[ tor-browser ].git.dasho

permissions-policy-frame-policy-allowed-for-some-override.https.sub.html (4345B)
      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4  <meta name="timeout" content="long">
      5  <script src=/resources/testharness.js></script>
      6  <script src=/resources/testharnessreport.js></script>
      7 </head>
      8 <body>
      9  <script src=/permissions-policy/resources/permissions-policy.js></script>
     10  <!-- Permissions-Policy: fullscreen=self cross_origin https://www.example.com; -->
     11  <script>
     12  'use strict';
     13  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
     14  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     15  var cross_origin1 = 'https://{{domains[www1]}}:{{ports[https][0]}}';
     16  var same_origin_src = '/permissions-policy/resources/permissions-policy-allowedfeatures.html';
     17  var cross_origin_src = cross_origin + same_origin_src;
     18  var cross_origin_src1 = cross_origin1 + same_origin_src;
     19  var data_src = 'data:text/html,<h1>data: URL</h1>';
     20  // Test permissions policy with same_origin_src and cross_origin_src.
     21  var policies = [
     22    {allow: "*", sameOriginTestExpect: true, crossOriginTestExpect: true, crossOrigin1TestExpect: true, dataOriginTestExpect: true},
     23    {allow: "'self'", sameOriginTestExpect: true, crossOriginTestExpect: false, crossOrigin1TestExpect: false, dataOriginTestExpect: false},
     24    {allow: "'none'", sameOriginTestExpect: false, crossOriginTestExpect: false, crossOrigin1TestExpect: false, dataOriginTestExpect: false},
     25    {allow: "'self' " + cross_origin + " https://www.example.com", sameOriginTestExpect: true, crossOriginTestExpect: true, crossOrigin1TestExpect: false, dataOriginTestExpect: false}];
     26 
     27  // Test that the allow attribute overrides allowfullscreen.
     28  for (var i = 0; i < policies.length; i++) {
     29    test(function() {
     30      test_frame_policy(
     31        'fullscreen', same_origin_src, undefined,
     32        policies[i].sameOriginTestExpect,
     33        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     34    }, 'Test frame policy on same origin iframe with allow = "' + policies[i].allow +
     35       '" and allowfullscreen.');
     36    test(function() {
     37      test_frame_policy(
     38        'fullscreen', cross_origin_src, undefined,
     39        policies[i].crossOriginTestExpect,
     40        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     41    }, 'Test frame policy on cross origin iframe with allow = "' + policies[i].allow +
     42       '" and allowfullscreen.');
     43    test(function() {
     44      test_frame_policy(
     45        'fullscreen', cross_origin_src1, undefined,
     46        policies[i].crossOrigin1TestExpect,
     47        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     48    }, 'Test frame policy on another cross origin iframe with allow = "' + policies[i].allow +
     49       '" and allowfullscreen.');
     50    test(function() {
     51      test_frame_policy(
     52        'fullscreen', undefined, true, policies[i].sameOriginTestExpect,
     53        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     54    }, 'Test frame policy on srcdoc iframe with allow = "' + policies[i].allow +
     55       '" and allowfullscreen.');
     56    test(function() {
     57      test_frame_policy(
     58        'fullscreen', same_origin_src, true, policies[i].sameOriginTestExpect,
     59        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     60    }, 'Test frame policy on srcdoc + same origin iframe with allow = "' + policies[i].allow +
     61       '" and allowfullscreen.');
     62    test(function() {
     63      test_frame_policy(
     64        'fullscreen', cross_origin_src, true, policies[i].sameOriginTestExpect,
     65        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     66    }, 'Test frame policy on srcdoc + cross origin iframe with allow = "' + policies[i].allow +
     67       '" and allowfullscreen.');
     68    test(function() {
     69      test_frame_policy(
     70        'fullscreen', cross_origin_src1, true, policies[i].sameOriginTestExpect,
     71        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     72    }, 'Test frame policy on srcdoc + another cross origin iframe with allow = "' + policies[i].allow +
     73       '" and allowfullscreen.');
     74    test(function() {
     75      test_frame_policy(
     76        'fullscreen', data_src, undefined, policies[i].dataOriginTestExpect,
     77        'fullscreen ' + policies[i].allow + ';', /*allowfullscreen*/true);
     78    }, 'Test frame policy on data: URL cross origin iframe with allow = "' + policies[i].allow +
     79       '" and allowfullscreen.');
     80  }
     81  </script>
     82 </body>
     83 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE