File: regression-1399759.https.sub.html

package info (click to toggle)
firefox 144.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,637,504 kB
  • sloc: cpp: 7,576,692; javascript: 6,430,831; ansic: 3,748,119; python: 1,398,978; xml: 628,810; asm: 438,679; java: 186,194; sh: 63,212; makefile: 19,159; objc: 13,086; perl: 12,986; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (100 lines) | stat: -rw-r--r-- 4,254 bytes parent folder | download | duplicates (10) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
<!DOCTYPE html>
<html>
<head>
<meta name="variant" content="?pipe=header(Origin-Agent-Cluster,%3F0)">
<meta name="variant" content="?pipe=header(Origin-Agent-Cluster,%3F1)">
<title>Origin-Isolation after navigating about:blank.</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
</head>
<body>
</body>
<script>
// Regression test for crbug.com/1399759. This is mainly based on
// external/wpt/html/infrastructure/urls/base-url/document-base-url-initiated-grand-parent.https.window.js
// but restricts itself to the exact error condition.
//
// This test is run in two variants which differ in the Origin-Agent-Cluster
// http header values, ?0 and ?1. The test should pass in either case, but the
// regression we're testing for involves inconsistent clustering decisions,
// which requires clustering to be enabled in the first place.
promise_test(async test => {
  // Create a cross-origin iframe. Use the executor.html, so we can ask it
  // to execute scripts for us.
  const child_token = token();
  const iframe = document.createElement("iframe");
  iframe.src = get_host_info().HTTPS_REMOTE_ORIGIN +
    `/common/dispatcher/executor.html?uuid=${child_token}`;
  document.body.appendChild(iframe);

  // The child creates a grand child in an iframe.
  const reply_token = token();
  send(child_token, `
    const iframe = document.createElement("iframe");
    iframe.src = "/common/blank.html";
    iframe.onload = () => {
      send("${reply_token}", "grand child loaded");
    };
    document.body.appendChild(iframe);
  `);
  assert_equals(await receive(reply_token), "grand child loaded");
  const grandchild = iframe.contentWindow[0];

  // Navigate the grand-child toward about:blank.
  grandchild.location = "about:blank";
  assert_equals(await receive(reply_token), "grand child loaded");

  // This document and grandchild are same-origin, because about:blank
  // inherits its origin from the initiator of the navigation, which is us.
  // This access should not throw.
  grandchild.document;
}, "Check the baseURL of an about:blank document cross-origin with its parent");

promise_test(async test => {
  // This tests the same setup as above, but with about:srcdoc. Since one
  // cannot just navigate to about:srcdoc, we'll have to include an extra
  // step: Create an iframe with srcdoc attribute; navigate away; then
  // navigate to about:srcdoc.
  // srcdoc does not inherit the origin from the initiator - unlike
  // about:blank - and so in this case the grandchild.document access should
  // throw.

  // Create a cross-origin iframe. Use the executor.html, so we can ask it
  // to execute scripts for us.
  const child_token = token();
  const iframe = document.createElement("iframe");
  iframe.src = get_host_info().HTTPS_REMOTE_ORIGIN +
    `/common/dispatcher/executor.html?uuid=${child_token}`;
  document.body.appendChild(iframe);

  // The child creates a grand child in an iframe, using the srcdoc attribute.
  const reply_token = token();
  send(child_token, `
    const iframe = document.createElement("iframe");
    iframe.onload = () => {
      send("${reply_token}", "grand child loaded");
    };
    iframe.srcdoc = "nothing interesting";
    document.body.appendChild(iframe);
  `);
  assert_equals(await receive(reply_token), "grand child loaded");
  const grandchild = iframe.contentWindow[0];

  // Navigate the grand child toward a regular URL.
  grandchild.location = get_host_info().HTTPS_REMOTE_ORIGIN + "/common/blank.html";
  assert_equals(await receive(reply_token), "grand child loaded");

  // Navigate the grand-child back, to about:srcdoc.
  grandchild.location = "about:srcdoc";
  assert_equals(await receive(reply_token), "grand child loaded");

  // This document and grandchild are cross-origin. about:srcdoc does not
  // inherits its origin from the initiator of the navigation. This access
  // should throw:
  assert_throws_dom("SecurityError", () => { grandchild.document; });
}, "Check that about:srcdoc navigation does not follow about:blank rules.");
</script>
</html>