FileAPI/BlobURL/cross-partition-navigation.https.html - external/w3c/web-platform-tests.git - Git at Google

 <!DOCTYPE html>
 <meta charset=utf-8>
 <meta name="timeout" content="long">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
 <script src="/common/dispatcher/dispatcher.js"></script>
 <!-- Pull in executor_path needed by newPopup / newIframe -->
 <script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"></script>
 <!-- Pull in importScript / newPopup / newIframe -->
 <script src="/html/anonymous-iframe/resources/common.js"></script>
 <body>
 <script>

 const navigation_handle_null = "Navigation handle returns null";
 const navigation_handle_not_null = "Navigation handle returns not null";
 const opener_null_response = "Window.opener is null";
 const opener_not_null_response = "Window.opener isn't null";

 const does_blob_url_open_return_handle = (blob_url, response_queue_name) => `
   async function test() {
     const handle = window.open("${blob_url}")
     if (!handle) {
       return send("${response_queue_name}", "${navigation_handle_null}");
     }

     return send("${response_queue_name}", "${navigation_handle_not_null}");
   }
   await test();
 `;

 const add_iframe_js = (iframe_origin, response_queue_uuid) => `
   const importScript = ${importScript};
   await importScript("/html/cross-origin-embedder-policy/credentialless" +
                    "/resources/common.js");
   await importScript("/html/anonymous-iframe/resources/common.js");
   await importScript("/common/utils.js");

   // dispatcher.js has already been loaded by the popup this is running in.
   await send("${response_queue_uuid}", newIframe("${iframe_origin}"));
 `;

 const same_site_origin = get_host_info().HTTPS_ORIGIN;
 const cross_site_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;

 async function create_test_iframes(t, response_queue_uuid) {
   assert_equals("https://" + window.location.host, same_site_origin,
   "this test assumes that the page's window.location.host corresponds to " +
   "get_host_info().HTTPS_ORIGIN");

   // Create a same-origin iframe in a cross-site popup.
   const not_same_site_popup_uuid = newPopup(t, cross_site_origin);
   await send(not_same_site_popup_uuid,
        add_iframe_js(same_site_origin, response_queue_uuid));
   const cross_site_iframe_uuid = await receive(response_queue_uuid);

   // Create a same-origin iframe in a same-site popup.
   const same_origin_popup_uuid = newPopup(t, same_site_origin);
   await send(same_origin_popup_uuid,
        add_iframe_js(same_site_origin, response_queue_uuid));
   const same_site_iframe_uuid = await receive(response_queue_uuid);

   return [cross_site_iframe_uuid, same_site_iframe_uuid];
 }

 const opener_check_frame_html = (noopener_response_queue) => `
   <!doctype html>
   <!-- dispatcher.js requires the baseURI to be set in order to compute
     the server path correctly in the blob URL page. -->
   <base href="${window.location.href}">
   <script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"><\/script>
   <script src="/html/anonymous-iframe/resources/common.js"><\/script>
   <script src="/common/utils.js"><\/script>
   <script src="/common/dispatcher/dispatcher.js"><\/script>
   <script>
     if (window.opener === null) {
       send("${noopener_response_queue}", "${opener_null_response}")
     } else {
       send("${noopener_response_queue}", "${opener_not_null_response}")
     }
   <\/script>
 `;

 // Tests blob URL window.open for same and cross partition iframes.
 promise_test(t => {
   return new Promise(async (resolve, reject) => {
     try {
       // Creates same and cross partition iframes.
       const response_queue_uuid = token();
       const noopener_response_queue = token();

       const [cross_site_iframe_uuid, same_site_iframe_uuid] =
         await create_test_iframes(t, response_queue_uuid);

       const blob = new Blob([opener_check_frame_html(noopener_response_queue)], {type : "text/html"});
       const blob_url = URL.createObjectURL(blob);

       // Attempt to open blob URL in cross partition iframe.
       await send(cross_site_iframe_uuid, does_blob_url_open_return_handle(blob_url, response_queue_uuid));
       const response_1 = await receive(response_queue_uuid);
       if (response_1 !== navigation_handle_null) {
         reject(`Blob URL handle wasn't null in not-same-top-level-site iframe: ${response_1}`);
       }
       const noopener_response_1 = await receive(noopener_response_queue);
       if (noopener_response_1 !== opener_null_response) {
         reject(`Blob URL page opener wasn't null in not-same-top-level-site iframe.`);
       }

