Origin isolation: add WPTs for contentDocument/frameElement

This finishes testing all the ways in which document.domain can affect
cross-window access.

Bug: 1042415
Change-Id: Id56aad05178333c480f0682fc00bddc28829769d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2335636Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Domenic Denicola <domenic@chromium.org>
Cr-Commit-Position: refs/heads/master@{#794674}

third_party/blink/web_tests/external/wpt/origin-isolation/resources/child-frame-script.mjs

@@ -30,6 +30,14 @@ window.onmessage = async (e) => {
     } catch (e) {
       parent.postMessage(e.name, "*");
     }
+  } else if (e.data.command === "access frameElement") {
+    if (frameElement === null) {
+      parent.postMessage("null", "*");
+    } else if (frameElement?.constructor?.name === "HTMLIFrameElement") {
+      parent.postMessage("frameElement accessed successfully", "*");
+    } else {
+      parent.postMessage("something wierd happened", "*");
+    }
   } else if (e.data.command === "get originIsolationRestricted") {
     parent.postMessage(self.originIsolationRestricted, "*");
   }

third_party/blink/web_tests/external/wpt/origin-isolation/resources/helpers.mjs

@@ -79,12 +79,18 @@ export function testSameAgentCluster(testFrames, testLabelPrefix) {
 
     promise_test(async () => {
       const frameWindow = frames[testFrames[1]];
+      const frameElement = document.querySelectorAll("iframe")[testFrames[1]];
 
       // Must not throw
       frameWindow.document;
 
       // Must not throw
       frameWindow.location.href;
+
+      assert_not_equals(frameElement.contentDocument, null, "contentDocument");
+
+      const whatHappened = await accessFrameElement(frameWindow);
+      assert_equals(whatHappened, "frameElement accessed successfully");
     }, `${prefix}setting document.domain must give sync access`);
   } else {
     // Between the two children at the index given by testFrames[0] and
@@ -101,6 +107,9 @@ export function testSameAgentCluster(testFrames, testLabelPrefix) {
 
       const whatHappened2 = await accessLocationHrefBetween(testFrames);
       assert_equals(whatHappened2, "accessed location.href successfully");
+
+      // We don't test contentDocument/frameElement for these because accessing
+      // those via siblings has to go through the parent anyway.
     }, `${prefix}setting document.domain must give sync access`);
   }
 }
@@ -130,13 +139,20 @@ export function testDifferentAgentClusters(testFrames, testLabelPrefix) {
 
     promise_test(async () => {
       const frameWindow = frames[testFrames[1]];
+      const frameElement = document.querySelectorAll("iframe")[testFrames[1]];
 
       assert_throws_dom("SecurityError", DOMException, () => {
         frameWindow.document;
       });
+
       assert_throws_dom("SecurityError", DOMException, () => {
         frameWindow.location.href;
       });
+
+      assert_equals(frameElement.contentDocument, null, "contentDocument");
+
+      const whatHappened = await accessFrameElement(frameWindow);
+      assert_equals(whatHappened, "null");
     }, `${prefix}setting document.domain must not give sync access`);
   } else {
     // Between the two children at the index given by testFrames[0] and
@@ -153,6 +169,9 @@ export function testDifferentAgentClusters(testFrames, testLabelPrefix) {
 
       const whatHappened2 = await accessLocationHrefBetween(testFrames);
       assert_equals(whatHappened2, "SecurityError");
+
+      // We don't test contentDocument/frameElement for these because accessing
+      // those via siblings has to go through the parent anyway.
     }, `${prefix}setting document.domain must not give sync access`);
   }
 }
@@ -263,6 +282,11 @@ async function accessLocationHrefBetween(testFrames) {
   return waitForMessage(sourceFrame);
 }
 
+async function accessFrameElement(frameWindow) {
+  frameWindow.postMessage({ command: "access frameElement" }, "*");
+  return waitForMessage(frameWindow);
+}
+
 function waitForMessage(expectedSource) {
   return new Promise(resolve => {
     const handler = e => {