chromium/src/third_party/blink/web_tests/http/tests/credentialmanager/credentialscontainer-create-from-nested-frame.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <title>Credential Manager: Call create() across browsing contexts.</title>
 <script src="../resources/testharness.js"></script>
 <script src="../resources/testharnessreport.js"></script>
 <body>
 <script type="module">
 import {ACCEPTABLE_CREDENTIAL_ID, CREATE_CREDENTIALS, encloseInScriptTag} from './resources/test-inputs.js';
 import {TestAuthenticatorManager} from './resources/virtual-navigator-credentials.js';

 if (document.location.host != "subdomain.example.test:8443") {
   document.location = "https://subdomain.example.test:8443/credentialmanager/credentialscontainer-create-from-nested-frame.html";
   promise_test(_ => new Promise(_ => {}), "Stall tests on the wrong host.");
 }

 const manager = new TestAuthenticatorManager;

 promise_test(async _ => {
   let authenticators = await manager.authenticators();
   assert_equals(authenticators.length, 0);
   let testAuthenticator = await manager.createAuthenticator();
   assert_true(await testAuthenticator.generateAndRegisterKey(ACCEPTABLE_CREDENTIAL_ID, "subdomain.example.test"));
 }, "Set up the testing environment.");

 promise_test(t => {
   let PROBE_CREDENTIALS = "window.parent.postMessage(String(navigator.credentials), '*');";

   let frame = document.createElement("iframe");
   frame.src = "data:text/html," + encloseInScriptTag(PROBE_CREDENTIALS);
   window.setTimeout(_ => document.body.append(frame));

   let eventWatcher = new EventWatcher(t, window, "message");
   return eventWatcher.wait_for("message").then(message => {
     assert_equals(message.data, "undefined");
   });
 }, "navigator.credentials should be undefined in documents generated from `data:` URLs.");

 promise_test(async t => {
   const frame = document.createElement("iframe");
   frame.src = "resources/nested-document.html";
   window.setTimeout(_ => document.body.append(frame));

   const loadWatcher = new EventWatcher(t, frame, "load");
   await loadWatcher.wait_for("load");
   frame.contentWindow.location = "javascript:" + CREATE_CREDENTIALS;

   const messageWatcher = new EventWatcher(t, window, "message");
   const {data} = await messageWatcher.wait_for("message");
   assert_equals(data, "[object PublicKeyCredential]");
 }, "navigator.credentials.create({publicKey}) in a javascript url should should succeed.");

 promise_test(t => {
   let frame = document.createElement("iframe");
   frame.srcdoc = '';
   window.setTimeout(_ => document.body.append(frame));

   let loadWatcher = new EventWatcher(t, frame, "load");
   loadWatcher.wait_for("load").then(_ => {
     frame.contentWindow.eval(CREATE_CREDENTIALS);
   });

   let eventWatcher = new EventWatcher(t, window, "message");
   return eventWatcher.wait_for("message").then(message => {
     assert_equals(message.data, "[object PublicKeyCredential]");
   });
 }, "navigator.credentials.create({publicKey}) in srcdoc should succeed.");

 promise_test(t => {
   let frame = document.createElement("iframe");
   frame.src = "about:blank";
   window.setTimeout(_ => document.body.append(frame));

   let loadWatcher = new EventWatcher(t, frame, "load");
   loadWatcher.wait_for("load").then(_ => {
     frame.contentDocument.write(encloseInScriptTag(CREATE_CREDENTIALS));
   });

   let eventWatcher = new EventWatcher(t, window, "message");
   return eventWatcher.wait_for("message").then(message => {
     assert_equals(message.data, "[object PublicKeyCredential]");
   });
 }, "navigator.credentials.create({publicKey}) in about:blank embedded in a secure context should succeed.");

 promise_test(t => {
   let frame = document.createElement("iframe");
   frame.src = "about:blank";
   window.setTimeout(_ => document.body.append(frame));

   let loadWatcher = new EventWatcher(t, frame, "load");
   loadWatcher.wait_for("load").then(_ => {
     frame.contentWindow.eval(CREATE_CREDENTIALS);
   });

   let eventWatcher = new EventWatcher(t, window, "message");
   return eventWatcher.wait_for("message").then(message => {
     assert_equals(message.data, "[object PublicKeyCredential]");
   });
 }, "navigator.credentials.create({publicKey}) in an about:blank page embedded in a secure context should pass rpID checks.");

 promise_test(t => {
   return manager.clearAuthenticators();
 }, "Clean up testing environment.");

