Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(469)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php

Issue 2005783005: Re-enable storage for Suborigins. (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master
Patch Set: Rebase on ToT Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/suborigins/resources/access-storage.php ('k') | third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php b/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php
index b0e90f6ff81f6b3aa4d73983dab5411af091aa4d..c63df4240c60e117c6c8beccf44f47d3326981a6 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php
+++ b/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php
@@ -5,27 +5,71 @@ header("Suborigin: foobar");
<html>
<head>
<meta charset="utf-8">
-<title>Verifies that localStorage and sessionStorage are not accessible from within a suborigin</title>
+<title>Verifies that localStorage and sessionStorage are accessible from within a suborigin and are different from the physical origin's localStorage and sessionStorage</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>
-var expected_error = new DOMException('TEST EXCEPTION', 'SecurityError');
+var iframeWindow;
+localStorage.clear();
+sessionStorage.clear();
-function must_throw_security_exception(storage) {
- return function(t) {
- assert_throws(expected_error, function() {
- window[storage];
+function make_storage_accessibility_test(storage) {
+ return function(test) {
+ assert_equals(storage.getItem('FOO'), null);
+ storage.setItem('FOO', 'BAR');
+ assert_equals(storage.getItem('FOO'), 'BAR');
+ storage.removeItem('FOO');
+ assert_equals(storage.getItem('FOO'), null);
+ test.done();
+ };
+}
+
+async_test(make_storage_accessibility_test(localStorage),
+ 'localStorage is accessible from a Suborigin');
+async_test(make_storage_accessibility_test(sessionStorage),
+ 'sessionStorage is accessible from a Suborigin');
+
+function make_xorigin_test(storage_name, item_name) {
+ var storage = window[storage_name];
+ return function(test) {
+ window.addEventListener('message', function(event) {
+ if (event.data != 'ready' && event.data.type == storage_name) {
+ assert_equals(event.data.value, null);
+ assert_equals(storage.getItem(item_name), null);
+ test.done();
+ }
});
- t.done();
};
}
-async_test(must_throw_security_exception('localStorage'),
- 'localStorage must not be accessible from a suborigin');
-async_test(must_throw_security_exception('sessionStorage'),
- 'sessionStorage must not be accessible from a suborigin');
+var localStorageXOriginTest = async_test(
+ make_xorigin_test('localStorage', 'LOCAL_FOO2'),
+ 'localStorage is set in a Suborigin is not accessible in the physical ' +
+ 'origin, or vice versa');
+var sessionStorageXOriginTest = async_test(
+ make_xorigin_test('sessionStorage', 'SESSION_FOO2'),
+ 'sessionStorage is set in a Suborigin is not accessible in the physical ' +
+ 'origin, or vice versa');
+
+window.addEventListener('message', function(event) {
+ // When the iframe states that it is ready to accept messages, start the
+ // localStorage and sessionStorage tests by setting up the appropriate
+ // store and messaging the iframe that the store is ready.
+ //
+ // When the iframe responds again, the appropriate tests have setup
+ // listeners to check that the values in our storage have not changed and
+ // that the iframe's storage values have also not changed.
+ if (event.data == 'ready') {
+ iframeWindow = document.getElementById('iframe').contentWindow;
+ window.localStorage.setItem('LOCAL_FOO1', 'BAR');
+ window.sessionStorage.setItem('SESSION_FOO1', 'BAR');
+ iframeWindow.postMessage({ 'type': 'localStorage' }, '*');
+ iframeWindow.postMessage({ 'type': 'sessionStorage' }, '*');
+ }
+ });
</script>
+<iframe id="iframe" src="resources/access-storage.php"></iframe>
</body>
</html>
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/suborigins/resources/access-storage.php ('k') | third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698