[WPT/common/security-features] Introduce iframe-blank source context

As preparation for migrating wpt/upgrade-insecure-requests to the /common/security-features generator framework in https://chromium-review.googlesource.com/c/chromium/src/+/1788551, this CL introduces `iframe-blank` source context (i.e. <iframe></iframe> without src/srcdoc attributes), which is currently tested for image requests. Bug: 1001422 Change-Id: I6537f8db0ea1a961d33262d474b47b25d8f6a1ab Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1788876 Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Kenichi Ishibashi <bashi@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#696301}

[WPT/common/security-features] Introduce iframe-blank source context
As preparation for migrating wpt/upgrade-insecure-requests to the /common/security-features generator framework in https://chromium-review.googlesource.com/c/chromium/src/+/1788551, this CL introduces `iframe-blank` source context (i.e. <iframe></iframe> without src/srcdoc attributes), which is currently tested for image requests. Bug: 1001422 Change-Id: I6537f8db0ea1a961d33262d474b47b25d8f6a1ab Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1788876 Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Kenichi Ishibashi <bashi@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#696301}
13765318 · Hiroshige Hayashizaki · Commit Bot · 2c0f956a · 13765318 · 13765318
Commit 13765318 authored Sep 13, 2019 by Hiroshige Hayashizaki Committed by Commit Bot Sep 13, 2019
2 changed files
--- a/third_party/blink/web_tests/external/wpt/common/security-features/resources/common.sub.js
+++ b/third_party/blink/web_tests/external/wpt/common/security-features/resources/common.sub.js
@@ -1118,6 +1118,9 @@ function invokeRequest(subresource, sourceContextList) {
    "iframe": { // <iframe src="same-origin-URL"></iframe>
      invoker: invokeFromIframe,
    },
+    "iframe-blank": { // <iframe></iframe>
+      invoker: invokeFromIframe,
+    },
    "worker-classic": {
      // Classic dedicated worker loaded from same-origin.
      invoker: invokeFromWorker.bind(undefined, false, {}),
@@ -1204,35 +1207,53 @@ function invokeFromIframe(subresource, sourceContextList) {
    encodeURIComponent(JSON.stringify(
        currentSourceContext.policyDeliveries || []));

+  let iframe;
  let promise;
  if (currentSourceContext.sourceContextType === 'srcdoc') {
    promise = fetch(frameUrl)
      .then(r => r.text())
      .then(srcdoc => {
-          return createElement("iframe", {srcdoc: srcdoc}, document.body, true);
+          iframe = createElement(
+              "iframe", {srcdoc: srcdoc}, document.body, true);
+          return iframe.eventPromise;
        });
  } else if (currentSourceContext.sourceContextType === 'iframe') {
-    promise = Promise.resolve(
-        createElement("iframe", {src: frameUrl}, document.body, true));
+    iframe = createElement("iframe", {src: frameUrl}, document.body, true);
+    promise = iframe.eventPromise;
+  } else if (currentSourceContext.sourceContextType === 'iframe-blank') {
+    let frameContent;
+    promise = fetch(frameUrl)
+      .then(r => r.text())
+      .then(t => {
+          frameContnent = t;
+          iframe = createElement("iframe", {}, document.body, true);
+          return iframe.eventPromise;
+        })
+      .then(() => {
+          // Reinitialize `iframe.eventPromise` with a new promise
+          // that catches the load event for the document.write() below.
+          bindEvents(iframe);
+
+          iframe.contentDocument.write(frameContent);
+          iframe.contentDocument.close();
+          return iframe.eventPromise;
+        });
  }

  return promise
-    .then(iframe => {
-        return iframe.eventPromise
-          .then(() => {
-              const promise = bindEvents2(
-                  window, "message", iframe, "error", window, "error");
-              iframe.contentWindow.postMessage(
-                  {subresource: subresource,
-                   sourceContextList: sourceContextList.slice(1)},
-                  "*");
-              return promise;
-            })
-          .then(event => {
-              if (event.data.error)
-                return Promise.reject(event.data.error);
-              return event.data;
-            });
+    .then(() => {
+        const promise = bindEvents2(
+            window, "message", iframe, "error", window, "error");
+        iframe.contentWindow.postMessage(
+            {subresource: subresource,
+             sourceContextList: sourceContextList.slice(1)},
+            "*");
+        return promise;
+      })
+    .then(event => {
+        if (event.data.error)
+          return Promise.reject(event.data.error);
+        return event.data;
      });
 }


--- a/third_party/blink/web_tests/external/wpt/common/security-features/tools/spec_validator.py
+++ b/third_party/blink/web_tests/external/wpt/common/security-features/tools/spec_validator.py
@@ -101,9 +101,11 @@ def validate(spec_json, details):

    valid_test_expansion_fields = ['name'] + test_expansion_schema.keys()

+    # Should be consistent with `sourceContextMap` in
+    # `/common/security-features/resources/common.sub.js`.
    valid_source_context_names = [
-        "top", "iframe", "srcdoc", "worker-classic", "worker-module",
-        "worker-classic-data", "worker-module-data"
+        "top", "iframe", "iframe-blank", "srcdoc", "worker-classic",
+        "worker-module", "worker-classic-data", "worker-module-data"
    ]

    valid_subresource_names = [