Fenced frames: Disable embedder-initiated fenced frame navigations af…

…ter network revocation [1/2] This CL disables the ability for embedders to initiate fenced frame config navigations after network has been revoked. The next CL in this series will prevent fenced frame config navigations that are in progress at the time of network revocation from committing. Bug: 1515599 Change-Id: Id136c27bc302c7d38d8d80034ade3cbbee9b646e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5201401 Reviewed-by: Dominic Farolino <dom@chromium.org> Commit-Queue: Garrett Tanzer <gtanzer@chromium.org> Cr-Commit-Position: refs/heads/main@{#1254507}
web-platform-tests · Feb 23, 2024 · c5c8964 · c5c8964
1 parent 22be582
commit c5c8964
Showing 1 changed file with 91 additions and 0 deletions.
diff --git a/fenced-frame/revoke-nested-fenced-frame-navigation.https.html b/fenced-frame/revoke-nested-fenced-frame-navigation.https.html
@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<title>Test that window.fence.disableUntrustedNetwork disables
+  embedder-initiated navigation of nested fenced frames.</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+
+// Run a test with a fenced frame nested in a fenced frame.
+// If `should_disable_network` is true, window.fence.disableUntrustedNetwork
+// will be called before creating the nested fenced frame.
+async function ff_ff_test(t, should_disable_network) {
+  const fencedframe = await attachFencedFrameContext();
+  return Promise.race([
+    fencedframe.execute(async (should_disable_network) => {
+        if (should_disable_network) {
+          await window.fence.disableUntrustedNetwork();
+        }
+        const nested_fenced_frame = await attachFencedFrameContext();
+        return nested_fenced_frame.execute(() => { return 'nav success'; }); },
+      [should_disable_network]),
+    new Promise((resolve, reject) => t.step_timeout(
+     () => resolve('timeout'), 3000))
+  ]);
+}
+
+// Run a test with a fenced frame nested in an iframe nested in a fenced frame.
+// If `should_disable_network` is true, window.fence.disableUntrustedNetwork
+// will be called before creating the nested fenced frame.
+// If `use_urn_iframe` is true, the nested iframe will be a urn iframe.
+async function ff_if_ff_test(t, should_disable_network, use_urn_iframe) {
+const fencedframe = await attachFencedFrameContext({generator_api: 'sharedstorage'});
+  return Promise.race([
+    fencedframe.execute(async (should_disable_network, use_urn_iframe) => {
+        let args = {};
+        if (use_urn_iframe) {
+          args = {generator_api: 'sharedstorage'};
+        }
+        const nested_iframe = await attachIFrameContext(args);
+        await nested_iframe.execute(() => {});
+        if (should_disable_network) {
+          await window.fence.disableUntrustedNetwork();
+        }
+        return nested_iframe.execute(async () => {
+          const nested_fenced_frame = await attachFencedFrameContext({
+              generator_api: 'sharedstorage'});
+          return nested_fenced_frame.execute(() => { return 'nav success'; });
+        });
+      },
+      [should_disable_network, use_urn_iframe]),
+    new Promise((resolve, reject) => t.step_timeout(
+     () => resolve('timeout'), 3000))
+  ]);
+}
+
+promise_test(async(t) => {
+  const result = await ff_ff_test(t, /*should_disable_network=*/false);
+  assert_equals(result, 'nav success');
+}, 'FF->FF navigation works');
+
+promise_test(async(t) => {
+  const result = await ff_ff_test(t, /*should_disable_network=*/true);
+  assert_equals(result, 'timeout');
+}, 'window.fence.disableUntrustedNetwork disables FF->FF navigation');
+
+promise_test(async(t) => {
+  const result = await ff_if_ff_test(t, /*should_disable_network=*/false, /*use_urn_iframe=*/false);
+  assert_equals(result, 'nav success');
+}, 'FF->IF->FF navigation works');
+
+promise_test(async(t) => {
+  const result = await ff_if_ff_test(t, /*should_disable_network=*/false, /*use_urn_iframe=*/true);
+  assert_equals(result, 'nav success');
+}, 'FF->UIF->FF navigation works');
+
+promise_test(async(t) => {
+  const result = await ff_if_ff_test(t, /*should_disable_network=*/true, /*use_urn_iframe=*/false);
+  assert_equals(result, 'timeout');
+}, 'window.fence.disableUntrustedNetwork disables FF->IF->FF navigation');
+
+promise_test(async(t) => {
+  const result = await ff_if_ff_test(t, /*should_disable_network=*/true, /*use_urn_iframe=*/true);
+  assert_equals(result, 'timeout');
+}, 'window.fence.disableUntrustedNetwork disables FF->UF->FF navigation');
+</script>
+</body>