Add regression test for https://crbug.com/1064676

This bug has been fortunately/unexpectedly fixed by: https://chromium-review.googlesource.com/c/chromium/src/+/2111170 The old code was trying to "guess" the document was the initial empty document. It failed. The new code is using CreateCSPForInitialEmptyDocument() to set the CSP of the initial empty document. It works consistently. Bug: 1064676 Change-Id: I3778b7a2a0e4eed0599424e3711cbaec24c80c49 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2144012 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Auto-Submit: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#758793}

Add regression test for https://crbug.com/1064676
This bug has been fortunately/unexpectedly fixed by: https://chromium-review.googlesource.com/c/chromium/src/+/2111170 The old code was trying to "guess" the document was the initial empty document. It failed. The new code is using CreateCSPForInitialEmptyDocument() to set the CSP of the initial empty document. It works consistently. Bug: 1064676 Change-Id: I3778b7a2a0e4eed0599424e3711cbaec24c80c49 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2144012 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Auto-Submit: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#758793}
2b980e38 · arthursonzogni · Commit Bot · 588ebb55 · 2b980e38
Commit 2b980e38 authored Apr 14, 2020 by arthursonzogni Committed by Commit Bot Apr 14, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 1 deletion

third_party/blink/web_tests/external/wpt/content-security-policy/inheritance/iframe-all-local-schemes.sub.html ...rity-policy/inheritance/iframe-all-local-schemes.sub.html +20 -1

No files found.
--- a/third_party/blink/web_tests/external/wpt/content-security-policy/inheritance/iframe-all-local-schemes.sub.html
+++ b/third_party/blink/web_tests/external/wpt/content-security-policy/inheritance/iframe-all-local-schemes.sub.html
@@ -80,7 +80,26 @@
    wait_for_error_from_frame(i, t);

    document.body.appendChild(i);
-  }, "<iframe src='javascript:...'>'s inherits policy.");
+  }, "<iframe src='javascript:...'>'s inherits policy (static <img> is blocked)");
+
+  // Same as the previous javascript-URL test, but instead of loading the <img>
+  // from the new document, this one is created from the initial empty document,
+  // while evaluating the javascript-url.
+  // See https://crbug.com/1064676
+  async_test(t => {
+    let url = `javascript:
+      let img = document.createElement('img');
+      img.onload = () => window.top.postMessage('load', '*');
+      img.onerror = () => window.top.postMessage('error', '*');
+      img.src = '{{location[server]}}/images/red-16x16.png';
+      document.body.appendChild(img);
+    `;
+    var i = document.createElement('iframe');
+    i.src = encodeURI(url.replace(/\n/g, ""));
+    wait_for_error_from_frame(i, t);
+
+    document.body.appendChild(i);
+  }, "<iframe src='javascript:...'>'s inherits policy (dynamically inserted <img> is blocked)");

  async_test(t => {
    var i = document.createElement('iframe');