       // Attempt to open blob URL in same partition iframe.
       await send(same_site_iframe_uuid, does_blob_url_open_return_handle(blob_url, response_queue_uuid));
       const response_2 = await receive(response_queue_uuid);
       if (response_2 !== navigation_handle_not_null) {
         reject(`Blob URL wasn't opened in same-top-level-site iframe: ${response_2}`);
       }
       const noopener_response_2 = await receive(noopener_response_queue);
       if (noopener_response_2 !== opener_not_null_response) {
         reject(`Blob URL page opener was null in same-top-level-site iframe`);
       }
       resolve();
     } catch (e) {
       reject(e);
     }
   });
 }, "Blob URL window.open should enforce noopener for a cross-top-level-site navigation");

 const blob_url_iframe_html = (response_queue_uuid, message) => `
   <!doctype html>
   <!-- dispatcher.js requires the baseURI to be set in order to compute
     the server path correctly in the blob URL page. -->
   <base href="${window.location.href}">
   <script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"><\/script>
   <script src="/html/anonymous-iframe/resources/common.js"><\/script>
   <script src="/common/utils.js"><\/script>
   <script src="/common/dispatcher/dispatcher.js"><\/script>
   <script>
       send("${response_queue_uuid}", "${message}");
   <\/script>
 `;

 const create_iframe_with_blob_url = (blob_url, response_queue_uuid) => `
   const iframe = document.createElement('iframe');
   iframe.src = "${blob_url}";
   iframe.onload = () => {
     const same_site_message = "same_partition_loaded";
     const blob_url_iframe_html = ${blob_url_iframe_html};
     const same_top_level_site_blob = new Blob([blob_url_iframe_html("${response_queue_uuid}", same_site_message)], {type : "text/html"});
     const same_top_level_site_blob_url = URL.createObjectURL(same_top_level_site_blob);
     const iframe2 = document.createElement('iframe');
     iframe2.src = same_top_level_site_blob_url;
     document.body.appendChild(iframe2);
   };
   document.body.appendChild(iframe);
 `;

 // Tests blob URL subframe navigations for same and cross partition iframes.
 promise_test(t => {
   return new Promise(async (resolve, reject) => {
     try {
       // Creates same and cross partition iframes.
       const response_queue_uuid = token();
       const cross_site_message = "cross_partition_loaded";

       const [cross_site_iframe_uuid, same_site_iframe_uuid] =
         await create_test_iframes(t, response_queue_uuid);

       // Create blob URL for the cross-site test.
       const cross_site_blob = new Blob([blob_url_iframe_html(response_queue_uuid, cross_site_message)], {type: "text/html"});
       const cross_site_blob_url = URL.createObjectURL(cross_site_blob);

       // Attempt to open blob URL in cross partition iframe.
       await send(cross_site_iframe_uuid, create_iframe_with_blob_url(cross_site_blob_url, response_queue_uuid));

       const response = await receive(response_queue_uuid);
       if (response === cross_site_message) {
         reject(`Blob URL subframe navigation succeeded in not-same-top-level-site iframe.`);
       }
       resolve();
     } catch (e) {
       reject(e);
     }
   });
 }, "Blob URL should partition subframe navigation.");

 const open_blob_url_window_via_a_click = (blob_url) => `
   const link = document.createElement("a");
   link.href = "${blob_url}";
   link.target = "_blank";
   link.rel = "opener";
   document.body.appendChild(link);
   link.click();
 `;

 // Tests blob URL `<a target="_blank" rel="opener">` click for same and cross partition iframes.
 promise_test(t => {
   return new Promise(async (resolve, reject) => {
     try {
       // Creates same and cross partition iframes.
       const noopener_response_queue = token();

       const [cross_site_iframe_uuid, same_site_iframe_uuid] = await create_test_iframes(t, token());

       const blob = new Blob([opener_check_frame_html(noopener_response_queue)], {type : "text/html"});
       const blob_url = URL.createObjectURL(blob);

       // Attempt to click blob URL in cross partition iframe.
       await send(cross_site_iframe_uuid, open_blob_url_window_via_a_click(blob_url));
       const noopener_response_1 = await receive(noopener_response_queue);
       if (noopener_response_1 !== opener_null_response) {
         reject(`Blob URL page opener wasn't null in not-same-top-level-site iframe.`);
       }

