chromium/src/third_party/blink/web_tests/external/wpt/html/semantics/embedded-content/the-iframe-element/iframe-allow.html - manifest_repos/chromium_src - Git at Google

 <!doctype html>
 <meta charset=utf-8>
 <title>Check processing of allow attribute in nested browsing context</title>
 <link rel="author" title="Google" href="https://www.google.com">
 <link rel="help" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-allow">
 <link rel="help" href="https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object">
 <link rel="help" href="https://fullscreen.spec.whatwg.org/#fullscreen-enabled-flag">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

 <div id="log"></div>
 <script>
   // This returns a data URL (cross-origin with the containing document) which
   // advances a counter, and reports the counter value together with the
   // document's fullscreenEnabled state, every time it receives a postMessage.
   // Fullscreen itself is not important for this test, but the flag is a useful
   // indicator of whether a policy-controlled-feature is allowed or denied.
   function getSourceForCrossOriginPage(initial_count) {
     var page_contents = "<html><body><script>var count="+initial_count+";window.addEventListener('message',function(){parent.postMessage({'count':count++,'fullscreenEnabled':document.fullscreenEnabled},'*');});</scr"+"ipt></body></html>";
     return "data:text/html;base64,"+btoa(page_contents);
   }

   async_test(function(t) {
     var iframe = document.createElement("iframe");
     iframe.src = getSourceForCrossOriginPage(0);

     iframe.addEventListener('load', function() {
       // Request the fullscreenEnabled state whenever the frame loads
       iframe.contentWindow.postMessage(true,"*");
     });

     window.addEventListener('message', this.step_func(function(msg) {
       if (msg.data.count == 0) {
         assert_false(msg.data.fullscreenEnabled, "Document inside cross-origin iframe without allow attribute should not have feature enabled");
         iframe.setAttribute("allow", "fullscreen");
         iframe.contentWindow.postMessage(true,"*"); // Request state again
       } else if (msg.data.count == 1) {
         assert_false(msg.data.fullscreenEnabled, "Feature should be denied when correct allow attribute is added, before reload");
         iframe.src = getSourceForCrossOriginPage(2); // Reload the frame
       } else if (msg.data.count == 2) {
         assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when correct allow attribute is added, after reload");
         iframe.removeAttribute("allow");
         iframe.contentWindow.postMessage(true,"*"); // Request state again
       } else if (msg.data.count == 3) {
         assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when allow attribute is removed, before reload");
         iframe.src = getSourceForCrossOriginPage(4); // Reload the frame
       } else if (msg.data.count == 4) {
         assert_false(msg.data.fullscreenEnabled, "Feature should be denied when allow attribute is removed, after reload");
         iframe.setAttribute("allow", "payment");  // Set allow to an unrelated feature
         iframe.src = getSourceForCrossOriginPage(5); // Reload the frame
       } else if (msg.data.count == 5) {
         assert_false(msg.data.fullscreenEnabled, "Feature should be denied with incorrect allow attribute");
         iframe.setAttribute("allow", "payment;fullscreen");  // Include fullscreen again
         iframe.src = getSourceForCrossOriginPage(6); // Reload the frame
       } else if (msg.data.count == 6) {
         assert_true(msg.data.fullscreenEnabled, "Feature should be allowed with complex allow attribute");
         t.done();
       } else {
         assert_unreached();
       }
     }));

     document.body.appendChild(iframe);
   }, "iframe-cross-origin-allow");

 </script>
	<!doctype html>
	<meta charset=utf-8>
	<title>Check processing of allow attribute in nested browsing context</title>
	<link rel="author" title="Google" href="https://www.google.com">
	<link rel="help" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-allow">
	<link rel="help" href="https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object">
	<link rel="help" href="https://fullscreen.spec.whatwg.org/#fullscreen-enabled-flag">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>

	<div id="log"></div>
	<script>
	// This returns a data URL (cross-origin with the containing document) which
	// advances a counter, and reports the counter value together with the
	// document's fullscreenEnabled state, every time it receives a postMessage.
	// Fullscreen itself is not important for this test, but the flag is a useful
	// indicator of whether a policy-controlled-feature is allowed or denied.
	function getSourceForCrossOriginPage(initial_count) {
	var page_contents = "<html><body><script>var count="+initial_count+";window.addEventListener('message',function(){parent.postMessage({'count':count++,'fullscreenEnabled':document.fullscreenEnabled},'*');});</scr"+"ipt></body></html>";
	return "data:text/html;base64,"+btoa(page_contents);
	}

	async_test(function(t) {
	var iframe = document.createElement("iframe");
	iframe.src = getSourceForCrossOriginPage(0);

	iframe.addEventListener('load', function() {
	// Request the fullscreenEnabled state whenever the frame loads
	iframe.contentWindow.postMessage(true,"*");
	});

	window.addEventListener('message', this.step_func(function(msg) {
	if (msg.data.count == 0) {
	assert_false(msg.data.fullscreenEnabled, "Document inside cross-origin iframe without allow attribute should not have feature enabled");
	iframe.setAttribute("allow", "fullscreen");
	iframe.contentWindow.postMessage(true,"*"); // Request state again
	} else if (msg.data.count == 1) {
	assert_false(msg.data.fullscreenEnabled, "Feature should be denied when correct allow attribute is added, before reload");
	iframe.src = getSourceForCrossOriginPage(2); // Reload the frame
	} else if (msg.data.count == 2) {
	assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when correct allow attribute is added, after reload");
	iframe.removeAttribute("allow");
	iframe.contentWindow.postMessage(true,"*"); // Request state again
	} else if (msg.data.count == 3) {
	assert_true(msg.data.fullscreenEnabled, "Feature should be allowed when allow attribute is removed, before reload");
	iframe.src = getSourceForCrossOriginPage(4); // Reload the frame
	} else if (msg.data.count == 4) {
	assert_false(msg.data.fullscreenEnabled, "Feature should be denied when allow attribute is removed, after reload");
	iframe.setAttribute("allow", "payment"); // Set allow to an unrelated feature
	iframe.src = getSourceForCrossOriginPage(5); // Reload the frame
	} else if (msg.data.count == 5) {
	assert_false(msg.data.fullscreenEnabled, "Feature should be denied with incorrect allow attribute");
	iframe.setAttribute("allow", "payment;fullscreen"); // Include fullscreen again
	iframe.src = getSourceForCrossOriginPage(6); // Reload the frame
	} else if (msg.data.count == 6) {
	assert_true(msg.data.fullscreenEnabled, "Feature should be allowed with complex allow attribute");
	t.done();
	} else {
	assert_unreached();
	}
	}));

	document.body.appendChild(iframe);
	}, "iframe-cross-origin-allow");

	</script>