Bug 1685077 [wpt PR 27044] - [sandbox] Add WPT tests: inheritance from initiator., a=testonly

Automatic update from web-platform-tests
[sandbox] Add WPT tests: inheritance from initiator.

Make sure sandbox flags are properly inherited when the initiator of the
navigation isn't the parent. This checks both sandbox flags defined by
the frame and by the HTTP response.

Bug: 1041376
Change-Id: I3c0b808ef9ec3ebefde40ec7609a36a1f5edaf6c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2607790
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#840132}

--

wpt-commits: 1a5e588248288950af919fbf1709e1311fb96877
wpt-pr: 27044

testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html

@@ -0,0 +1,15 @@
+<script>
+  const iframe_1_script = encodeURI(`
+    <script>
+      try {
+        document.domain = document.domain;
+        parent.postMessage("not sandboxed", "*");
+      } catch (exception) {
+        parent.postMessage("sandboxed", "*");
+      }
+    </scr`+`ipt>
+  `);
+
+  const iframe_1 = parent.document.querySelector("#iframe_1");
+  iframe_1.src = `data:text/html,${iframe_1_script}`;
+</script>

testing/web-platform/tests/html/browsers/sandboxing/resources/sandbox-inherited-from-initiator-response-helper.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-scripts allow-same-origin

testing/web-platform/tests/html/browsers/sandboxing/sandbox-inherited-from-initiator-frame.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Inherit sandbox flags from the initiator's frame</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+// Check sandbox flags are properly inherited when a document initiate a
+// navigation inside another frame that it doesn't own directly.
+
+// This check the sandbox flags defined by the frame. See also the other test
+// about sandbox flags defined by the response (e.g. CSP sandbox):
+// => sandbox-inherited-from-initiators-response.html
+
+// Return a promise, resolving when |element| triggers |event_name| event.
+let future = (element, event_name) => {
+  return new Promise(resolve => {
+    element.addEventListener(event_name, event => resolve(event))
+  });
+};
+
+promise_test(async test => {
+  const iframe_1 = document.createElement("iframe");
+  const iframe_2 = document.createElement("iframe");
+
+  iframe_1.id = "iframe_1";
+  iframe_2.id = "iframe_2";
+
+  const iframe_1_script = encodeURI(`
+    <script>
+      try {
+        document.domain = document.domain;
+        parent.postMessage("not sandboxed", "*");
+      } catch (exception) {
+        parent.postMessage("sandboxed", "*");
+      }
+    </scr`+`ipt>
+  `);
+
+  const iframe_2_script = `
+    <script>
+      const iframe_1 = parent.document.querySelector("#iframe_1");
+      iframe_1.src = "data:text/html,${iframe_1_script}";
+    </scr`+`ipt>
+  `;
+
+  iframe_2.sandbox = "allow-scripts allow-same-origin";
+  iframe_2.srcdoc = iframe_2_script;
+
+  // Insert |iframe_1|. It will load the initial empty document, with no sandbox
+  // flags.
+  const iframe_1_load_1 = future(iframe_1, "load");
+  document.body.appendChild(iframe_1);
+  await iframe_1_load_1;
+
+  // Insert |iframe_2|. It will load with sandbox flags. It will make |iframe_1|
+  // to navigate toward a data-url, which should inherit the sandbox flags.
+  const iframe_1_reply = future(window, "message");
+  document.body.appendChild(iframe_2);
+  const result = await iframe_1_reply;
+
+  assert_equals("sandboxed", result.data);
+})
+</script>

testing/web-platform/tests/html/browsers/sandboxing/sandbox-inherited-from-initiator-response.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<title>Inherit sandbox flags from the initiator's response</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+// Check sandbox flags are properly inherited when a document initiate a
+// navigation inside another frame that it doesn't own directly.
+
+// This check the sandbox flags defined by the response (e.g. CSP sandbox). See
+// also the other test about sandbox flags inherited from the frame.
+// => sandbox-inherited-from-initiators-frame.html
+
+// Return a promise, resolving when |element| triggers |event_name| event.
+let future = (element, event_name) => {
+  return new Promise(resolve => {
+    element.addEventListener(event_name, event => resolve(event))
+  });
+};
+
+promise_test(async test => {
+  const iframe_1 = document.createElement("iframe");
+  const iframe_2 = document.createElement("iframe");
+
+  iframe_1.id = "iframe_1";
+  iframe_2.id = "iframe_2";
+
+  iframe_2.src =
+    "./resources/sandbox-inherited-from-initiator-response-helper.html";
+
+  // Insert |iframe_1|. It will load the initial empty document, with no sandbox
+  // flags.
+  const iframe_1_load_1 = future(iframe_1, "load");
+  document.body.appendChild(iframe_1);
+  await iframe_1_load_1;
+
+  // Insert |iframe_2|. It will load with sandbox flags. It will make |iframe_1|
+  // to navigate toward a data-url, which should inherit the sandbox flags.
+  const iframe_1_reply = future(window, "message");
+  document.body.appendChild(iframe_2);
+  const result = await iframe_1_reply;
+
+  assert_equals("sandboxed", result.data);
+})
+</script>