       // Attempt to click blob URL in same partition iframe.
       await send(same_site_iframe_uuid, open_blob_url_window_via_a_click(blob_url));
       const noopener_response_2 = await receive(noopener_response_queue);
       if (noopener_response_2 !== opener_not_null_response) {
         reject(`Blob URL page opener was null in same-top-level-site iframe`);
       }
       resolve();
     } catch (e) {
       reject(e);
     }
   });
 }, "Blob URL link click should enforce noopener for a cross-top-level-site navigation");

 const open_blob_url_window_via_area_click = (blob_url) => `
   const canvas = document.createElement("canvas");
   canvas.height = 1;
   canvas.width = 1;
   const dataURL = canvas.toDataURL();

   const image = document.createElement("img");
   image.src = dataURL;
   document.body.appendChild(image);

   const map = document.createElement("map");
   map.name = "map";
   image.useMap = "#map";
   document.body.appendChild(map);

   const area = document.createElement("area");
   area.shape = "rect";
   area.coords = "0,0,1,1";
   area.href = "${blob_url}";
   area.target = "_blank";
   area.rel = "opener";
   map.appendChild(area);
   area.click();
 `;

 // Tests blob URL `<area target="_blank" rel="opener">` click for same and cross partition iframes.
 promise_test(t => {
   return new Promise(async (resolve, reject) => {
     try {
       // Creates same and cross partition iframes.
       const noopener_response_queue = token();

       const [cross_site_iframe_uuid, same_site_iframe_uuid] = await create_test_iframes(t, token());

       const blob = new Blob([opener_check_frame_html(noopener_response_queue)], {type : "text/html"});
       const blob_url = URL.createObjectURL(blob);

       // Attempt to click blob URL in cross partition iframe.
       await send(cross_site_iframe_uuid, open_blob_url_window_via_area_click(blob_url));
       const noopener_response_1 = await receive(noopener_response_queue);
       if (noopener_response_1 !== opener_null_response) {
         reject(`Blob URL page opener wasn't null in not-same-top-level-site iframe.`);
       }

       // Attempt to click blob URL in same partition iframe.
       await send(same_site_iframe_uuid, open_blob_url_window_via_area_click(blob_url));
       const noopener_response_2 = await receive(noopener_response_queue);
       if (noopener_response_2 !== opener_not_null_response) {
         reject(`Blob URL page opener was null in same-top-level-site iframe`);
       }
       resolve();
     } catch (e) {
       reject(e);
     }
   });
 }, "Blob URL area element click should enforce noopener for a cross-top-level-site navigation");

 </script>
 </body>
	<!DOCTYPE html>
	<meta charset=utf-8>
	<meta name="timeout" content="long">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/common/get-host-info.sub.js"></script>
	<script src="/common/utils.js"></script>
	<script src="/common/dispatcher/dispatcher.js"></script>
	<!-- Pull in executor_path needed by newPopup / newIframe -->
	<script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"></script>
	<!-- Pull in importScript / newPopup / newIframe -->
	<script src="/html/anonymous-iframe/resources/common.js"></script>
	<body>
	<script>

	const navigation_handle_null = "Navigation handle returns null";
	const navigation_handle_not_null = "Navigation handle returns not null";
	const opener_null_response = "Window.opener is null";
	const opener_not_null_response = "Window.opener isn't null";

	const does_blob_url_open_return_handle = (blob_url, response_queue_name) => `
	async function test() {
	const handle = window.open("${blob_url}")
	if (!handle) {
	return send("${response_queue_name}", "${navigation_handle_null}");
	}

	return send("${response_queue_name}", "${navigation_handle_not_null}");
	}
	await test();
	`;

	const add_iframe_js = (iframe_origin, response_queue_uuid) => `
	const importScript = ${importScript};
	await importScript("/html/cross-origin-embedder-policy/credentialless" +
	"/resources/common.js");
	await importScript("/html/anonymous-iframe/resources/common.js");
	await importScript("/common/utils.js");

	// dispatcher.js has already been loaded by the popup this is running in.
	await send("${response_queue_uuid}", newIframe("${iframe_origin}"));
	`;

	const same_site_origin = get_host_info().HTTPS_ORIGIN;
	const cross_site_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;

	async function create_test_iframes(t, response_queue_uuid) {
	assert_equals("https://" + window.location.host, same_site_origin,
	"this test assumes that the page's window.location.host corresponds to " +
	"get_host_info().HTTPS_ORIGIN");

	// Create a same-origin iframe in a cross-site popup.
	const not_same_site_popup_uuid = newPopup(t, cross_site_origin);
	await send(not_same_site_popup_uuid,
	add_iframe_js(same_site_origin, response_queue_uuid));
	const cross_site_iframe_uuid = await receive(response_queue_uuid);

