Commit b4c70bc0 authored by Yifan Luo's avatar Yifan Luo Committed by moz-wptsync-bot
Browse files

Bug 1721812 [wpt PR 29744] - [Anonymous iframe] Block popup opener... 

Bug 1721812 [wpt PR 29744] - [Anonymous iframe] Block popup opener relationship from anonymous iframe., a=testonly

Automatic update from web-platform-tests
[Anonymous iframe] Block popup opener relationship from anonymous iframe.

A popup created from an anonymous iframe must not retain its
opener/openee relationship, which means it should behave as
if it was opened with no-opener.

Bug: 1229998
Change-Id: I27732d07454a155f51b72e01b0267fd61b3c0107
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3045358


Reviewed-by: default avatarCamille Lamy <clamy@chromium.org>
Commit-Queue: Yifan Luo <lyf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#904303}

--

wpt-commits: 2b50de60dc8a9ab1f55d964d69ccd06897b41bd4
wpt-pr: 29744
parent 9f7e3421

testing/web-platform/tests/html/cross-origin-embedder-policy/anonymous-iframe/anonymous-iframe-popup.tentative.https.html

0 → 100644
+53 −0
Original line number Diff line number Diff line 
<!doctype html>

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="/common/get-host-info.sub.js"></script>

<script src="/common/utils.js"></script>

<body>

<script>

const {ORIGIN, REMOTE_ORIGIN} = get_host_info();



// Create an anonymous iframe.

const normal_iframe = document.createElement('iframe');

const anonymous_iframe = document.createElement('iframe');

promise_setup(async t => {

  await new Promise(async resolve => {

    normal_iframe.onload = () => resolve();

    normal_iframe.src = ORIGIN + `/common/blank.html`;

    document.body.append(normal_iframe);

  });



  await new Promise(async resolve => {

    anonymous_iframe.onload = () => resolve();

    anonymous_iframe.src = ORIGIN + `/common/blank.html`;

    anonymous_iframe.anonymous = true;

    document.body.append(anonymous_iframe);

  });

});



// Create cross-origin popup from iframes. The opener should be blocked for

// anonymous iframe and work for normal iframe.

promise_test(async t => {

  src_popup = REMOTE_ORIGIN + `/common/blank.html`;

  // Opener from normal iframe should be available.

  const popup_1 = normal_iframe.contentWindow.open(src_popup);

  assert_equals(popup_1.opener, normal_iframe.contentWindow);

  // Opener from normal iframe should be blocked.

  const popup_2 = anonymous_iframe.contentWindow.open(src_popup);

  assert_equals(popup_2, null);

}, 'Cross-origin popup from anonymous iframe');



// Create a same-origin popup from iframes. The opener should be blocked for

// anonymous iframe and work for normal iframe.

promise_test(async t => {

  src_popup = ORIGIN + `/common/blank.html`;

  // Opener from normal iframe should be available.

  const popup_1 = normal_iframe.contentWindow.open(src_popup);

  assert_equals(popup_1.opener, normal_iframe.contentWindow);

  // Opener from normal iframe should be blocked.

  const popup_2 = anonymous_iframe.contentWindow.open(src_popup);

  assert_equals(popup_2, null);

}, 'Same-origin popup from anonymous iframe');



</script>

</body>