webstorage/sessionStorage-basic-partitioned.tentative.sub.html - external/w3c/web-platform-tests - Git at Google

 <!doctype html>
 <meta charset=utf-8>
 <title>sessionStorage: partitioned storage test</title>
 <meta name=help href="https://privacycg.github.io/storage-partitioning/">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <iframe id="shared-iframe" src="http://{{host}}:{{ports[http][0]}}/webstorage/resources/sessionStorage-about-blank-partitioned-iframe.html"></iframe>
 <body>
 <script>
 // Here's the set-up for this test:
 // Step 1. (main window) set up messaging and same-site iframe load listeners.
 // Step 2. (same-site iframe) loads, requests sessionStorage for "userID".
 // Step 3. (same-site iframe) receives the message, gets or allocates sessionStorage,
 // and returns the generated ID to the main frame.
 // Step 4. (main window) receives "storage got set" message from same-site iframe.
 // Step 5. (main window) opens a new cross-site window with the shared-iframe inside.
 // Step 6. (cross-site iframe) loads, requests sessionStorage for "userID", gets or
 // allocates that sessionStorage, and returns the generated ID to the main frame.
 // Step 7. (main window) asserts that the generated IDs should be different, as
 // they should have a different StorageKey.
 const altOrigin = "http://{{hosts[alt][]}}:{{ports[http][0]}}";

 async_test(t => {
   let crossSiteWindow;
   let crossSiteID;
   let sameSiteID;
   // Retrieve the iframe we created in the HTML above.
   const iframe = document.getElementById("shared-iframe");

   // Once the iframe loads, we request sessionStorage.
   iframe.addEventListener("load", t.step_func(e => {
     const payload = {
       command: "create ID",
       key: "userID",
     };
     iframe.contentWindow.postMessage(payload, iframe.origin);
   }), {once: true});

   window.addEventListener("message", t.step_func(e => {
     // Once we get or allocate the sessionStorage, we expect the iframe
     // to message us back with the generated ID.
     if (e.data.message === "ID created") {
       sameSiteID = e.data.userID;
       assert_true(typeof sameSiteID === "string");

       // Now that same-site storage has been secured, we need to open a
       // new cross-site window that contains our shared-iframe to repeat
       // the process in a cross-site environment.
       if (location.origin !== altOrigin) {
         crossSiteWindow = window.open(`${altOrigin}/webstorage/sessionStorage-basic-partitioned.tentative.sub.html`, "", "noopener=false");
         t.add_cleanup(() => crossSiteWindow.close());
       }
     }

     // We expect that once the cross-site iframe requests sessionStorage,
     // it will message us back with the generated ID.
     if (e.data.message === "cross-site window iframe loaded") {
       crossSiteID = e.data.userID;
       t.step(() => {
         // Same and cross-site iframes should have different generated IDs.
         assert_true(typeof crossSiteID === "string");
         assert_true(sameSiteID !== crossSiteID, "IDs pulled from two partitioned iframes are different.")
       });

       // Clear storage state to clean up after the test.
       iframe.contentWindow.sessionStorage.clear();
       crossSiteWindow.postMessage({command: "clearStorage"}, altOrigin);
       t.done();
     };
   }));
 }, "Simple test for partitioned sessionStorage");
 </script>
 </body>
	<!doctype html>
	<meta charset=utf-8>
	<title>sessionStorage: partitioned storage test</title>
	<meta name=help href="https://privacycg.github.io/storage-partitioning/">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<iframe id="shared-iframe" src="http://{{host}}:{{ports[http][0]}}/webstorage/resources/sessionStorage-about-blank-partitioned-iframe.html"></iframe>
	<body>
	<script>
	// Here's the set-up for this test:
	// Step 1. (main window) set up messaging and same-site iframe load listeners.
	// Step 2. (same-site iframe) loads, requests sessionStorage for "userID".
	// Step 3. (same-site iframe) receives the message, gets or allocates sessionStorage,
	// and returns the generated ID to the main frame.
	// Step 4. (main window) receives "storage got set" message from same-site iframe.
	// Step 5. (main window) opens a new cross-site window with the shared-iframe inside.
	// Step 6. (cross-site iframe) loads, requests sessionStorage for "userID", gets or
	// allocates that sessionStorage, and returns the generated ID to the main frame.
	// Step 7. (main window) asserts that the generated IDs should be different, as
	// they should have a different StorageKey.
	const altOrigin = "http://{{hosts[alt][]}}:{{ports[http][0]}}";

	async_test(t => {
	let crossSiteWindow;
	let crossSiteID;
	let sameSiteID;
	// Retrieve the iframe we created in the HTML above.
	const iframe = document.getElementById("shared-iframe");

	// Once the iframe loads, we request sessionStorage.
	iframe.addEventListener("load", t.step_func(e => {
	const payload = {
	command: "create ID",
	key: "userID",
	};
	iframe.contentWindow.postMessage(payload, iframe.origin);
	}), {once: true});

	window.addEventListener("message", t.step_func(e => {
	// Once we get or allocate the sessionStorage, we expect the iframe
	// to message us back with the generated ID.
	if (e.data.message === "ID created") {
	sameSiteID = e.data.userID;
	assert_true(typeof sameSiteID === "string");

	// Now that same-site storage has been secured, we need to open a
	// new cross-site window that contains our shared-iframe to repeat
	// the process in a cross-site environment.
	if (location.origin !== altOrigin) {
	crossSiteWindow = window.open(`${altOrigin}/webstorage/sessionStorage-basic-partitioned.tentative.sub.html`, "", "noopener=false");
	t.add_cleanup(() => crossSiteWindow.close());
	}
	}

	// We expect that once the cross-site iframe requests sessionStorage,
	// it will message us back with the generated ID.
	if (e.data.message === "cross-site window iframe loaded") {
	crossSiteID = e.data.userID;
	t.step(() => {
	// Same and cross-site iframes should have different generated IDs.
	assert_true(typeof crossSiteID === "string");
	assert_true(sameSiteID !== crossSiteID, "IDs pulled from two partitioned iframes are different.")
	});

	// Clear storage state to clean up after the test.
	iframe.contentWindow.sessionStorage.clear();
	crossSiteWindow.postMessage({command: "clearStorage"}, altOrigin);
	t.done();
	};
	}));
	}, "Simple test for partitioned sessionStorage");
	</script>
	</body>