-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug: 1066930 Change-Id: Ib1c79f8c9218821c7da3640e012cf042666e6d50 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2222692 Commit-Queue: Domenic Denicola <[email protected]> Reviewed-by: Kinuko Yasuda <[email protected]> Cr-Commit-Position: refs/heads/master@{#773706}
- Loading branch information
1 parent
561feab
commit d3ea885
Showing
2 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
33 changes: 33 additions & 0 deletions
33
origin-isolation/parent-no-child-bad-subdomain.sub.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"> | ||
<title>Parent is not isolated, child attempts to isolate but uses a bad header value, child is a subdomain of the parent</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
|
||
<div id="log"></div> | ||
|
||
<script type="module"> | ||
import { insertIframe, sendWasmModule, setBothDocumentDomains } from "./resources/helpers.mjs"; | ||
|
||
for (const badValue of ["", "?0", "true", "\"?1\"", "1", "?2", "(?1)"]) { | ||
let frameWindow; | ||
promise_test(async () => { | ||
frameWindow = await insertIframe("{{hosts[][www]}}", badValue); | ||
}, `"${badValue}": frame insertion`); | ||
|
||
// Since the header values are bad there should be no isolation | ||
|
||
promise_test(async () => { | ||
const whatHappened = await sendWasmModule(frameWindow); | ||
|
||
assert_equals(whatHappened, "WebAssembly.Module message received"); | ||
}, `"${badValue}": message event must occur for`); | ||
|
||
promise_test(async () => { | ||
await setBothDocumentDomains(frameWindow); | ||
|
||
// Must not throw | ||
frameWindow.document; | ||
}, `"${badValue}": setting document.domain must give sync access`); | ||
} | ||
</script> |
34 changes: 34 additions & 0 deletions
34
origin-isolation/parent-no-child-yes-with-params-subdomain.sub.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"> | ||
<title>Parent is not isolated, child is isolated using parameters on its structured header, child is a subdomain of the parent</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
|
||
<div id="log"></div> | ||
|
||
<script type="module"> | ||
import { insertIframe, sendWasmModule, setBothDocumentDomains } from "./resources/helpers.mjs"; | ||
|
||
let frameWindow; | ||
promise_setup(async () => { | ||
frameWindow = await insertIframe("{{hosts[][www]}}", "?1;param1;param2=value2"); | ||
}); | ||
|
||
// Since they're different-origin, the child's isolation request is respected, | ||
// so the parent ends up in the site-keyed agent cluster and the child in the | ||
// origin-keyed one. | ||
|
||
promise_test(async () => { | ||
const whatHappened = await sendWasmModule(frameWindow); | ||
|
||
assert_equals(whatHappened, "messageerror"); | ||
}, "messageerror event must occur"); | ||
|
||
promise_test(async () => { | ||
await setBothDocumentDomains(frameWindow); | ||
|
||
assert_throws_dom("SecurityError", DOMException, () => { | ||
frameWindow.document; | ||
}); | ||
}, "setting document.domain should no-op instead of giving sync access"); | ||
</script> |