File: coop-sandbox.https.html

package info (click to toggle)
thunderbird 1%3A140.4.0esr-1~deb13u1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 4,609,412 kB
  • sloc: cpp: 7,672,442; javascript: 5,901,613; ansic: 3,898,954; python: 1,413,343; xml: 653,997; asm: 462,286; java: 180,927; sh: 113,489; makefile: 20,460; perl: 14,288; objc: 13,059; yacc: 4,583; pascal: 3,352; lex: 1,720; ruby: 1,222; exp: 762; sql: 715; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10
file content (59 lines) | stat: -rw-r--r-- 2,456 bytes parent folder | download | duplicates (22) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
<!doctype html>
<title>Sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
<div id=log>
<script>
[
  "allow-popups allow-scripts allow-same-origin",
  "allow-popups allow-scripts",
].forEach(sandboxValue => {
  async_test(t => {
    const frame = document.createElement("iframe");
    const channel = new BroadcastChannel(token());
    channel.onmessage = t.unreached_func("A COOP popup was created from a sandboxed frame");
    t.add_cleanup(() => frame.remove());
    frame.sandbox = sandboxValue;
    frame.srcdoc = `<script>
  const popup = window.open("resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}");
  <\/script>`;
    document.body.append(frame);
    addEventListener('load', t.step_func(() => {
      // This uses a timeout to give some time for incorrect implementations to broadcast. A
      // theoretical testdriver.js API for browsing contexts could be used to speed this up.
      t.step_timeout(() => {
        t.done()
      }, 1500);
    }));
  }, `<iframe sandbox="${sandboxValue}"> ${document.title}`);
});

// Verify that the popup does not have sandboxing flags set
async_test(t => {
  const frame = document.createElement("iframe");
  const channel = new BroadcastChannel(token());
  channel.onmessage = t.step_func_done();
  t.add_cleanup(() => frame.remove());
  frame.sandbox = "allow-popups allow-scripts allow-popups-to-escape-sandbox";
  frame.srcdoc = `<script>
window.open("resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}");
<\/script>`;
  document.body.append(frame);
}, `<iframe sandbox="allow-popups allow-scripts allow-popups-to-escape-sandbox"> ${document.title}`);

async_test(t => {
  const frame = document.createElement("iframe");
  const channel = new BroadcastChannel(token());
  frame.sandbox = "allow-scripts allow-same-origin";
  frame.name = `iframe-${channel.name}`;
  frame.src = `resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
  channel.onmessage = t.step_func( event => {
    const payload = event.data;
    assert_equals(payload.name, frame.name, "name");
    t.done();
  });
  t.add_cleanup(() => frame.remove());
  document.body.append(frame);
}, `Iframe with sandbox and COOP must load.`);
</script>