tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

select-url-permissions-policy-self.tentative.https.sub.html (2142B)

      1 <!doctype html>
      2 <body>
      3  <script src=/resources/testharness.js></script>
      4  <script src=/resources/testharnessreport.js></script>
      5  <script src=/permissions-policy/resources/permissions-policy.js></script>
      6  <script src="/shared-storage/resources/util.js"></script>
      7  <script>
      8    'use strict';
      9    const same_origin_src = '/shared-storage/resources/select-url-permissions-policy-helper.html';
     10    const same_origin_script = '/shared-storage/resources/simple-module.js';
     11    const cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     12    const cross_origin_src = cross_origin + same_origin_src;
     13    const cross_origin_script = cross_origin + same_origin_script;
     14    const header = 'permissions policy header shared-storage-select-url=(self)';
     15 
     16    promise_test(async t => {
     17      await sharedStorage.worklet.addModule(same_origin_script);
     18      const allowed = await IsSharedStorageSelectUrlAllowed();
     19      assert_true(allowed);
     20    }, header + ' allows sharedStorage.selectURL() in the current page.');
     21 
     22    promise_test(async t => {
     23      const worklet = await sharedStorage.createWorklet(
     24        same_origin_script,
     25        { credentials: "omit" });
     26 
     27      await worklet.selectURL("operation", [{url: "1.html"}]);
     28    }, header + ' allows selectURL() on a same-origin worklet');
     29 
     30    promise_test(async t => {
     31      const worklet = await sharedStorage.createWorklet(
     32        cross_origin_script,
     33        { credentials: "omit", dataOrigin: "script-origin" });
     34 
     35      return promise_rejects_dom(t, "InvalidAccessError",
     36        worklet.selectURL("operation", [{url: "1.html"}]));
     37    }, header + ' disallows selectURL() on a cross-origin worklet');
     38 
     39    async_test(t => {
     40      test_feature_availability('shared-storage-select-url', t, same_origin_src,
     41          expect_feature_available_default);
     42    }, header + ' allows sharedStorage.selectURL() in same-origin iframes.');
     43 
     44    async_test(t => {
     45      test_feature_availability('shared-storage-select-url', t, cross_origin_src,
     46          expect_feature_unavailable_default);
     47    }, header + ' disallows sharedStorage.selectURL() in cross-origin iframes.');
     48  </script>
     49 </body>