html/semantics/embedded-content/the-iframe-element/sandbox-top-navigation-escalate-privileges.tentative.sub.window.js - external/w3c/web-platform-tests - Git at Google

 // META: title=Top-level navigation tests with frames that try to give themselves top-nav permission
 // META: script=/common/dispatcher/dispatcher.js
 // META: script=/common/get-host-info.sub.js
 // META: script=/common/utils.js
 // META: script=/resources/testdriver.js
 // META: script=/resources/testdriver-vendor.js
 // META: script=/resources/testharness.js
 // META: script=/resources/testharnessreport.js
 // META: script=/html/browsers/browsing-the-web/remote-context-helper/resources/remote-context-helper.js
 // META: script=./resources/sandbox-top-navigation-helper.js

 'use strict';

 promise_test(async t => {
   const main = await setupTest();
   const iframe_1 = await createNestedIframe(main,
       "HTTP_REMOTE_ORIGIN", "", "");
   const iframe_2 = await createNestedIframe(iframe_1,
       "HTTP_REMOTE_ORIGIN", "allow-top-navigation", "");

   await attemptTopNavigation(iframe_2, false);
 }, "A cross origin unsandboxed frame can't escalate privileges in a child \
     frame");

 promise_test(async t => {
   const main = await setupTest();
   const iframe_1 = await createNestedIframe(main,
       "HTTP_REMOTE_ORIGIN", "allow-top-navigation", "");
   const iframe_2 = await createNestedIframe(iframe_1,
       "OTHER_ORIGIN", "", "");

   await attemptTopNavigation(iframe_2, true);
 }, "An unsandboxed grandchild inherits its parents ability to navigate top.");

 promise_test(async t => {
   const main = await setupTest();
   const iframe_1 = await createNestedIframe(main,
       "HTTP_ORIGIN", "", "");
   const iframe_2 = await createNestedIframe(iframe_1,
       "HTTP_ORIGIN", "allow-top-navigation", "");

   await attemptTopNavigation(iframe_2, true);
 }, "A same-origin grandchild with frame allow-top can navigate top");

 promise_test(async t => {
   const main = await setupTest();
   const iframe_1 = await createNestedIframe(main,
       "HTTP_ORIGIN", "", "");
   const iframe_2 = await createNestedIframe(iframe_1,
       "HTTP_ORIGIN", "", "allow-top-navigation");

   await attemptTopNavigation(iframe_2, false);
 }, "A sandboxed same-origin grandchild without allow-same-origin can't \
     escalate its own top-nav privileges");

 promise_test(async t => {
   const main = await setupTest();
   const iframe_1 = await createNestedIframe(main,
       "HTTP_ORIGIN", "", "");
   const iframe_2 = await createNestedIframe(iframe_1,
       "HTTP_ORIGIN", "", "allow-same-origin allow-top-navigation");

   await attemptTopNavigation(iframe_2, true);
 }, "A sandboxed same-origin grandchild with allow-same-origin can \
     give itself top-nav privileges");
	// META: title=Top-level navigation tests with frames that try to give themselves top-nav permission
	// META: script=/common/dispatcher/dispatcher.js
	// META: script=/common/get-host-info.sub.js
	// META: script=/common/utils.js
	// META: script=/resources/testdriver.js
	// META: script=/resources/testdriver-vendor.js
	// META: script=/resources/testharness.js
	// META: script=/resources/testharnessreport.js
	// META: script=/html/browsers/browsing-the-web/remote-context-helper/resources/remote-context-helper.js
	// META: script=./resources/sandbox-top-navigation-helper.js

	'use strict';

	promise_test(async t => {
	const main = await setupTest();
	const iframe_1 = await createNestedIframe(main,
	"HTTP_REMOTE_ORIGIN", "", "");
	const iframe_2 = await createNestedIframe(iframe_1,
	"HTTP_REMOTE_ORIGIN", "allow-top-navigation", "");

	await attemptTopNavigation(iframe_2, false);
	}, "A cross origin unsandboxed frame can't escalate privileges in a child \
	frame");

	promise_test(async t => {
	const main = await setupTest();
	const iframe_1 = await createNestedIframe(main,
	"HTTP_REMOTE_ORIGIN", "allow-top-navigation", "");
	const iframe_2 = await createNestedIframe(iframe_1,
	"OTHER_ORIGIN", "", "");

	await attemptTopNavigation(iframe_2, true);
	}, "An unsandboxed grandchild inherits its parents ability to navigate top.");

	promise_test(async t => {
	const main = await setupTest();
	const iframe_1 = await createNestedIframe(main,
	"HTTP_ORIGIN", "", "");
	const iframe_2 = await createNestedIframe(iframe_1,
	"HTTP_ORIGIN", "allow-top-navigation", "");

	await attemptTopNavigation(iframe_2, true);
	}, "A same-origin grandchild with frame allow-top can navigate top");

	promise_test(async t => {
	const main = await setupTest();
	const iframe_1 = await createNestedIframe(main,
	"HTTP_ORIGIN", "", "");
	const iframe_2 = await createNestedIframe(iframe_1,
	"HTTP_ORIGIN", "", "allow-top-navigation");

	await attemptTopNavigation(iframe_2, false);
	}, "A sandboxed same-origin grandchild without allow-same-origin can't \
	escalate its own top-nav privileges");

	promise_test(async t => {
	const main = await setupTest();
	const iframe_1 = await createNestedIframe(main,
	"HTTP_ORIGIN", "", "");
	const iframe_2 = await createNestedIframe(iframe_1,
	"HTTP_ORIGIN", "", "allow-same-origin allow-top-navigation");

	await attemptTopNavigation(iframe_2, true);
	}, "A sandboxed same-origin grandchild with allow-same-origin can \
	give itself top-nav privileges");