	// Create a same-origin iframe in a same-site popup.
	const same_origin_popup_uuid = newPopup(t, same_site_origin);
	await send(same_origin_popup_uuid,
	add_iframe_js(same_site_origin, response_queue_uuid));
	const same_site_iframe_uuid = await receive(response_queue_uuid);

	return [cross_site_iframe_uuid, same_site_iframe_uuid];
	}

	const opener_check_frame_html = (noopener_response_queue) => `
	<!doctype html>
	<!-- dispatcher.js requires the baseURI to be set in order to compute
	the server path correctly in the blob URL page. -->
	<base href="${window.location.href}">
	<script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"><\/script>
	<script src="/html/anonymous-iframe/resources/common.js"><\/script>
	<script src="/common/utils.js"><\/script>
	<script src="/common/dispatcher/dispatcher.js"><\/script>
	<script>
	if (window.opener === null) {
	send("${noopener_response_queue}", "${opener_null_response}")
	} else {
	send("${noopener_response_queue}", "${opener_not_null_response}")
	}
	<\/script>
	`;

	// Tests blob URL window.open for same and cross partition iframes.
	promise_test(t => {
	return new Promise(async (resolve, reject) => {
	try {
	// Creates same and cross partition iframes.
	const response_queue_uuid = token();
	const noopener_response_queue = token();

	const [cross_site_iframe_uuid, same_site_iframe_uuid] =
	await create_test_iframes(t, response_queue_uuid);

	const blob = new Blob([opener_check_frame_html(noopener_response_queue)], {type : "text/html"});
	const blob_url = URL.createObjectURL(blob);

	// Attempt to open blob URL in cross partition iframe.
	await send(cross_site_iframe_uuid, does_blob_url_open_return_handle(blob_url, response_queue_uuid));
	const response_1 = await receive(response_queue_uuid);
	if (response_1 !== navigation_handle_null) {
	reject(`Blob URL handle wasn't null in not-same-top-level-site iframe: ${response_1}`);
	}
	const noopener_response_1 = await receive(noopener_response_queue);
	if (noopener_response_1 !== opener_null_response) {
	reject(`Blob URL page opener wasn't null in not-same-top-level-site iframe.`);
	}

	// Attempt to open blob URL in same partition iframe.
	await send(same_site_iframe_uuid, does_blob_url_open_return_handle(blob_url, response_queue_uuid));
	const response_2 = await receive(response_queue_uuid);
	if (response_2 !== navigation_handle_not_null) {
	reject(`Blob URL wasn't opened in same-top-level-site iframe: ${response_2}`);
	}
	const noopener_response_2 = await receive(noopener_response_queue);
	if (noopener_response_2 !== opener_not_null_response) {
	reject(`Blob URL page opener was null in same-top-level-site iframe`);
	}
	resolve();
	} catch (e) {
	reject(e);
	}
	});
	}, "Blob URL window.open should enforce noopener for a cross-top-level-site navigation");

	const blob_url_iframe_html = (response_queue_uuid, message) => `
	<!doctype html>
	<!-- dispatcher.js requires the baseURI to be set in order to compute
	the server path correctly in the blob URL page. -->
	<base href="${window.location.href}">
	<script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"><\/script>
	<script src="/html/anonymous-iframe/resources/common.js"><\/script>
	<script src="/common/utils.js"><\/script>
	<script src="/common/dispatcher/dispatcher.js"><\/script>
	<script>
	send("${response_queue_uuid}", "${message}");
	<\/script>
	`;

	const create_iframe_with_blob_url = (blob_url, response_queue_uuid) => `
	const iframe = document.createElement('iframe');
	iframe.src = "${blob_url}";
	iframe.onload = () => {
	const same_site_message = "same_partition_loaded";
	const blob_url_iframe_html = ${blob_url_iframe_html};
	const same_top_level_site_blob = new Blob([blob_url_iframe_html("${response_queue_uuid}", same_site_message)], {type : "text/html"});
	const same_top_level_site_blob_url = URL.createObjectURL(same_top_level_site_blob);
	const iframe2 = document.createElement('iframe');
	iframe2.src = same_top_level_site_blob_url;
	document.body.appendChild(iframe2);
	};
	document.body.appendChild(iframe);
	`;

	// Tests blob URL subframe navigations for same and cross partition iframes.
	promise_test(t => {
	return new Promise(async (resolve, reject) => {
	try {
	// Creates same and cross partition iframes.
	const response_queue_uuid = token();
	const cross_site_message = "cross_partition_loaded";

	const [cross_site_iframe_uuid, same_site_iframe_uuid] =
	await create_test_iframes(t, response_queue_uuid);

