window-open-local-after-network-scheme.sub.html

Enable keyboard shortcuts

This WPT test may be referenced by the following Test IDs:
- /content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="/common/utils.js"></script>

<meta http-equiv="Content-Security-Policy" content="img-src 'none'">

<title>about:blank in popup inherits CSPs from the navigation initiator</title>

<body>

<script>

  const message_from = (source_token, w) => {

    return new Promise(resolve => {

      window.addEventListener('message', msg => {

        if (msg.data.token === source_token)

          resolve(msg.data.msg);

});

});

};

  const testCases = [

      previous_origin: window.origin,

      name: "Popup being navigated to about:blank was same-origin.",

},

      previous_origin: "http://{{hosts[alt][]}}:{{ports[http][0]}}",

      name: "Popup being navigated to about:blank was cross-origin.",

},

];

  testCases.forEach(testCase => {

    promise_test(async t => {

      // Create a popup and navigate it.

      const popup_token = token();

      // const popup = window.open("about:blank", testCase.name);

      const loaded = message_from(popup_token);

      const popup = window.open(

        testCase.previous_origin +

          "/content-security-policy/inheritance/support" +

          `/postmessage-opener.html?token=${popup_token}`,

        testCase.name);

      t.add_cleanup(() => popup.close());

      assert_equals(await loaded, "ready");

      // Navigate the popup to "about:blank".

      window.open("about:blank", testCase.name);

      await t.step_wait(

        condition = () => {

          try {

            return popup.location.href == "about:blank";

          } catch {}

          return false;

},

        description = "Wait for the popup to navigate.",

        timeout=3000,

        interval=50);

      // Now create an img in the popup and check if it is blocked by CSPs.

      const script = popup.document.createElement('script');

      script.innerText = `

        function messageBack(msg) {

          opener.postMessage(msg ,"*");

`;

      popup.document.head.appendChild(script);

      const div = popup.document.createElement('div');

      const img_token = token();

      const img_url = window.origin + "/content-security-policy/support/fail.png";

      div.innerHTML = `

        <img src="${img_url}"

             onload="messageBack({msg: 'img loaded', token: '${img_token}'});"

             onerror="messageBack({msg: 'img blocked', token: '${img_token}'});"

`;

      const msg = message_from(img_token);

      popup.document.body.appendChild(div);

      assert_equals(await msg, "img blocked");

    }, testCase.name);

});

</script>