content/test/data/cross_site_iframe_factory.html

<html>
<!-- This page can create whatever iframe structure you want, across whatever
sites you want. This is useful for testing site isolation.

Example usage in a browsertest, explained:

  GURL url = embedded_test_server()->
      GetURL("a.com", "/cross_site_iframe_factory.html?a(b(c,d))");

When you navigate to the above URL, the outer document (on a.com) will create a
single iframe:

  <iframe id="child-0" src="http://b.com:1234/cross_site_iframe_factory.html?b(c(),d())">

Inside of which, then, are created the two leaf iframes:

  <iframe id="child-0" src="http://c.com:1234/cross_site_iframe_factory.html?c()">
  <iframe id="child-1" src="http://d.com:1234/cross_site_iframe_factory.html?d()">

Add iframe options by enclosing them in '{' and '}' characters after the
hostname (multiple options can be separated with commas):

  cross_site_iframe_factory.html?a(b{allowfullscreen}(),c{sandbox-allow-scripts}(d))

Will create two iframes:

  <iframe id="child-0" src="http://a.com:1234/cross_site_iframe_factory.html?b()" allowfullscreen>
  <iframe id="child-1" src="http://c.com:1234/cross_site_iframe_factory.html?c{sandbox-allow-scripts}(d())" sandbox="allow-scripts">

To specify the site for each iframe, you can use a simple identifier like "a"
or "b", and ".com" will be automatically appended. You can also specify a port
number to use for each site by using a label like "a:12345". If no port number
is given, the port will default to the port number of the top level frame.

These options are supported:

  allowfullscreen
  allowpaymentrequest
  allow-{featurename} - Adds {featurename} to the "allow" attribute
  sandbox-{flagname} - Adds {flagname} to the "sandbox" attribute

To make this page work, your browsertest needs a MockHostResolver, like:

  void SetUpOnMainThread() override {
    host_resolver()->AddRule("*", "127.0.0.1");
    ASSERT_TRUE(embedded_test_server()->Start());
  }

You can play around with the arguments by loading this page via file://, but
you probably won't get the same process behavior as if you loaded via http. -->
<head>
<title>Cross-site iframe factory</title>
<style>
body {
  font-family: "DejaVu Sans", Sans-Serif;
  text-align: center;
}
iframe {
  border-radius: 7px;
  border-style: solid;
  vertical-align: top;
  margin: 2px;
  box-shadow: 2px 2px 2px #888888;
}
</style>
</head>
<body>
<h2 id='siteNameHeading'></h2>


<script src='tree_parser_util.js'></script>
<script type='text/javascript'>

/**
 * Determines a random pastel-ish color from the first character of a string.
 */
function pastelColorForFirstCharacter(seedString, lightness) {
  // Map the first character to an index. This could be negative, we don't
  // really care.
  var index = seedString.charCodeAt(0) - 'a'.charCodeAt(0);

  // If the first character is 'a', this will the the starting color.
  var hueOfA = 200;  // Spoiler alert: it's blue.

  // Color palette generation articles suggest that spinning the hue wheel by
  // the golden ratio yields a magically nice color distribution. Something
  // about sunflower seeds. I am skeptical of the rigor of that claim (probably
  // any irrational number at a slight offset from 2/3 would do) but it does
  // look pretty.
  var phi = 2 / (1 + Math.pow(5, .5));
  var hue = Math.round((360 * index * phi + hueOfA) % 360);
  return 'hsl(' + hue + ', 60%, ' + Math.round(100 * lightness) + '%)';
}

function backgroundColorForSite(site) {
  // Light pastel.
  return pastelColorForFirstCharacter(site, .75);
}

function borderColorForSite(site) {
  // Darker color in the same hue has the background.
  return pastelColorForFirstCharacter(site, .32);
}


/**
 * Extract the specified port number, if any. Returns empty string if not
 * specified.
 */
function sitePortNumber(siteString) {
  let index = siteString.indexOf(':');
  if (index == -1)
    return ""
  return siteString.substring(index + 1);
}

/**
 * Adds ".com" to an argument if it doesn't already have a top level domain.
 * This cuts down on noise in the query string, letting you use single-letter
 * names. Adds the specified port number, if any, or the default port otherwise.
 */
function canonicalizeSiteAndPort(siteString, defaultPort) {
  var portNumber = sitePortNumber(siteString) || defaultPort;
  var hostName = siteString.split(':')[0];
  if (hostName !== "localhost" && hostName.indexOf('.') == -1)
    hostName = hostName + '.com';
  return hostName + (portNumber ? ':' + portNumber : "");
}

