Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

<!doctype html>
<title>Navigating to text fragment directives in iframes</title>
<meta charset=utf-8>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
function getResult(iframe) {
return new Promise((resolve) => {
window.addEventListener('message', (e) => {
resolve(e.data);
}, {once: true});
iframe.contentWindow.postMessage('getResult', '*');
});
}
function reset(iframe) {
return new Promise((resolve) => {
window.addEventListener('message', (e) => {
resolve();
}, {once: true});
iframe.contentWindow.postMessage('reset', '*');
});
}
function runTests() {
const attribute_iframe = document.getElementById('srcattrib');
const sameorigin_iframe = document.getElementById('sameorigin');
const crossorigin_iframe = document.getElementById('crossorigin');
// Check behavior that occurs when a text fragment is specified directly in
// an iframe's src attribute. We expect the text fragment to be blocked.
promise_test(t => new Promise(async resolve => {
// No reset since we're checking the hash specified in the `src` attribute.
const data = await getResult(attribute_iframe);
resolve(data);
}).then( data => {
assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
assert_equals(data.scrollPosition, 'top', 'Should not scroll to text fragment');
}), 'Text fragment specified in iframe.src');
// Check behavior when we set a text fragment using script from a
// same-origin parent. The text fragment should be allowed because this is
// a same-document navigation initiated by an origin that's same-origin
// with the current document.
promise_test(t => new Promise(async resolve => {
await reset(sameorigin_iframe);
sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#:~:text=Target`;
const data = await getResult(sameorigin_iframe);
resolve(data);
}).then( data => {
assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
assert_equals(data.scrollPosition, 'target', 'Should scroll to text fragment');
}), 'Navigate same-origin iframe via window.location');
// Check behavior when we set a text fragment using script from a
// cross-origin parent. The text fragment should be blocked because the
// initiating origin is not same-origin with the current document.
promise_test(t => new Promise(async resolve => {
await reset(crossorigin_iframe);
crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#:~:text=Target`;
const data = await getResult(crossorigin_iframe);
resolve(data);
}).then( data => {
assert_equals(data.href.indexOf(':~:'), -1, 'Expected fragment directive to be stripped from the URL.');
assert_equals(data.scrollPosition, 'top', 'Should not to scroll to text fragment.');
}), 'Navigate cross-origin iframe via window.location');
// Check the element-id fallback behavior when the text is not found. We
// should fallback to a regular element-id hash navigation.
promise_test(t => new Promise(async resolve => {
await reset(sameorigin_iframe);
sameorigin_iframe.contentWindow.location = `${sameorigin_iframe.src}#elementid:~:text=NonExistentText`;
const data = await getResult(sameorigin_iframe);
resolve(data);
}).then( data => {
assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.');
}), 'Non-matching text with element-id fallback');
// Check the element-id fallback behaviour when used across origins. The
// text fragment should be blocked across origins but the element id hash
// should not.
promise_test(t => new Promise(async resolve => {
await reset(crossorigin_iframe);
crossorigin_iframe.contentWindow.location = `${crossorigin_iframe.src}#elementid:~:text=Target%20Text`;
const data = await getResult(crossorigin_iframe);
resolve(data);
}).then( data => {
assert_equals(data.scrollPosition, 'elementid', 'Should scroll to the element-id anchor.');
}), 'Cross-origin with element-id fallback');
}
</script>
<style>
iframe {
width: 100px;
height: 100px;
}
</style>
<body onload="runTests()">
<div>
Same-Origin with text fragment in src attribute:
<iframe id="srcattrib" src="iframe-target.html#:~:text=Target"></iframe>
</div>
<div>
Same-Origin:
<iframe id="sameorigin" src="iframe-target.html"></iframe>
</div>
<div>
Cross-Origin:
</div>
</body>