chromium/third_party/blink/web_tests/external/wpt/workers/data-url-shared.html

<!DOCTYPE html>
<title>data URL shared workers</title>
<script src="/common/get-host-info.sub.js"></script>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>

function assert_worker_sends_pass(test_desc, mime_type, worker_code) {
  async_test(function(t) {
    var w = new SharedWorker(`data:${mime_type},onconnect = function(e) { port = e.ports[0]; ${worker_code}}`);
    w.port.onmessage = t.step_func_done(function(e) {
      assert_equals(e.data, 'PASS');
    });
    w.port.postMessage('SEND_PASS');
  }, test_desc);
}

function assert_worker_throws(test_desc, worker_code) {
  assert_worker_sends_pass(test_desc, '', `try { ${worker_code}; port.postMessage("FAIL"); } catch (e) { port.postMessage("PASS"); }`);
}

// Any MIME type allowed
assert_worker_sends_pass('application/javascript MIME allowed', 'application/javascript', 'port.postMessage("PASS")');
assert_worker_sends_pass('text/plain MIME allowed', 'text/plain', 'port.postMessage("PASS")');
assert_worker_sends_pass('empty MIME allowed', '', 'port.postMessage("PASS")');

// Communications goes both ways
assert_worker_sends_pass('communication goes both ways', 'application/javascript', 'port.onmessage = function(e) { port.postMessage("PASS"); }');

// test access to storage APIs

// https://w3c.github.io/IndexedDB/#dom-idbfactory-open
assert_worker_sends_pass('indexedDB is present', '', 'port.postMessage("indexedDB" in self ? "PASS" : "FAIL")');
assert_worker_throws('indexedDB is inaccessible', 'self.indexedDB.open("someDBName")');
// Other standardized storage APIs are either not exposed to workers
// (e.g. window.localStorage, window.sessionStorage), or are [SecureContext]
// (e.g. self.caches).

// 'data:' workers are cross-origin
assert_worker_sends_pass('cross-origin worker', '', 'fetch("/").then(() => port.postMessage("FAIL"), () => port.postMessage("PASS"))');

// 'data:' workers have opaque origin
assert_worker_sends_pass('worker has opaque origin', 'application/javascript', 'port.postMessage(self.location.origin == "null" ?  "PASS" : "FAIL")');

function openWindow(url) {
  return new Promise(resolve => {
    const win = window.open(url, '_blank');
    add_completion_callback(() => win.close());
    window.onmessage = e => {
      assert_equals(e.data, 'LOADED');
      resolve(win);
    };
  });
}

promise_test(() => {
  const kWindowURL = 'data-url-shared-window.html';
  const kRemoteWindowURL = get_host_info().HTTP_REMOTE_ORIGIN +
                           '/workers/data-url-shared-window.html';
  return openWindow(kWindowURL)
    .then(win => {
        const channel = new MessageChannel;
        win.postMessage(channel.port1, '*', [channel.port1]);
        return new Promise(resolve => channel.port2.onmessage = resolve);
      })
    .then(msg_event => {
        assert_equals(msg_event.data, 1);
        return openWindow(kRemoteWindowURL);
      })
    .then(win => {
        const channel = new MessageChannel;
        win.postMessage(channel.port1, '*', [channel.port1]);
        return new Promise(resolve => channel.port2.onmessage = resolve);
      })
    .then(msg_event => assert_equals(msg_event.data, 1));
}, 'A data: URL shared worker should not be shared among origins.');

</script>