corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d48bff0b3e786cb15c63caa06c0e2380ad84c0ab
tubestation/testing/web-platform/tests/webusb/usbDevice-iframe.https.html
Jack Hsieh 113dc41b61 Bug 1820649 [wpt PR 38832] - Reject Web USB requests with an opaque origin, a=testonly 
Automatic update from web-platform-tests
Reject Web USB requests with an opaque origin

The Web USB API tracks permissions using the origin of the top-level
document in the frame tree. If this document has an opaque origin then
there is no way to format the origin for display to the user in
permission prompts or to write their decision in the preferences file.

Access to the Web USB API from such contexts should therefore be
blocked.

Bug: 1375133
Change-Id: I47952bb230b3fdf0bfbc76f46d1ef91c19fc7ea1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4248258
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Jack Hsieh <chengweih@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1116559}

--

wpt-commits: 59e7de50d3f688116e71a0fce7f60bf8183db68e
wpt-pr: 38832
2023-03-29 12:51:18 +00:00

87 lines
2.8 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/test-only-api.js"></script>
<script src="resources/fake-devices.js"></script>
<script src="resources/usb-helpers.js"></script>
<script>
'use strict';
async function sleep(timeout) {
return new Promise(resolve => {
step_timeout(() => {
resolve();
}, timeout);
});
}
async function connectInIframe() {
let iframe = document.createElement('iframe');
let opened = false;
iframe.src = 'resources/open-in-iframe.html';
document.body.appendChild(iframe);
await navigator.usb.test.attachToContext(iframe);
function nextIFrameMessage() {
return new Promise(resolve => window.addEventListener(
'message', e => resolve(e.data)));
}
iframe.contentWindow.postMessage('ConnectEvent', '*');
assert_equals('Ready', (await nextIFrameMessage()));
let fakeDevice = navigator.usb.test.addFakeDevice(fakeDeviceInit);
let closedPromise = new Promise(resolve => fakeDevice.onclose = resolve)
.then(() => assert_true(opened));
assert_equals('Success', (await nextIFrameMessage()));
opened = true;
return { iframe, closedPromise };
}
usb_test(async () => {
let { iframe, closedPromise } = await connectInIframe();
document.body.removeChild(iframe);
await closedPromise;
}, 'detaching iframe disconnects device.');
usb_test(async () => {
let { iframe, closedPromise } = await connectInIframe();
iframe.src = 'about:blank';
await closedPromise;
}, 'navigating iframe disconnects device.');
usb_test(async (t) => {
let iframe = document.createElement('iframe');
iframe.src = 'resources/open-in-iframe.html';
iframe.allow = 'usb \'none\'';
await Promise.all([
new Promise(resolve => {
document.body.appendChild(iframe);
iframe.addEventListener('load', resolve);
}),
// This will wait for ReadyForAttachment event from iframe loading.
navigator.usb.test.attachToContext(iframe),
]);
let messageWatcher = new EventWatcher(t, window, 'message');
iframe.contentWindow.postMessage('ConnectEvent', '*');
let messageEvent = await messageWatcher.wait_for('message');
assert_equals(messageEvent.data, 'Ready');
// This isn't necessary as the expected scenario shouldn't send any mojo
// request. However, in order to capture a bug that doesn't reject adding
// event listener, time delay here is to allow mojo request to be intercepted
// after iframe adding connect event listener.
await sleep(100);
// If device connect event fires, EventWatcher will assert for an unexpected
// event.
navigator.usb.test.addFakeDevice(fakeDeviceInit);
// Time delay here is to allow event to be fired if any.
await sleep(100);
}, 'Connect event is not fired in iframe with usb disallowed.');
</script>
Reference in New Issue View Git Blame Copy Permalink