/**
 * Parses the list of iframe options and applies them to the provided element.
 */
function applyIFrameOptions(element, options) {
  var sandbox = false;
  var sandboxArguments = [];
  var allowFeatures = [];
  for (var option of options) {
    if (option == "allowfullscreen") {
      element.allowFullscreen = true;
    }
    if (option == "allowpaymentrequest") {
      element.allowPaymentRequest = true;
    }
    if (option == "sandbox") {
      sandbox = true;
    }
    if (option.startsWith("sandbox-")) {
      sandbox = true;
      sandboxArguments.push(option.slice(8));
    }
    if (option.startsWith("allow-")) {
      allowFeatures.push(option.slice(6))
    }
  }
  if (sandbox) {
    element.sandbox = sandboxArguments.join(" ");
  }
  if (allowFeatures.length) {
    element.allow = allowFeatures.join(" ");
  }
}

/**
 * Determines whether or not text should be rendered by checking whether
 * "no-text-render" is among the list of attributes.
 */
function shouldRenderText(attributes) {
  for (var attribute of attributes) {
    if (attribute == "no-text-render") {
      return false;
    }
  }
  return true;
}

/**
 * Determines whether or not the frame should be positioned outside of
 * its parent frame by checking whether "out-of-view" is among the list
 * of attributes.
 */
function renderOutsideParentView(attributes) {
  for (var attribute of attributes) {
    if (attribute == "out-of-view") {
      return true;
    }
  }
  return false;
}

/**
 * Simple recursive layout heuristic, since frames can't size themselves.
 * This scribbles .layoutX and .layoutY properties into |tree|.
 */
function layout(tree) {
  // Step 1: layout children.
  var numFrames = tree.children.length;
  for (var i = 0; i < numFrames; i++) {
    layout(tree.children[i]);
  }

  // Step 2: find largest child.
  var largestChildX = 0;
  var largestChildY = 0;
  for (var i = 0; i < numFrames; i++) {
    largestChildX = Math.max(largestChildX, tree.children[i].layoutX);
    largestChildY = Math.max(largestChildY, tree.children[i].layoutY);
  }

  // Step 3: Tweakable control parameters.
  var minX = 110;  // Should be wide enough to fit a decent sized domain.
  var minY = 110;  // Could be less, but squares look nice.
  var extraYPerLevel = 50;  // Needs to be tall enough to fit a line of text.
  var extraXPerLevel = 50;  // Could be less, but squares look nice.

  // Account for padding around each <iframe>.
  largestChildX += 30;
  largestChildY += 30;

  // Step 4: Assume a gridSizeX-by-gridSizeY layout that's big enough to fit if
  // all children were the size of the largest one.
  var gridSizeX = Math.ceil(Math.sqrt(numFrames));
  var gridSizeY = Math.round(Math.sqrt(numFrames));
  tree.layoutX = Math.max(gridSizeX * largestChildX + extraXPerLevel, minX);
  tree.layoutY = Math.max(gridSizeY * largestChildY + extraYPerLevel, minY);
}

function main() {
  var goCrossSite = !window.location.protocol.startsWith('file');
  var queryString = decodeURIComponent(window.location.search.substring(1));
  var frameTree = TreeParserUtil.parse(queryString);
  var currentSite = canonicalizeSiteAndPort(frameTree.value, "");

  // Render text unless the attribute "no-text-render" is specified, in which
  // case load some bytes anyway in order to trigger histogram recording for
  // ad metrics tests.
  if (shouldRenderText(frameTree.attributes)) {
      document.getElementById('siteNameHeading').appendChild(
          document.createTextNode(currentSite));
  }

  // Apply style to the current document.
  document.body.style.backgroundColor = backgroundColorForSite(currentSite);

  // Determine how big the children should be (using a very rough heuristic).
  layout(frameTree);

  for (var i = 0; i < frameTree.children.length; i++) {
    // Compute the URL for this iframe.
    var siteAndPort = canonicalizeSiteAndPort(frameTree.children[i].value, window.location.port);
    var subtreeString = TreeParserUtil.flatten(frameTree.children[i]);
    var url = '';
    url += window.location.protocol + '//';              // scheme (preserved)
    url += goCrossSite ? siteAndPort : window.location.host;    // host and port
    url += window.location.pathname;                     // path (preserved)
    url += '?' + encodeURIComponent(subtreeString);      // query

    // Construct the iframe.
    var iframe = document.createElement('iframe');
    iframe.src = url;
    iframe.id = "child-" + i;
    iframe.style.borderColor = borderColorForSite(siteAndPort);
    iframe.width = frameTree.children[i].layoutX;
    iframe.height = frameTree.children[i].layoutY;

    // If needed, position the iframe.
    if (renderOutsideParentView(frameTree.children[i].attributes)) {
        iframe.style.position = "fixed";
        iframe.style.top = "150%";
        iframe.style.left = "150%";
    }

    // Apply any additional attributes.
    applyIFrameOptions(iframe, frameTree.children[i].attributes);

    // Add the iframe to the document.
    document.body.appendChild(iframe);
  }
}

main();
</script>
</body></html>