fenced-frame/disallowed-navigations.https.html - external/w3c/web-platform-tests.git - Git at Google

 <!DOCTYPE html>
 <title>Fenced frame disallowed navigations</title>
 <meta name="timeout" content="long">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/dispatcher/dispatcher.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
 <script src="resources/utils.js"></script>
 <script src="/fetch/private-network-access/resources/support.sub.js"></script>

 <body>

 <script>
 // Baseline tests:
 //   - Embedder can navigate iframe to blob: URL
 //   - Embedder can navigate iframe to data: URL
 //   - Same-origin embedder can navigate iframe to javascript: URL
 //   - Embedder can navigate iframe to http: URL
 // Fenced frame tests:
 //   - Embedder cannot navigate fenced frame to blob: URL
 //   - Embedder cannot navigate fenced frame to data: URL
 //   - Same-origin embedder cannot navigate fenced frame to
 //     javascript: URL
 //   - Embedder cannot navigate fenced frame to http: URL

 // Fenced frames are always put in the public IP address space which is the
 // least privileged. In case a navigation to a local data: URL or blob: URL
 // resource is allowed, they would only be able to fetch things that are *also*
 // in the public IP address space. So for the document described by these local
 // URLs, we'll set them up to only communicate back to the outer page via
 // resources obtained in the public address space.
 const kPublicUtils = resolveUrl("resources/utils.js", Server.HTTPS_PUBLIC);

 // These are just baseline tests asserting that this test's machinery to load
 // blob:, data:, and javascript: URLs work properly in contexts where they are
 // expected to.
 promise_test(async () => {
   const key = token();
   attachIFrame(`data:text/html, ${createLocalSource(key, kPublicUtils)}`);
   const result = await nextValueFromServer(key);
   assert_equals(result, "LOADED");
 }, "iframe data: URL");

 promise_test(async () => {
   const key = token();
   const blobURL = URL.createObjectURL(
       new Blob([`${createLocalSource(key, kPublicUtils)}`],
                {type: 'text/html'}));
   attachIFrame(blobURL);
   const result = await nextValueFromServer(key);
   assert_equals(result, "LOADED");
 }, "iframe blob: URL");

 promise_test(async () => {
   const iframe = attachIFrameContext();
   iframe.src = "javascript:window.jsURLExecuted = true;"
   await iframe.execute(async () => {
     assert_equals(window.jsURLExecuted, true);
   });
 }, "iframe javascript: URL");

 // The following tests ensure that an embedder cannot navigate a fenced frame
 // to:
 //   - data: URLs
 //   - blob: URLs
 //   - javascript: URLs
 //   - http: URLs
 function getTimeoutPromise(t) {
   return new Promise(resolve =>
       t.step_timeout(() => resolve("NOT LOADED"), 2000));
 }

 promise_test(async t => {
   const key = token();
   attachFencedFrame(`data:text/html, ${createLocalSource(key, kPublicUtils)}`);
   const loaded_promise = nextValueFromServer(key);
   const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
   assert_equals(result, "NOT LOADED");
 }, `fenced frame data: URL`);

 promise_test(async t => {
   const key = token();
   const blobURL = URL.createObjectURL(
       new Blob([`${createLocalSource(key, kPublicUtils)}`],
                {type: 'text/html'}));
   attachFencedFrame(blobURL);
   const loaded_promise = nextValueFromServer(key);
   const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
   assert_equals(result, "NOT LOADED");
 }, `fenced frame blob: URL`);

 promise_test(async t => {
   const fencedframe = attachFencedFrameContext();
   fencedframe.src = "javascript:window.jsURLExecuted = true;"
   // Just in case the javascript URL executes asynchronously, let's wait for
   // it.
   await getTimeoutPromise(t);
   await fencedframe.execute(async () => {
     assert_equals(window.jsURLExecuted, undefined);
   });
 }, `fenced frame javascript: URL`);

 promise_test(async t => {
   const key = token();
   let http_url = new URL("resources/embeddee.html",
       get_host_info().HTTP_ORIGIN + location.pathname);
   http_url = generateURL(http_url, [key]);
   assert_equals(http_url.protocol, "http:");
   const fencedframe = attachFencedFrame(http_url);
   const loaded_promise = nextValueFromServer(key);
   const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
   assert_equals(result, "NOT LOADED");
 }, `fenced frame http: URL`);