 </script>
	<!DOCTYPE html>
	<title>Credential Manager: Call create() across browsing contexts.</title>
	<script src="../resources/testharness.js"></script>
	<script src="../resources/testharnessreport.js"></script>
	<body>
	<script type="module">
	import {ACCEPTABLE_CREDENTIAL_ID, CREATE_CREDENTIALS, encloseInScriptTag} from './resources/test-inputs.js';
	import {TestAuthenticatorManager} from './resources/virtual-navigator-credentials.js';

	if (document.location.host != "subdomain.example.test:8443") {
	document.location = "https://subdomain.example.test:8443/credentialmanager/credentialscontainer-create-from-nested-frame.html";
	promise_test(_ => new Promise(_ => {}), "Stall tests on the wrong host.");
	}

	const manager = new TestAuthenticatorManager;

	promise_test(async _ => {
	let authenticators = await manager.authenticators();
	assert_equals(authenticators.length, 0);
	let testAuthenticator = await manager.createAuthenticator();
	assert_true(await testAuthenticator.generateAndRegisterKey(ACCEPTABLE_CREDENTIAL_ID, "subdomain.example.test"));
	}, "Set up the testing environment.");

	promise_test(t => {
	let PROBE_CREDENTIALS = "window.parent.postMessage(String(navigator.credentials), '*');";

	let frame = document.createElement("iframe");
	frame.src = "data:text/html," + encloseInScriptTag(PROBE_CREDENTIALS);
	window.setTimeout(_ => document.body.append(frame));

	let eventWatcher = new EventWatcher(t, window, "message");
	return eventWatcher.wait_for("message").then(message => {
	assert_equals(message.data, "undefined");
	});
	}, "navigator.credentials should be undefined in documents generated from `data:` URLs.");

	promise_test(async t => {
	const frame = document.createElement("iframe");
	frame.src = "resources/nested-document.html";
	window.setTimeout(_ => document.body.append(frame));

	const loadWatcher = new EventWatcher(t, frame, "load");
	await loadWatcher.wait_for("load");
	frame.contentWindow.location = "javascript:" + CREATE_CREDENTIALS;

	const messageWatcher = new EventWatcher(t, window, "message");
	const {data} = await messageWatcher.wait_for("message");
	assert_equals(data, "[object PublicKeyCredential]");
	}, "navigator.credentials.create({publicKey}) in a javascript url should should succeed.");

	promise_test(t => {
	let frame = document.createElement("iframe");
	frame.srcdoc = '';
	window.setTimeout(_ => document.body.append(frame));

	let loadWatcher = new EventWatcher(t, frame, "load");
	loadWatcher.wait_for("load").then(_ => {
	frame.contentWindow.eval(CREATE_CREDENTIALS);
	});

	let eventWatcher = new EventWatcher(t, window, "message");
	return eventWatcher.wait_for("message").then(message => {
	assert_equals(message.data, "[object PublicKeyCredential]");
	});
	}, "navigator.credentials.create({publicKey}) in srcdoc should succeed.");

	promise_test(t => {
	let frame = document.createElement("iframe");
	frame.src = "about:blank";
	window.setTimeout(_ => document.body.append(frame));

	let loadWatcher = new EventWatcher(t, frame, "load");
	loadWatcher.wait_for("load").then(_ => {
	frame.contentDocument.write(encloseInScriptTag(CREATE_CREDENTIALS));
	});

	let eventWatcher = new EventWatcher(t, window, "message");
	return eventWatcher.wait_for("message").then(message => {
	assert_equals(message.data, "[object PublicKeyCredential]");
	});
	}, "navigator.credentials.create({publicKey}) in about:blank embedded in a secure context should succeed.");

	promise_test(t => {
	let frame = document.createElement("iframe");
	frame.src = "about:blank";
	window.setTimeout(_ => document.body.append(frame));

	let loadWatcher = new EventWatcher(t, frame, "load");
	loadWatcher.wait_for("load").then(_ => {
	frame.contentWindow.eval(CREATE_CREDENTIALS);
	});

	let eventWatcher = new EventWatcher(t, window, "message");
	return eventWatcher.wait_for("message").then(message => {
	assert_equals(message.data, "[object PublicKeyCredential]");
	});
	}, "navigator.credentials.create({publicKey}) in an about:blank page embedded in a secure context should pass rpID checks.");

	promise_test(t => {
	return manager.clearAuthenticators();
	}, "Clean up testing environment.");

	</script>