Origin isolation: add WPTs for contentDocument/frameElement

This finishes testing all the ways in which document.domain can affect cross-window access. Bug: 1042415 Change-Id: Id56aad05178333c480f0682fc00bddc28829769d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2335636Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Domenic Denicola <domenic@chromium.org> Cr-Commit-Position: refs/heads/master@{#794674}

Origin isolation: add WPTs for contentDocument/frameElement
This finishes testing all the ways in which document.domain can affect cross-window access. Bug: 1042415 Change-Id: Id56aad05178333c480f0682fc00bddc28829769d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2335636Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Domenic Denicola <domenic@chromium.org> Cr-Commit-Position: refs/heads/master@{#794674}
27a0731b · Domenic Denicola · Commit Bot · f4e24cd1 · 27a0731b · 27a0731b
Commit 27a0731b authored Aug 04, 2020 by Domenic Denicola Committed by Commit Bot Aug 04, 2020
2 changed files
--- a/third_party/blink/web_tests/external/wpt/origin-isolation/resources/child-frame-script.mjs
+++ b/third_party/blink/web_tests/external/wpt/origin-isolation/resources/child-frame-script.mjs
@@ -30,6 +30,14 @@ window.onmessage = async (e) => {
    } catch (e) {
      parent.postMessage(e.name, "*");
    }
+  } else if (e.data.command === "access frameElement") {
+    if (frameElement === null) {
+      parent.postMessage("null", "*");
+    } else if (frameElement?.constructor?.name === "HTMLIFrameElement") {
+      parent.postMessage("frameElement accessed successfully", "*");
+    } else {
+      parent.postMessage("something wierd happened", "*");
+    }
  } else if (e.data.command === "get originIsolationRestricted") {
    parent.postMessage(self.originIsolationRestricted, "*");
  }

--- a/third_party/blink/web_tests/external/wpt/origin-isolation/resources/helpers.mjs
+++ b/third_party/blink/web_tests/external/wpt/origin-isolation/resources/helpers.mjs
@@ -79,12 +79,18 @@ export function testSameAgentCluster(testFrames, testLabelPrefix) {
    promise_test(async () => {
      const frameWindow = frames[testFrames[1]];
+      const frameElement = document.querySelectorAll("iframe")[testFrames[1]];
      // Must not throw
      frameWindow.document;
      // Must not throw
      frameWindow.location.href;
+      assert_not_equals(frameElement.contentDocument, null, "contentDocument");
+      const whatHappened = await accessFrameElement(frameWindow);
+      assert_equals(whatHappened, "frameElement accessed successfully");
    }, `${prefix}setting document.domain must give sync access`);
  } else {
    // Between the two children at the index given by testFrames[0] and
@@ -101,6 +107,9 @@ export function testSameAgentCluster(testFrames, testLabelPrefix) {
      const whatHappened2 = await accessLocationHrefBetween(testFrames);
      assert_equals(whatHappened2, "accessed location.href successfully");
+      // We don't test contentDocument/frameElement for these because accessing
+      // those via siblings has to go through the parent anyway.
    }, `${prefix}setting document.domain must give sync access`);
  }
 }
@@ -130,13 +139,20 @@ export function testDifferentAgentClusters(testFrames, testLabelPrefix) {
    promise_test(async () => {
      const frameWindow = frames[testFrames[1]];
+      const frameElement = document.querySelectorAll("iframe")[testFrames[1]];
      assert_throws_dom("SecurityError", DOMException, () => {
        frameWindow.document;
      });
      assert_throws_dom("SecurityError", DOMException, () => {
        frameWindow.location.href;
      });
+      assert_equals(frameElement.contentDocument, null, "contentDocument");
+      const whatHappened = await accessFrameElement(frameWindow);
+      assert_equals(whatHappened, "null");
    }, `${prefix}setting document.domain must not give sync access`);
  } else {
    // Between the two children at the index given by testFrames[0] and
@@ -153,6 +169,9 @@ export function testDifferentAgentClusters(testFrames, testLabelPrefix) {
      const whatHappened2 = await accessLocationHrefBetween(testFrames);
      assert_equals(whatHappened2, "SecurityError");
+      // We don't test contentDocument/frameElement for these because accessing
+      // those via siblings has to go through the parent anyway.
    }, `${prefix}setting document.domain must not give sync access`);
  }
 }
@@ -263,6 +282,11 @@ async function accessLocationHrefBetween(testFrames) {
  return waitForMessage(sourceFrame);
 }
+async function accessFrameElement(frameWindow) {
+  frameWindow.postMessage({ command: "access frameElement" }, "*");
+  return waitForMessage(frameWindow);
+}
 function waitForMessage(expectedSource) {
  return new Promise(resolve => {
    const handler = e => {