Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/bluetooth/requestDevice-sandboxed-iframe.html

Issue 1862953002: Disallow use of Web Bluetooth from cross-origin iframes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@lkcr
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/bluetooth/bluetooth_dispatcher_host.cc ('K') | « content/browser/bluetooth/bluetooth_dispatcher_host.cc ('k') | third_party/WebKit/Source/modules/bluetooth/BluetoothError.cpp » ('j') | url/origin.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <script src="../resources/testharness.js"></script> 2 <script src="../resources/testharness.js"></script>
3 <script src="../resources/testharnessreport.js"></script> 3 <script src="../resources/testharnessreport.js"></script>
4 <script src="resources/bluetooth-helpers.js"></script> 4 <script src="resources/bluetooth-helpers.js"></script>
5 <body> 5 <body>
6 <script> 6 <script>
7 "use strict"; 7 "use strict";
8 async_test(test => { 8 async_test(test => {
9 window.onmessage = messageEvent => test.step(() => { 9 window.onmessage = messageEvent => test.step(() => {
10 if (messageEvent.data === 'Ready') { 10 if (messageEvent.data === 'Ready') {
11 let iframe = document.querySelector('iframe'); 11 let iframe = document.querySelector('iframe');
12 callWithKeyDown(() => { 12 callWithKeyDown(() => {
13 iframe.contentWindow.postMessage('Go', '*'); 13 iframe.contentWindow.postMessage('Go', '*');
14 }); 14 });
15 } else { 15 } else {
16 assert_equals(messageEvent.data, 'SecurityError: requestDevice() ' + 16 assert_equals(messageEvent.data, 'SecurityError: requestDevice() ' +
17 'called from sandboxed or otherwise ' + 17 'called from cross-origin iframe.');
Mike West 2016/04/06 06:06:59 Hrm. Can you talk about the trickyness a bit? Load
Jeffrey Yasskin 2016/04/06 06:17:15 Yep, I'd missed those options. I'll write that tes
18 'unique origin.');
19 test.done(); 18 test.done();
20 } 19 }
21 }); 20 });
22 setBluetoothFakeAdapter('HeartRateAdapter') 21 setBluetoothFakeAdapter('HeartRateAdapter')
23 .then(() => { 22 .then(() => {
24 let iframe = document.createElement('iframe'); 23 let iframe = document.createElement('iframe');
25 iframe.sandbox.add('allow-scripts'); 24 iframe.sandbox.add('allow-scripts');
26 iframe.src = 'resources/requestDevice-in-sandboxed-iframe.html'; 25 iframe.src = 'resources/requestDevice-in-sandboxed-iframe.html';
27 document.body.appendChild(iframe); 26 document.body.appendChild(iframe);
28 }); 27 });
29 }, 'Request device from a unique origin. Should reject with SecurityError.'); 28 }, 'Request device from a unique origin. Should reject with SecurityError.');
30 </script> 29 </script>
31 </body> 30 </body>
OLDNEW
« content/browser/bluetooth/bluetooth_dispatcher_host.cc ('K') | « content/browser/bluetooth/bluetooth_dispatcher_host.cc ('k') | third_party/WebKit/Source/modules/bluetooth/BluetoothError.cpp » ('j') | url/origin.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698