File: anonymous-iframe-popup.tentative.https.window.js

package info (click to toggle)
firefox 145.0.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,653,528 kB
  • sloc: cpp: 7,594,999; javascript: 6,459,658; ansic: 3,752,909; python: 1,403,455; xml: 629,809; asm: 438,679; java: 186,421; sh: 67,287; makefile: 19,169; objc: 13,086; perl: 12,982; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (67 lines) | stat: -rw-r--r-- 2,996 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
// META: timeout=long
// META: script=/common/get-host-info.sub.js
// META: script=/common/utils.js
// META: script=/common/dispatcher/dispatcher.js
// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js

const {ORIGIN, REMOTE_ORIGIN} = get_host_info();
const control_iframe = document.createElement('iframe');
const iframe_credentialless = document.createElement('iframe');

promise_setup(async t => {
  const createControlIframe = new Promise(async resolve => {
    control_iframe.onload = resolve;
    control_iframe.src = ORIGIN + `/common/blank.html`;
    document.body.append(control_iframe);
  });

  const createIframeCredentialless = new Promise(async resolve => {
    iframe_credentialless.onload = resolve;
    iframe_credentialless.src = ORIGIN + `/common/blank.html`;
    iframe_credentialless.credentialless = true;
    document.body.append(iframe_credentialless);
  });

  await Promise.all([createControlIframe, createIframeCredentialless]);
});

// Create cross-origin popup from iframes. The opener should be blocked for
// credentialless iframe and work for normal iframe.
promise_test(async t => {
  const control_token = token();
  const control_src = REMOTE_ORIGIN + executor_path + `&uuid=${control_token}`;
  const control_popup = control_iframe.contentWindow.open(control_src);
  add_completion_callback(() => send(control_token, "close();"));
  assert_equals(
    control_popup.opener, control_iframe.contentWindow,
    "Opener from normal iframe should be available.");

  const credentialless_token = token();
  const credentialless_src =
    REMOTE_ORIGIN + executor_path + `&uuid=${credentialless_token}`;
  const credentialless_popup =
    iframe_credentialless.contentWindow.open(credentialless_src);
  add_completion_callback(() => send(credentialless_token, "close();"));
  assert_equals(credentialless_popup, null,
    "Opener from credentialless iframe should be blocked.");
}, 'Cross-origin popup from normal/credentiallessiframes.');

// Create a same-origin popup from iframes. The opener should be blocked for
// credentialless iframe and work for normal iframe.
promise_test(async t => {
  const control_token = token();
  const control_src = ORIGIN + executor_path + `&uuid=${control_token}`;
  const control_popup = control_iframe.contentWindow.open(control_src);
  add_completion_callback(() => send(control_token, "close();"));
  assert_equals(
    control_popup.opener, control_iframe.contentWindow,
    "Opener from normal iframe should be available.");

  const credentialless_token = token();
  const credentialless_src =
    ORIGIN + executor_path + `&uuid=${credentialless_token}`;
  const credentialless_popup = iframe_credentialless.contentWindow.open(credentialless_src);
  add_completion_callback(() => send(credentialless_token, "close();"));
  assert_equals(credentialless_popup, null,
    "Opener from credentialless iframe should be blocked.");
}, 'Same-origin popup from normal/credentialless iframes.');