 </script>

 </body>
	<!DOCTYPE html>
	<title>Fenced frame disallowed navigations</title>
	<meta name="timeout" content="long">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/common/dispatcher/dispatcher.js"></script>
	<script src="/common/get-host-info.sub.js"></script>
	<script src="/common/utils.js"></script>
	<script src="resources/utils.js"></script>
	<script src="/fetch/private-network-access/resources/support.sub.js"></script>

	<body>

	<script>
	// Baseline tests:
	// - Embedder can navigate iframe to blob: URL
	// - Embedder can navigate iframe to data: URL
	// - Same-origin embedder can navigate iframe to javascript: URL
	// - Embedder can navigate iframe to http: URL
	// Fenced frame tests:
	// - Embedder cannot navigate fenced frame to blob: URL
	// - Embedder cannot navigate fenced frame to data: URL
	// - Same-origin embedder cannot navigate fenced frame to
	// javascript: URL
	// - Embedder cannot navigate fenced frame to http: URL

	// Fenced frames are always put in the public IP address space which is the
	// least privileged. In case a navigation to a local data: URL or blob: URL
	// resource is allowed, they would only be able to fetch things that are also
	// in the public IP address space. So for the document described by these local
	// URLs, we'll set them up to only communicate back to the outer page via
	// resources obtained in the public address space.
	const kPublicUtils = resolveUrl("resources/utils.js", Server.HTTPS_PUBLIC);

	// These are just baseline tests asserting that this test's machinery to load
	// blob:, data:, and javascript: URLs work properly in contexts where they are
	// expected to.
	promise_test(async () => {
	const key = token();
	attachIFrame(`data:text/html, ${createLocalSource(key, kPublicUtils)}`);
	const result = await nextValueFromServer(key);
	assert_equals(result, "LOADED");
	}, "iframe data: URL");

	promise_test(async () => {
	const key = token();
	const blobURL = URL.createObjectURL(
	new Blob([`${createLocalSource(key, kPublicUtils)}`],
	{type: 'text/html'}));
	attachIFrame(blobURL);
	const result = await nextValueFromServer(key);
	assert_equals(result, "LOADED");
	}, "iframe blob: URL");

	promise_test(async () => {
	const iframe = attachIFrameContext();
	iframe.src = "javascript:window.jsURLExecuted = true;"
	await iframe.execute(async () => {
	assert_equals(window.jsURLExecuted, true);
	});
	}, "iframe javascript: URL");

	// The following tests ensure that an embedder cannot navigate a fenced frame
	// to:
	// - data: URLs
	// - blob: URLs
	// - javascript: URLs
	// - http: URLs
	function getTimeoutPromise(t) {
	return new Promise(resolve =>
	t.step_timeout(() => resolve("NOT LOADED"), 2000));
	}

	promise_test(async t => {
	const key = token();
	attachFencedFrame(`data:text/html, ${createLocalSource(key, kPublicUtils)}`);
	const loaded_promise = nextValueFromServer(key);
	const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
	assert_equals(result, "NOT LOADED");
	}, `fenced frame data: URL`);

	promise_test(async t => {
	const key = token();
	const blobURL = URL.createObjectURL(
	new Blob([`${createLocalSource(key, kPublicUtils)}`],
	{type: 'text/html'}));
	attachFencedFrame(blobURL);
	const loaded_promise = nextValueFromServer(key);
	const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
	assert_equals(result, "NOT LOADED");
	}, `fenced frame blob: URL`);

	promise_test(async t => {
	const fencedframe = attachFencedFrameContext();
	fencedframe.src = "javascript:window.jsURLExecuted = true;"
	// Just in case the javascript URL executes asynchronously, let's wait for
	// it.
	await getTimeoutPromise(t);
	await fencedframe.execute(async () => {
	assert_equals(window.jsURLExecuted, undefined);
	});
	}, `fenced frame javascript: URL`);

	promise_test(async t => {
	const key = token();
	let http_url = new URL("resources/embeddee.html",
	get_host_info().HTTP_ORIGIN + location.pathname);
	http_url = generateURL(http_url, [key]);
	assert_equals(http_url.protocol, "http:");
	const fencedframe = attachFencedFrame(http_url);
	const loaded_promise = nextValueFromServer(key);
	const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
	assert_equals(result, "NOT LOADED");
	}, `fenced frame http: URL`);

	</script>

	</body>