-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1564479 [wpt PR 17729] - Fix feature policy origin comparison for…
… sandbox., a=testonly Automatic update from web-platform-tests Fix feature policy origin comparison for sandbox. When 'self' was specified in a feature policy header for a sandboxed page, the resulting policy would not actually allow the feature in that page, even when it would otherwise have been allowed. This corrects that by assigning the correct origin to the policy and accepting that origin in allowlists. Bug: 973880, 690520 Change-Id: I93325bf24119068f8138f6e38507598cc30cbb06 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1689958 Commit-Queue: Ian Clelland <iclellandchromium.org> Reviewed-by: Jeremy Roman <jbromanchromium.org> Cr-Commit-Position: refs/heads/master{#675737} -- wpt-commits: 6493155a3b1c0a0236aa4059a1ef768961578f98 wpt-pr: 17729 UltraBlame original commit: a4a34b940a8705a6ef52f2fd1341cbcb3ec0a5b7
- Loading branch information
Showing
4 changed files
with
501 additions
and
0 deletions.
There are no files selected for viewing
241 changes: 241 additions & 0 deletions
241
testing/web-platform/tests/feature-policy/policy-extends-to-sandbox.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,241 @@ | ||
< | ||
! | ||
DOCTYPE | ||
html | ||
> | ||
< | ||
title | ||
> | ||
Feature | ||
policy | ||
treats | ||
opaque | ||
origins | ||
correctly | ||
< | ||
/ | ||
title | ||
> | ||
< | ||
script | ||
src | ||
= | ||
" | ||
/ | ||
resources | ||
/ | ||
testharness | ||
. | ||
js | ||
" | ||
> | ||
< | ||
/ | ||
script | ||
> | ||
< | ||
script | ||
src | ||
= | ||
" | ||
/ | ||
resources | ||
/ | ||
testharnessreport | ||
. | ||
js | ||
" | ||
> | ||
< | ||
/ | ||
script | ||
> | ||
< | ||
body | ||
> | ||
< | ||
script | ||
> | ||
" | ||
use | ||
strict | ||
" | ||
; | ||
async_test | ||
( | ||
t | ||
= | ||
> | ||
{ | ||
let | ||
frame | ||
= | ||
document | ||
. | ||
createElement | ||
( | ||
' | ||
iframe | ||
' | ||
) | ||
; | ||
frame | ||
. | ||
src | ||
= | ||
" | ||
/ | ||
feature | ||
- | ||
policy | ||
/ | ||
resources | ||
/ | ||
sandbox | ||
- | ||
self | ||
. | ||
html | ||
" | ||
; | ||
frame | ||
. | ||
allow | ||
= | ||
" | ||
fullscreen | ||
" | ||
; | ||
frame | ||
. | ||
sandbox | ||
= | ||
" | ||
allow | ||
- | ||
scripts | ||
" | ||
; | ||
var | ||
handle_message | ||
= | ||
t | ||
. | ||
step_func | ||
( | ||
evt | ||
= | ||
> | ||
{ | ||
if | ||
( | ||
evt | ||
. | ||
source | ||
= | ||
= | ||
= | ||
frame | ||
. | ||
contentWindow | ||
) | ||
{ | ||
assert_equals | ||
( | ||
evt | ||
. | ||
data | ||
. | ||
child | ||
true | ||
" | ||
' | ||
self | ||
' | ||
in | ||
header | ||
should | ||
match | ||
origin | ||
of | ||
sandboxed | ||
frame | ||
. | ||
" | ||
) | ||
; | ||
assert_equals | ||
( | ||
evt | ||
. | ||
data | ||
. | ||
grandchild | ||
false | ||
" | ||
Opaque | ||
origins | ||
should | ||
not | ||
match | ||
each | ||
other | ||
. | ||
" | ||
) | ||
; | ||
document | ||
. | ||
body | ||
. | ||
removeChild | ||
( | ||
frame | ||
) | ||
; | ||
window | ||
. | ||
removeEventListener | ||
( | ||
' | ||
message | ||
' | ||
handle_message | ||
) | ||
; | ||
t | ||
. | ||
done | ||
( | ||
) | ||
; | ||
} | ||
} | ||
) | ||
; | ||
window | ||
. | ||
addEventListener | ||
( | ||
' | ||
message | ||
' | ||
handle_message | ||
) | ||
; | ||
document | ||
. | ||
body | ||
. | ||
appendChild | ||
( | ||
frame | ||
) | ||
; | ||
} | ||
) | ||
; | ||
< | ||
/ | ||
script | ||
> |
65 changes: 65 additions & 0 deletions
65
testing/web-platform/tests/feature-policy/resources/nested-sandbox.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
< | ||
! | ||
DOCTYPE | ||
html | ||
> | ||
< | ||
title | ||
> | ||
Return | ||
fullscreen | ||
feature | ||
policy | ||
state | ||
< | ||
/ | ||
title | ||
> | ||
< | ||
script | ||
> | ||
" | ||
use | ||
strict | ||
" | ||
; | ||
window | ||
. | ||
onload | ||
= | ||
( | ||
) | ||
= | ||
> | ||
{ | ||
window | ||
. | ||
parent | ||
. | ||
postMessage | ||
( | ||
document | ||
. | ||
featurePolicy | ||
. | ||
allowedFeatures | ||
( | ||
) | ||
. | ||
includes | ||
( | ||
" | ||
fullscreen | ||
" | ||
) | ||
" | ||
* | ||
" | ||
) | ||
; | ||
} | ||
; | ||
< | ||
/ | ||
script | ||
> |
Oops, something went wrong.