CSP: Fix WPT test for CSP inheritance on document.open

On document.open(), the Content Security Policies of the document open should not be changed. This CL fixes the existing Web Platform Test to match the expected behaviour. Bug: 1149272 Change-Id: I92e7759a022eda069e3d6a486ddff488a8ae7ac1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2725110 Reviewed-by: Arthur Sonzogni <[email protected]> Reviewed-by: Mike West <[email protected]> Commit-Queue: Antonio Sartori <[email protected]> Cr-Commit-Position: refs/heads/master@{#860645}
valerioadm · Mar 8, 2021 · 99c5057 · 99c5057
1 parent 0f46f31
commit 99c5057
Showing 1 changed file with 48 additions and 52 deletions.
diff --git a/content-security-policy/inheritance/document-write-iframe.html b/content-security-policy/inheritance/document-write-iframe.html
@@ -3,67 +3,63 @@
   <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
   <script src="/resources/testharness.js"></script>
   <script src="/resources/testharnessreport.js"></script>
-
+  <title>document.open() does not change Content Security Policies</title>
 </head>
 <body>
   <script>
-    var t0 = async_test("Image loaded in srcdoc iframe using document.write is blocked");
-    var t1 = async_test("Image loaded in normal iframe using document.write is blocked");
-    var t2 = async_test("Image loaded directly in simple srcdoc iframe is blocked");
+    let message_from = (w) => {
+      return new Promise(resolve => {
+        let listener = msg => {
+          if (msg.source != w)
+            return;
+          window.removeEventListener('message', listener);
+          resolve(msg.data);
+        };
+        window.addEventListener('message', listener);
+      });
+    };
 
-    window.onmessage = function(e) {
-      var current_test;
-      if (e.data.type == "spv0") {
-        current_test = t0;
-      } else if (e.data.type == "spv1") {
-        current_test = t1;
-      } else if (e.data.type == "spv2") {
-        current_test = t2;
-      } else {
-        t0.step(function() {assert_true(false, "Unexpected message received from child frames")});
-        t1.step(function() {assert_true(false, "Unexpected message received from child frames")});
-        t2.step(function() {assert_true(false, "Unexpected message received from child frames")});
-      }
+    var documentBody = function(should_load) {
+      let image = should_load ? "pass.png" : "fail.png";
+      return `
+      <script>
+        function loaded() {
+          window.top.postMessage("loaded", '*');
+        };
+        window.addEventListener('securitypolicyviolation', function(e) {
+          window.top.postMessage("blocked", '*');
+        });
+      </scr`+`ipt>
+      <img src='/content-security-policy/support/${image}' onload='loaded()'>`;
+    };
 
-      current_test.step(function() {
-        assert_equals(e.data.violatedDirective, 'img-src');
-        current_test.done();
-      });
-    }
-  </script>
+    promise_test(async () => {
+      let iframe = document.createElement('iframe');
+      document.body.appendChild(iframe);
 
-  <!--As discovered thanks to crbug.com/920531, there is a bug in CSP where the
-      CSP is not inherited when using document.open/document.write to edit a
-      document's contents. -->
-  <iframe id="frame1" srcdoc=""></iframe>
+      let msg = message_from(iframe.contentWindow);
+      let doc = iframe.contentWindow.document;
+      doc.open();
+      doc.write("<html><body>" + documentBody(false) + "</body></html>");
+      doc.close();
+      assert_equals(await msg, "blocked");
+    }, "document.open() keeps inherited CSPs on empty iframe.");
 
-  <!-- This is speculatively correct https://github.com/whatwg/html/issues/4510 -->
-  <iframe id="frame2" src="/content-security-policy/common/blank.html"></iframe>
+    promise_test(async () => {
+      let iframe = document.createElement('iframe');
+      let loaded = new Promise(resolve => iframe.onload = resolve);
+      iframe.src = "/common/blank.html";
+      document.body.appendChild(iframe);
+      await loaded;
 
-  <!--<script>
-        window.addEventListener('securitypolicyviolation', function(e) {
-          window.top.postMessage({type: 'spv2', violatedDirective: e.violatedDirective}, '*');
-        });
-      </script>
-      <img src='/content-security-policy/support/fail.png'>
-  -->
-  <iframe srcdoc="<script>window.addEventListener('securitypolicyviolation', function(e) {window.top.postMessage({type: 'spv2', violatedDirective: e.violatedDirective}, '*');});</script><img src='/content-security-policy/support/fail.png'>"></iframe>
-  <script>
-    var frames = ['frame1', 'frame2'];
-    for (var i = 0; i < frames.length; i++) {
-      var body_text = ['<script>',
-                       ' window.addEventListener("securitypolicyviolation", function(e) {',
-                       '  window.top.postMessage({type: "spv'+ i + '", violatedDirective: e.violatedDirective}, "*");',
-                       ' });',
-                       '</scr' + 'ipt>',
-                       '<img src="/content-security-policy/support/fail.png">'].join('\n');
+      let msg = message_from(iframe.contentWindow);
+      let doc = iframe.contentWindow.document;
+      doc.open();
+      doc.write("<html><body>" + documentBody(true) + "</body></html>");
+      doc.close();
+      assert_equals(await msg, "loaded");
+    }, "document.open() does not change delivered CSPs.");
 
-      var e = document.getElementById(frames[i]);
-      var n = e.contentWindow.document;
-      n.open();
-      n.write("<html><body>" + body_text + "</body></html>");
-      n.close();
-    }
   </script>
 </body>
 </html>