File: coop-same-origin-allow-popups-document-write.html

package info (click to toggle)
firefox-esr 91.13.0esr-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,375,652 kB
  • sloc: cpp: 5,762,054; javascript: 5,481,714; ansic: 3,121,191; python: 851,492; asm: 331,172; xml: 178,949; java: 155,554; sh: 63,704; makefile: 20,127; perl: 12,825; yacc: 4,583; cs: 3,846; objc: 3,026; lex: 1,720; exp: 762; pascal: 635; php: 436; lisp: 260; awk: 231; ruby: 103; sed: 53; sql: 46; csh: 45
file content (61 lines) | stat: -rw-r--r-- 2,262 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="./resources/dispatcher.js"></script>
<script>

/*
  Regression test for: https://crbug.com/1216244
  From a window using Cross-Origin-Opener-Policy:same-origin-allow-popup, open
  a new blank window and navigate it cross-origin using document.write and a
  meta refresh. The openee/opener relationship must hold.
*/

const directory = '/html/cross-origin-opener-policy';
const executor_path = directory + '/resources/executor.html?pipe=';
const coep_soap =
  "|header(Cross-Origin-Opener-Policy,same-origin-allow-popups)";
const same_origin = get_host_info().HTTPS_ORIGIN;
const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;

promise_test(async t => {
  // This window:
  const this_window_token = token();

  // The opener, using COEP:same-origin-allow-popups:
  const opener_token = token();
  const opener_url = same_origin + executor_path + coep_soap +
    `&uuid=${opener_token}`;
  const opener = window.open(opener_url);

  // Open a blank window, then use document.write and a meta refresh to navigate
  // cross-origin.
  const openee_token = token();
  const openee_url = cross_origin + executor_path + `&uuid=${openee_token}`;
  send(opener_token, `
    openee = window.open();
    openee.document.write(\`
      <meta http-equiv="refresh" content="0; url=${openee_url}">
    \`);
    openee.document.close();
  `);

  // Check the openee is loaded and has access to its opener.
  send(openee_token, `
    send("${this_window_token}", opener != null)
    send("${this_window_token}", opener.closed);
  `);
  assert_equals(await receive(this_window_token), "true", "opener exists");
  assert_equals(await receive(this_window_token), "false", "opener not closed");

  // Check the opener has still access to its openee.
  send(opener_token, `
    send("${this_window_token}", openee != null)
    send("${this_window_token}", openee.closed);
  `);
  assert_equals(await receive(this_window_token), "true", "openee exists");
  assert_equals(await receive(this_window_token), "false", "openee not closed");
});
</script>