chromium/chrome/test/data/extensions/api_test/content_scripts/storage_api_allow_untrusted_access/content_script.js

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Since the extension set the access level to TRUSTED_AND_UNTRUSTED_CONTEXTS,
// all storage areas are accessible.
const accessibleStorageAreas = ['sync', 'local', 'session'];

async function testAccessibleStorageAreas(func, param) {
  // Content scripts can access the storage when the storage area has untrusted
  // access.
  for (const area of accessibleStorageAreas) {
    // If the param exists and to avoid mutating it, insert a copy of the param
    // to each area params.
    let areaParams = param ? [param] : [];
    await new Promise((resolve) => {
      areaParams.push(() => {
        chrome.test.assertNoLastError();
        resolve();
      })
      chrome.storage[area][func](...areaParams);
    })
  };
};

async function testGetValueSetByBackgroundPage() {
  // Content scripts can access values set by the background page when the
  // storage area has untrusted access. Requires that the background page
  // previously stored {background: '`area`'} for each respective `area`.
  for (const area of accessibleStorageAreas) {
    await new Promise((resolve) => {
      chrome.storage[area].get('background', (value) => {
        chrome.test.assertEq({background: area}, value);
        resolve();
      });
    })
  };
};

chrome.test.runTests([
  // This test must run before any other test clears the storage.
  async function getValueSetByBackgroundPageFromContentScript() {
    // `sync` and `local` storage areas can always access background page
    // values. `session` storage area with `TRUSTED_AND_UNTRUSTED_CONTEXTS`
    // access level can access background page values.
    await testGetValueSetByBackgroundPage();
    chrome.test.succeed();
  },

  async function setValueFromContentScript() {
    await testAccessibleStorageAreas('set', {foo: 'bar'});
    chrome.test.succeed();
  },

  async function getValueFromContentScript() {
    await testAccessibleStorageAreas('get', 'foo');
    chrome.test.succeed();
  },

  async function getBytesInUseFromContentScript() {
    await testAccessibleStorageAreas('getBytesInUse', null)
    chrome.test.succeed();
  },

  async function removeValueFromContentScript() {
    await testAccessibleStorageAreas('remove', 'foo');
    chrome.test.succeed();
  },

  async function clearValuesFromContentScript() {
    await testAccessibleStorageAreas('clear')
    chrome.test.succeed();
  },

  function setAccessLevelFromContentScript() {
    // `setAccessLevel` is not exposed to `sync` or `local`.
    chrome.test.assertFalse(!!chrome.storage.sync.setAccessLevel);
    chrome.test.assertFalse(!!chrome.storage.local.setAccessLevel);
    // TODO(crbug.com/40189208): `setAccessLevel` is exposed to `session` but
    // cannot be accessed from a content script. This will change once we
    // expose only `setAccessLevel` in privileged contexts.
    chrome.test.assertTrue(!!chrome.storage.session.setAccessLevel);
    chrome.storage.session.setAccessLevel(
        {accessLevel: 'TRUSTED_CONTEXTS'}, () => {
          chrome.test.assertLastError(
              'Context cannot set the storage access level');
          chrome.test.succeed();
        });
  },
]);