WPT test: open error page while sandboxed.

Check what happens when opening an about:srcdoc window from a sandboxed about:srcdoc iframe. This patch was intended to be one of the regression tests for https://crbug.com/1158306. At the end, I realized it isn't. It is still worth adding it. The real test where Chrome fails will be added in: https://chromium-review.googlesource.com/c/chromium/src/+/2587047 Bug: 1158306 Change-Id: I2f6f7468564c66c17b679c4007cc6b4e26cb980c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2584812 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/master@{#837089}

WPT test: open error page while sandboxed.
Check what happens when opening an about:srcdoc window from a sandboxed about:srcdoc iframe. This patch was intended to be one of the regression tests for https://crbug.com/1158306. At the end, I realized it isn't. It is still worth adding it. The real test where Chrome fails will be added in: https://chromium-review.googlesource.com/c/chromium/src/+/2587047 Bug: 1158306 Change-Id: I2f6f7468564c66c17b679c4007cc6b4e26cb980c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2584812 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/master@{#837089}
0ec4bcfe · arthursonzogni · Chromium LUCI CQ · cd6925c9 · 0ec4bcfe
Commit 0ec4bcfe authored Dec 15, 2020 by arthursonzogni Committed by Chromium LUCI CQ Dec 15, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 52 additions and 0 deletions

third_party/blink/web_tests/external/wpt/html/browsers/sandboxing/sandbox-window-open-srcdoc.html .../html/browsers/sandboxing/sandbox-window-open-srcdoc.html +52 -0

No files found.
--- a/third_party/blink/web_tests/external/wpt/html/browsers/sandboxing/sandbox-window-open-srcdoc.html
+++ b/third_party/blink/web_tests/external/wpt/html/browsers/sandboxing/sandbox-window-open-srcdoc.html
+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>window.open("about:srcdoc") from a sandboxed iframe</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+// Check what happens when executing window.open("about:srcdoc") from a
+// sandboxed iframe. Srcdoc can't be loaded in the main frame. It should
+// result in an error page. The error page should be cross-origin with the
+// opener.
+//
+// This test covers an interesting edge case. A main frame should inherit
+// sandbox flags. However the document loaded is an internal error page. This
+// might trigger some assertions, especially if the implementation wrongly
+// applies the sandbox flags of the opener to the internal error page document.
+//
+// This test is mainly a coverage test. It passes if it doesn't crash.
+async_test(test => {
+  let iframe = document.createElement("iframe");
+  iframe.sandbox = "allow-scripts allow-popups allow-same-origin";
+  iframe.srcdoc = `
+    <script>
+      let w = window.open();
+      onunload = () => w.close();
+      let notify = () => {
+        try {
+          w.origin; // Will fail after navigating to about:srcdoc.
+          parent.postMessage("pending", "*");
+        } catch (e) {
+          parent.postMessage("done", "*");
+        };
+      };
+      addEventListener("message", notify);
+      notify();
+      w.location = "about:srcdoc"; // Error page.
+    </scr`+`ipt>
+  `;
+  let closed = false;
+  addEventListener("message", event => {
+    closed = (event.data === "done");
+    iframe.contentWindow.postMessage("ping","*");
+  });
+  document.body.appendChild(iframe);
+  test.step_wait_func_done(()=>closed);
+}, "window.open('about:srcdoc') from sandboxed srcdoc doesn't crash.");
+</script>