File: cookieStore_opaque_origin.https.html

package info (click to toggle)
firefox 149.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,767,760 kB
  • sloc: cpp: 7,416,064; javascript: 6,752,859; ansic: 3,774,850; python: 1,250,473; xml: 641,578; asm: 439,191; java: 186,617; sh: 56,634; makefile: 18,856; objc: 13,092; perl: 12,763; pascal: 5,960; yacc: 4,583; cs: 3,846; lex: 1,720; ruby: 1,002; php: 436; lisp: 258; awk: 105; sql: 66; sed: 53; csh: 10; exp: 6
file content (85 lines) | stat: -rw-r--r-- 2,763 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
<!DOCTYPE html>
<meta charset=utf-8>
<title>Cookie Store API: Opaque origins for cookieStore</title>
<link rel=help href="https://cookiestore.spec.whatwg.org/">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>

const apiCalls = {
  'get': 'cookieStore.get("cookie-name")',
  'getAll': 'cookieStore.getAll()',
  'set': 'cookieStore.set("cookie-name", "cookie-value")',
  'delete': 'cookieStore.delete("cookie-name")'
};

const script = `
<script>
  "use strict";
  window.onmessage = async () => {
    try {
      await %s;
      window.parent.postMessage({result: "no exception"}, "*");
    } catch (ex) {
      window.parent.postMessage({result: ex.name}, "*");
    };
  };
<\/script>
`;

function load_iframe(apiCall, sandbox) {
  return new Promise(resolve => {
    const iframe = document.createElement('iframe');
    iframe.onload = () => { resolve(iframe); };
    if (sandbox)
      iframe.sandbox = sandbox;
    iframe.srcdoc = script.replace('%s', apiCall);
    iframe.style.display = 'none';
    document.documentElement.appendChild(iframe);
  });
}

function wait_for_message(iframe) {
  return new Promise(resolve => {
    self.addEventListener('message', function listener(e) {
      if (e.source === iframe.contentWindow) {
        resolve(e.data);
        self.removeEventListener('message', listener);
      }
    });
  });
}

promise_test(async t => {
  for (apiCall in apiCalls) {
    const iframe = await load_iframe(apiCalls[apiCall]);
    iframe.contentWindow.postMessage({}, '*');
    const message = await wait_for_message(iframe);
    assert_equals(message.result, 'no exception',
      'cookieStore ${apiCall} should not throw');
  }
}, 'cookieStore in non-sandboxed iframe should not throw');

promise_test(async t => {
  for (apiCall in apiCalls) {
    const iframe = await load_iframe(apiCalls[apiCall], 'allow-scripts');
    iframe.contentWindow.postMessage({}, '*');
    const message = await wait_for_message(iframe);
    assert_equals(message.result, 'SecurityError',
      'cookieStore ${apiCall} should throw SecurityError');
  }
}, 'cookieStore in sandboxed iframe should throw SecurityError');

promise_test(async t => {
  const apiCall = 'cookieStore.addEventListener("change", e => {})';

  // Adding a listener in sandboxed iframe doesn't throw, since that would not
  // be consistent with how EventTarget is spec'd.
  const iframe = await load_iframe(apiCall, 'allow-scripts');
  iframe.contentWindow.postMessage({}, '*');
  const message = await wait_for_message(iframe);
  assert_equals(message.result, 'no exception',
                'cookieStore.addEventListener should not throw');
}, 'cookieStore in sandboxed iframe --- listener access');

</script>