Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

<!doctype html>
<meta charset=utf-8>
<title>sessionStorage: partitioned storage test</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
// Here's the set-up for this test:
// Step 1. (main window) set up messaging and same-site iframe load listeners.
// Step 2. (same-site iframe) loads, requests sessionStorage for "userID".
// Step 3. (same-site iframe) receives the message, gets or allocates sessionStorage,
// and returns the generated ID to the main frame.
// Step 4. (main window) receives "storage got set" message from same-site iframe.
// Step 5. (main window) opens a new cross-site window with the shared-iframe inside.
// Step 6. (cross-site iframe) loads, requests sessionStorage for "userID", gets or
// allocates that sessionStorage, and returns the generated ID to the main frame.
// Step 7. (main window) asserts that the generated IDs should be different, as
// they should have a different StorageKey.
async_test(t => {
let crossSiteWindow;
let crossSiteID;
let sameSiteID;
// Retrieve the iframe we created in the HTML above.
const iframe = document.getElementById("shared-iframe");
// Once the iframe loads, we request sessionStorage.
iframe.addEventListener("load", t.step_func(e => {
const payload = {
command: "create ID",
key: "userID",
iframe.contentWindow.postMessage(payload, iframe.origin);
}), {once: true});
window.addEventListener("message", t.step_func(e => {
// Once we get or allocate the sessionStorage, we expect the iframe
// to message us back with the generated ID.
if ( === "ID created") {
sameSiteID =;
assert_true(typeof sameSiteID === "string");
// Now that same-site storage has been secured, we need to open a
// new cross-site window that contains our shared-iframe to repeat
// the process in a cross-site environment.
if (location.origin !== altOrigin) {
crossSiteWindow =`${altOrigin}/webstorage/sessionStorage-basic-partitioned.tentative.sub.html`, "", "noopener=false");
t.add_cleanup(() => crossSiteWindow.close());
// We expect that once the cross-site iframe requests sessionStorage,
// it will message us back with the generated ID.
if ( === "cross-site window iframe loaded") {
crossSiteID =;
t.step(() => {
// Same and cross-site iframes should have different generated IDs.
assert_true(typeof crossSiteID === "string");
assert_true(sameSiteID !== crossSiteID, "IDs pulled from two partitioned iframes are different.")
// Clear storage state to clean up after the test.
crossSiteWindow.postMessage({command: "clearStorage"}, altOrigin);
}, "Simple test for partitioned sessionStorage");