tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

iframes.sub.html (5036B)

      1 <!doctype html>
      2 <title>Navigating to text fragment directives in iframes</title>
      3 <meta charset=utf-8>
      4 <meta name="timeout" content="long">
      5 <link rel="help" href="https://wicg.github.io/ScrollToTextFragment/">
      6 <script src="/resources/testharness.js"></script>
      7 <script src="/resources/testharnessreport.js"></script>
      8 <script>
      9  function getResult(iframe) {
     10    return new Promise((resolve) => {
     11      window.addEventListener('message', (e) => {
     12        resolve(e.data);
     13      }, {once: true});
     14      iframe.contentWindow.postMessage('getResult', '*');
     15    });
     16  }
     17 
     18  function reset(iframe) {
     19    return new Promise((resolve) => {
     20      window.addEventListener('message', (e) => {
     21        resolve();
     22      }, {once: true});
     23      iframe.contentWindow.postMessage('reset', '*');
     24    });
     25  }
     26 
     27  function runTests() {
     28    const attribute_iframe = document.getElementById('srcattrib');
     29    const sameorigin_iframe = document.getElementById('sameorigin');
     30    const crossorigin_iframe = document.getElementById('crossorigin');
     31 
     32    // Check behavior that occurs when a text fragment is specified directly in
     33    // an iframe's src attribute. We expect the text fragment to be blocked.
     34    promise_test(t => new Promise(async resolve => {
     35        // No reset since we're checking the hash specified in the `src` attribute.
     36        const data = await getResult(attribute_iframe);
     37        resolve(data);
     38      }).then( data => {
     39        assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
     40        assert_equals(data.scrollPosition, 'top', 'Should not scroll to text fragment');
     41    }), 'Text fragment specified in iframe.src');
     42 
     43    // Check behavior when we set a text fragment using script from a
     44    // same-origin parent. The text fragment should be allowed because this is
     45    // a same-document navigation initiated by an origin that's same-origin
     46    // with the current document.
     47    promise_test(t => new Promise(async resolve => {
     48        await reset(sameorigin_iframe);
     49        sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#:~:text=Target`;
     50        const data = await getResult(sameorigin_iframe);
     51        resolve(data);
     52      }).then( data => {
     53        assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
     54        assert_equals(data.scrollPosition, 'target', 'Should scroll to text fragment');
     55    }), 'Navigate same-origin iframe via window.location');
     56 
     57    // Check behavior when we set a text fragment using script from a
     58    // cross-origin parent. The text fragment should be blocked because the
     59    // initiating origin is not same-origin with the current document.
     60    promise_test(t => new Promise(async resolve => {
     61        await reset(crossorigin_iframe);
     62        crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#:~:text=Target`;
     63        const data = await getResult(crossorigin_iframe);
     64        resolve(data);
     65      }).then( data => {
     66        assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
     67        assert_equals(data.scrollPosition, 'top', 'Should not to scroll to text fragment.');
     68    }), 'Navigate cross-origin iframe via window.location');
     69 
     70    // Check the element-id fallback behavior when the text is not found. We
     71    // should fallback to a regular element-id hash navigation.
     72    promise_test(t => new Promise(async resolve => {
     73        await reset(sameorigin_iframe);
     74        sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#elementid:~:text=NonExistentText`;
     75        const data = await getResult(sameorigin_iframe);
     76        resolve(data);
     77      }).then( data => {
     78        assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.');
     79    }), 'Non-matching text with element-id fallback');
     80 
     81    // Check the element-id fallback behaviour when used across origins. The
     82    // text fragment should be blocked across origins but the element id hash
     83    // should not.
     84    promise_test(t => new Promise(async resolve => {
     85        await reset(crossorigin_iframe);
     86        crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#elementid:~:text=Target%20Text`;
     87        const data = await getResult(crossorigin_iframe);
     88        resolve(data);
     89      }).then( data => {
     90        assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.');
     91    }), 'Cross-origin with element-id fallback');
     92  }
     93 </script>
     94 <style>
     95  iframe {
     96    width: 100px;
     97    height: 100px;
     98  }
     99 </style>
    100 <body onload="runTests()">
    101  <div>
    102    Same-Origin with text fragment in src attribute:
    103    <iframe id="srcattrib" src="iframe-target.html#:~:text=Target"></iframe>
    104  </div>
    105  <div>
    106    Same-Origin:
    107    <iframe id="sameorigin" src="iframe-target.html"></iframe>
    108  </div>
    109  <div>
    110    Cross-Origin:
    111    <iframe id="crossorigin" src="http://{{hosts[][www]}}:{{ports[http][0]}}/scroll-to-text-fragment/iframe-target.html"></iframe>
    112  </div>
    113 </body>