| <!doctype html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/common/get-host-info.sub.js"></script> |
| <script src="/common/utils.js"></script> |
| <body> |
| <script> |
| const {ORIGIN, REMOTE_ORIGIN} = get_host_info(); |
| const control_iframe = document.createElement('iframe'); |
| const anonymous_iframe = document.createElement('iframe'); |
| |
| promise_setup(async t => { |
| const createControlIframe = new Promise(async resolve => { |
| control_iframe.onload = resolve; |
| control_iframe.src = ORIGIN + `/common/blank.html`; |
| document.body.append(control_iframe); |
| }); |
| |
| const createAnonymousIframe = new Promise(async resolve => { |
| anonymous_iframe.onload = resolve; |
| anonymous_iframe.src = ORIGIN + `/common/blank.html`; |
| anonymous_iframe.anonymous = true; |
| document.body.append(anonymous_iframe); |
| }); |
| |
| await Promise.all([createControlIframe, createAnonymousIframe]); |
| }); |
| |
| // Create cross-origin popup from iframes. The opener should be blocked for |
| // anonymous iframe and work for normal iframe. |
| promise_test(async t => { |
| src_popup = REMOTE_ORIGIN + `/common/blank.html`; |
| const popup_1 = control_iframe.contentWindow.open(src_popup); |
| assert_equals( |
| popup_1.opener, control_iframe.contentWindow, |
| "Opener from normal iframe should be available."); |
| |
| const popup_2 = anonymous_iframe.contentWindow.open(src_popup); |
| assert_equals( |
| popup_2, null, "Opener from anonymous iframe should be blocked."); |
| }, 'Cross-origin popup from normal/anonymous iframes.'); |
| |
| // Create a same-origin popup from iframes. The opener should be blocked for |
| // anonymous iframe and work for normal iframe. |
| promise_test(async t => { |
| src_popup = ORIGIN + `/common/blank.html`; |
| const popup_1 = control_iframe.contentWindow.open(src_popup); |
| assert_equals( |
| popup_1.opener, control_iframe.contentWindow, |
| "Opener from normal iframe should be available."); |
| |
| const popup_2 = anonymous_iframe.contentWindow.open(src_popup); |
| assert_equals( |
| popup_2, null, "Opener from anonymous iframe should be blocked."); |
| }, 'Same-origin popup from normal/anonymous iframes.'); |
| |
| </script> |
| </body> |