chromium/third_party/blink/web_tests/external/wpt/content-security-policy/frame-ancestors/support/frame-ancestors-test.sub.js

var SAME_ORIGIN = true;
var CROSS_ORIGIN = false;

var EXPECT_BLOCK = true;
var EXPECT_LOAD = false;

var SAMEORIGIN_ORIGIN = "{{location[scheme]}}://{{location[host]}}";
var CROSSORIGIN_ORIGIN = "http://{{domains[www1]}}:{{ports[http][1]}}";

var test;

function endTest(failed, message) {
    if (typeof test === 'undefined') return;

    if (failed) {
        test.step(function() {
            assert_unreached(message);
            test.done();
        });
    }
    else test.done({message: message});
}

window.addEventListener("message", function (e) {
    if (window.parent != window)
        window.parent.postMessage(e.data, "*");
    else
        if (e.data.type === 'test_result')
            endTest(e.data.failed, "Inner IFrame msg: " + e.data.message);
});

function injectNestedIframe(policy, parent, child, expectation, isSandboxed) {
    var iframe = document.createElement("iframe");

    var url = "/content-security-policy/frame-ancestors/support/frame-in-frame.sub.html"
              + "?policy=" + policy
              + "&parent=" + parent
              + "&child=" + child
              + "&expectation=" + expectation;
    url = (parent == "same" ? SAMEORIGIN_ORIGIN : CROSSORIGIN_ORIGIN) + url;

    iframe.src = url;

    if (isSandboxed)
        iframe.sandbox = 'allow-scripts';

    document.body.appendChild(iframe);
}

let timer;
function pollForLoadCompletion({iframe, expectBlock}) {
    let fn = iframeLoaded({expectBlock, isPoll: true});
    timer = test.step_timeout(() => fn({target: iframe}), 10);
}

function injectIFrame(policy, sameOrigin, expectBlock) {
    var iframe = document.createElement("iframe");
    iframe.addEventListener("load", iframeLoaded({expectBlock, isPoll: false}));
    iframe.addEventListener("error", iframeLoaded({expectBlock, isPoll: false}));

    var url = "/content-security-policy/frame-ancestors/support/frame-ancestors.sub.html?policy=" + policy;
    if (sameOrigin)
        url = SAMEORIGIN_ORIGIN + url;
    else
        url = CROSSORIGIN_ORIGIN + url;

    iframe.src = url;
    document.body.appendChild(iframe);
    pollForLoadCompletion({iframe, expectBlock});
}

function iframeLoaded({isPoll, expectBlock}) {
    return function(ev) {
        clearTimeout(timer);
        var failed = true;
        var message = "";
        try {
            let url = ev.target.contentWindow.location.href;
            if (isPoll && (url === "about:blank" || ev.target.contentDocument.readyState !== "complete")) {
                pollForLoadCompletion({iframe: ev.target, expectBlock});
                return;
            }
            if (expectBlock) {
                message = "The IFrame should have been blocked (or cross-origin). It wasn't.";
                failed = true;
            } else {
                message = "The IFrame should not have been blocked. It wasn't.";
                failed = false;
            }
        } catch (ex) {
            if (expectBlock) {
                message = "The IFrame should have been blocked (or cross-origin). It was.";
                failed = false;
            } else {
                message = "The IFrame should not have been blocked. It was.";
                failed = true;
            }
        }
        if (window.parent != window)
            window.parent.postMessage({type: 'test_result', failed: failed, message: message}, '*');
        else
            endTest(failed, message);
    };
}

function originFrameShouldBe(child, expectation, policy) {
    if (child == "cross" && expectation == "blocked") crossOriginFrameShouldBeBlocked(policy);
    if (child == "same" && expectation == "blocked") sameOriginFrameShouldBeBlocked(policy);
    if (child == "cross" && expectation == "allowed") crossOriginFrameShouldBeAllowed(policy);
    if (child == "same" && expectation == "allowed") sameOriginFrameShouldBeAllowed(policy);
}

function crossOriginFrameShouldBeBlocked(policy) {
    window.onload = function () {
        injectIFrame(policy, CROSS_ORIGIN, EXPECT_BLOCK);
    };
}

function crossOriginFrameShouldBeAllowed(policy) {
    window.onload = function () {
        injectIFrame(policy, CROSS_ORIGIN, EXPECT_LOAD);
    };
}

function sameOriginFrameShouldBeBlocked(policy) {
    window.onload = function () {
        injectIFrame(policy, SAME_ORIGIN, EXPECT_BLOCK);
    };
}

function sameOriginFrameShouldBeAllowed(policy) {
    window.onload = function () {
        injectIFrame(policy, SAME_ORIGIN, EXPECT_LOAD);
    };
}

function testNestedIFrame(policy, parent, child, expectation) {
    window.onload = function () {
        injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", false /* isSandboxed */);
    };
}

function testNestedSandboxedIFrame(policy, parent, child, expectation) {
    window.onload = function () {
        injectNestedIframe(policy, parent == SAME_ORIGIN ? "same" : "cross", child == SAME_ORIGIN ? "same" : "cross", expectation == EXPECT_LOAD ? "allowed" : "blocked", true /* isSandboxed */);
    };
}