>
    183 </body>
    184 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE