Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

<!doctype html>
<body>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/utils.js></script>
<script src=/fenced-frame/resources/utils.js></script>
<script src=/shared-storage/resources/util.js></script>
<script>
'use strict';
const origin = window.location.origin;
const rawSetHeader = 'set;key=hello;value=world';
const setHeader = encodeURIComponent(rawSetHeader);
promise_test(async t => {
let frame = document.createElement('iframe');
const promise = new Promise((resolve, reject) => {
window.addEventListener('message', async function handler(evt) {
if (evt.source === frame.contentWindow &&
evt.data.sharedStorageWritableHeader) {
document.body.removeChild(frame);
window.removeEventListener('message', handler);
resolve(evt.data.sharedStorageWritableHeader);
}
});
window.addEventListener('error', (error) => {
reject(error);
});
});
const innerUrl =
`${origin}\\/shared-storage\\/resources\\/shared-storage-write-`
+ `notify-parent.py?write=${setHeader}`;
const innerCode = `
let parentOrOpener = window.opener || window.parent;
let innerFrame = document.createElement('iframe');
window.addEventListener('message', async (evt) => {
if (evt.source === innerFrame.contentWindow &&
evt.data.sharedStorageWritableHeader) {
parentOrOpener.postMessage({sharedStorageWritableHeader:
evt.data.sharedStorageWritableHeader}, '*');
}
});
window.addEventListener('error', (error) => {
parentOrOpener.postMessage({sharedStorageWritableHeader: error.message}, '*');
});
innerFrame.src = '${innerUrl}';
innerFrame.sharedStorageWritable = true;
document.body.appendChild(innerFrame);
`;
const dataURL = 'data:text/html;base64,'
+ btoa(unescape('%3Chtml%3E%3Cbody%3E%3Cscript%3E'
+ encodeURIComponent(innerCode) +
'%3C%2Fscript%3E%3C%2Fbody%3E%3C%2Fhtml%3E'));
frame.src = dataURL;
document.body.appendChild(frame);
const result = await promise;
assert_equals(result, "NO_SHARED_STORAGE_WRITABLE_HEADER");
await verifyKeyNotFoundForOrigin('hello', origin);
}, 'shared storage iframe request disallowed in opaque origin from data URL');
</script>
</body>