Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that disables it given conditions:
- This WPT test may be referenced by the following Test IDs:
- /html/semantics/forms/the-input-element/show-picker-cross-origin-iframe.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<title>Test showPicker() called from cross-origin iframe</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<body>
<iframe id="iframe1"></iframe>
<iframe id="iframe2"></iframe>
<iframe id="iframe3"></iframe>
<iframe id="iframe4"></iframe>
</body>
<script>
function waitForSecurityErrors() {
return new Promise((resolve) => {
window.addEventListener("message", (event) => resolve(event.data), {
once: true,
});
});
}
promise_test(async (t) => {
iframe1.src =
new URL("resources/", self.location).pathname +
"show-picker-child-iframe.html";
// Wait for the iframe to report security errors when calling showPicker().
const securityErrors = await waitForSecurityErrors();
assert_equals(
securityErrors,
"",
"In same-origin iframes, showPicker() does not throw a SecurityError."
);
});
promise_test(async (t) => {
iframe2.src =
get_host_info().HTTP_NOTSAMESITE_ORIGIN +
new URL("resources/", self.location).pathname +
"show-picker-child-iframe.html";
// Wait for the iframe to report security errors when calling showPicker().
const securityErrors = await waitForSecurityErrors();
assert_equals(
securityErrors,
"button,checkbox,date,datetime-local,email,hidden,image,month,number,password,radio,range,reset,search,submit,tel,text,time,url,week",
"In cross-origin iframes, showPicker() throws a SecurityError except on file and color."
);
});
promise_test(async (t) => {
iframe3.src =
new URL("resources/", self.location).pathname +
"show-picker-child-iframe.html?documentDomain=" + get_host_info().ORIGINAL_HOST;
// Wait for the iframe to report security errors when calling showPicker().
const securityErrors = await waitForSecurityErrors();
assert_equals(
securityErrors,
"",
"In same-origin but cross-origin-domain iframes, showPicker() does not throw a SecurityError."
);
});
promise_test(async (t) => {
document.domain = get_host_info().ORIGINAL_HOST;
iframe4.src =
get_host_info().HTTP_REMOTE_ORIGIN +
new URL("resources/", self.location).pathname +
"show-picker-child-iframe.html?documentDomain=" + get_host_info().ORIGINAL_HOST;
// Wait for the iframe to report security errors when calling showPicker().
const securityErrors = await waitForSecurityErrors();
assert_equals(
securityErrors,
"button,checkbox,date,datetime-local,email,hidden,image,month,number,password,radio,range,reset,search,submit,tel,text,time,url,week",
"In cross-origin but same-origin-domain iframes, showPicker() throws a SecurityError except on file and color."
);
});
</script>