Add feature to disallow 3rd party origin subframe JS dialogs

Test: Covered by WPT, except for alert (which can't be tested in WPT). Bug: 1065085 Change-Id: I8a58be63014c7893ab864d3582516a9eddbf5e25
web-platform-tests · Feb 6, 2021 · c43088d · c43088d
1 parent d85c529
commit c43088d
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 0 deletions.
diff --git a/...ebappapis/user-prompts/cannot-show-simple-dialogs/confirm-different-origin-frame.sub.html b/...ebappapis/user-prompts/cannot-show-simple-dialogs/confirm-different-origin-frame.sub.html
@@ -0,0 +1,24 @@
+<html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+  setup({ single_test: true });
+  function handleEvent(e) {
+    assert_equals(e.data, 'pass');
+    done();
+  }
+  function on_iframe_load() {
+    var frameWin = document.getElementById('confirmFrame').contentWindow;
+    frameWin.postMessage('Confirm', '*');
+  }
+  window.addEventListener('message', handleEvent);
+</script>
+
+<body>
+  <iframe id='confirmFrame'
+    src='http://{{hosts[alt][www]}}:{{ports[http][0]}}/html/webappapis/user-prompts/cannot-show-simple-dialogs/support/confirm.html'
+    onload='on_iframe_load()'></iframe>
+</body>
+
+</html>
diff --git a/...webappapis/user-prompts/cannot-show-simple-dialogs/prompt-different-origin-frame.sub.html b/...webappapis/user-prompts/cannot-show-simple-dialogs/prompt-different-origin-frame.sub.html
@@ -0,0 +1,24 @@
+<html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+  setup({ single_test: true });
+  function handleEvent(e) {
+    assert_equals(e.data, 'pass');
+    done();
+  }
+  function on_iframe_load() {
+    var frameWin = document.getElementById('promptFrame').contentWindow;
+    frameWin.postMessage('Prompt', '*');
+  }
+  window.addEventListener('message', handleEvent);
+</script>
+
+<body>
+  <iframe id='promptFrame'
+    src='http://{{hosts[alt][www]}}:{{ports[http][0]}}/html/webappapis/user-prompts/cannot-show-simple-dialogs/support/prompt.html'
+    onload='on_iframe_load()'></iframe>
+</body>
+
+</html>
diff --git a/html/webappapis/user-prompts/cannot-show-simple-dialogs/support/confirm.html b/html/webappapis/user-prompts/cannot-show-simple-dialogs/support/confirm.html
@@ -0,0 +1,11 @@
+<script>
+  function handleEvent(e) {
+    var conf = window.confirm('Confirm Dialog');
+    if (conf == false) {
+      window.parent.postMessage('pass', '*');
+    } else {
+      window.parent.postMessage('fail', '*');
+    }
+  }
+  window.addEventListener('message', handleEvent);
+</script>
diff --git a/html/webappapis/user-prompts/cannot-show-simple-dialogs/support/prompt.html b/html/webappapis/user-prompts/cannot-show-simple-dialogs/support/prompt.html
@@ -0,0 +1,11 @@
+<script>
+  function handleEvent(e) {
+    var conf = window.prompt('Prompt Dialog');
+    if (conf == null) {
+      window.parent.postMessage('pass', '*');
+    } else {
+      window.parent.postMessage('fail', '*');
+    }
+  }
+  window.addEventListener('message', handleEvent);
+</script>