	// Create blob URL for the cross-site test.
	const cross_site_blob = new Blob([blob_url_iframe_html(response_queue_uuid, cross_site_message)], {type: "text/html"});
	const cross_site_blob_url = URL.createObjectURL(cross_site_blob);

	// Attempt to open blob URL in cross partition iframe.
	await send(cross_site_iframe_uuid, create_iframe_with_blob_url(cross_site_blob_url, response_queue_uuid));

	const response = await receive(response_queue_uuid);
	if (response === cross_site_message) {
	reject(`Blob URL subframe navigation succeeded in not-same-top-level-site iframe.`);
	}
	resolve();
	} catch (e) {
	reject(e);
	}
	});
	}, "Blob URL should partition subframe navigation.");

	const open_blob_url_window_via_a_click = (blob_url) => `
	const link = document.createElement("a");
	link.href = "${blob_url}";
	link.target = "_blank";
	link.rel = "opener";
	document.body.appendChild(link);
	link.click();
	`;

	// Tests blob URL `<a target="_blank" rel="opener">` click for same and cross partition iframes.
	promise_test(t => {
	return new Promise(async (resolve, reject) => {
	try {
	// Creates same and cross partition iframes.
	const noopener_response_queue = token();

	const [cross_site_iframe_uuid, same_site_iframe_uuid] = await create_test_iframes(t, token());

	const blob = new Blob([opener_check_frame_html(noopener_response_queue)], {type : "text/html"});
	const blob_url = URL.createObjectURL(blob);

	// Attempt to click blob URL in cross partition iframe.
	await send(cross_site_iframe_uuid, open_blob_url_window_via_a_click(blob_url));
	const noopener_response_1 = await receive(noopener_response_queue);
	if (noopener_response_1 !== opener_null_response) {
	reject(`Blob URL page opener wasn't null in not-same-top-level-site iframe.`);
	}

	// Attempt to click blob URL in same partition iframe.
	await send(same_site_iframe_uuid, open_blob_url_window_via_a_click(blob_url));
	const noopener_response_2 = await receive(noopener_response_queue);
	if (noopener_response_2 !== opener_not_null_response) {
	reject(`Blob URL page opener was null in same-top-level-site iframe`);
	}
	resolve();
	} catch (e) {
	reject(e);
	}
	});
	}, "Blob URL link click should enforce noopener for a cross-top-level-site navigation");

	const open_blob_url_window_via_area_click = (blob_url) => `
	const canvas = document.createElement("canvas");
	canvas.height = 1;
	canvas.width = 1;
	const dataURL = canvas.toDataURL();

	const image = document.createElement("img");
	image.src = dataURL;
	document.body.appendChild(image);

	const map = document.createElement("map");
	map.name = "map";
	image.useMap = "#map";
	document.body.appendChild(map);

	const area = document.createElement("area");
	area.shape = "rect";
	area.coords = "0,0,1,1";
	area.href = "${blob_url}";
	area.target = "_blank";
	area.rel = "opener";
	map.appendChild(area);
	area.click();
	`;

	// Tests blob URL `<area target="_blank" rel="opener">` click for same and cross partition iframes.
	promise_test(t => {
	return new Promise(async (resolve, reject) => {
	try {
	// Creates same and cross partition iframes.
	const noopener_response_queue = token();

	const [cross_site_iframe_uuid, same_site_iframe_uuid] = await create_test_iframes(t, token());

	const blob = new Blob([opener_check_frame_html(noopener_response_queue)], {type : "text/html"});
	const blob_url = URL.createObjectURL(blob);

	// Attempt to click blob URL in cross partition iframe.
	await send(cross_site_iframe_uuid, open_blob_url_window_via_area_click(blob_url));
	const noopener_response_1 = await receive(noopener_response_queue);
	if (noopener_response_1 !== opener_null_response) {
	reject(`Blob URL page opener wasn't null in not-same-top-level-site iframe.`);
	}

	// Attempt to click blob URL in same partition iframe.
	await send(same_site_iframe_uuid, open_blob_url_window_via_area_click(blob_url));
	const noopener_response_2 = await receive(noopener_response_queue);
	if (noopener_response_2 !== opener_not_null_response) {
	reject(`Blob URL page opener was null in same-top-level-site iframe`);
	}
	resolve();
	} catch (e) {
	reject(e);
	}
	});
	}, "Blob URL area element click should enforce noopener for a cross-top-level-site navigation");

	</script>
	</body>