Added some same-origin-domain checks.

components/constellation/constellation.rs

@@ -108,7 +108,7 @@ use servo_config::opts;
 use servo_config::prefs::PREFS;
 use servo_rand::{Rng, SeedableRng, ServoRng, random};
 use servo_remutex::ReentrantMutex;
-use servo_url::ServoUrl;
+use servo_url::{Host, ServoUrl};
 use std::borrow::ToOwned;
 use std::collections::{HashMap, VecDeque};
 use std::iter::once;
@@ -229,13 +229,13 @@ pub struct Constellation<Message, LTF, STF> {
     /// event loop for each registered domain name (aka eTLD+1) in
     /// each top-level frame. We store the event loops in a map
     /// indexed by top-level frame id (as a `FrameId`) and registered
-    /// domain name (as a `String`) to event loops. This double
+    /// domain name (as a `Host`) to event loops. This double
     /// indirection ensures that separate tabs do not share event
     /// loops, even if the same domain is loaded in each.
     /// It is important that scripts with the same eTLD+1
     /// share an event loop, since they can use `document.domain`
     /// to become same-origin, at which point they can share DOM objects.
-    event_loops: HashMap<FrameId, HashMap<String, Weak<EventLoop>>>,
+    event_loops: HashMap<FrameId, HashMap<Host, Weak<EventLoop>>>,
 
     /// The set of all the pipelines in the browser.
     /// (See the `pipeline` module for more details.)
@@ -606,10 +606,10 @@ impl<Message, LTF, STF> Constellation<Message, LTF, STF>
                 None => (None, None),
                 Some(host) => {
                     let event_loop = self.event_loops.get(&top_level_frame_id)
-                        .and_then(|map| map.get(host))
+                        .and_then(|map| map.get(&host))
                         .and_then(|weak| weak.upgrade());
                     match event_loop {
-                        None => (None, Some(String::from(host))),
+                        None => (None, Some(host)),
                         Some(event_loop) => (Some(event_loop.clone()), None),
                     }
                 },

components/net_traits/pub_domains.rs

@@ -15,7 +15,7 @@
 //! those cases are not present.
 
 use servo_config::resource_files::read_resource_file;
-use servo_url::ServoUrl;
+use servo_url::{Host, ImmutableOrigin, ServoUrl};
 use std::collections::HashSet;
 use std::iter::FromIterator;
 use std::str::from_utf8;
@@ -146,6 +146,11 @@ pub fn is_reg_domain(domain: &str) -> bool {
 /// Returns None if the URL has no host name.
 /// Returns the registered suffix for the host name if it is a domain.
 /// Leaves the host name alone if it is an IP address.
-pub fn reg_host<'a>(url: &'a ServoUrl) -> Option<&'a str> {
+pub fn reg_host<'a>(url: &'a ServoUrl) -> Option<Host> {
-    url.domain().map(reg_suffix).or(url.host_str())
+    match url.origin() {
+        ImmutableOrigin::Tuple(_, Host::Domain(domain), _) => Some(Host::Domain(String::from(reg_suffix(&*domain)))),
+        ImmutableOrigin::Tuple(_, Host::Ipv4(address), _) => Some(Host::Ipv4(address)),
+        ImmutableOrigin::Tuple(_, Host::Ipv6(address), _) => Some(Host::Ipv6(address)),
+        ImmutableOrigin::Opaque(_) => None,
+    }
 }

components/script/devtools.rs

@@ -10,7 +10,6 @@ use dom::bindings::codegen::Bindings::CSSStyleDeclarationBinding::CSSStyleDeclar
 use dom::bindings::codegen::Bindings::DOMRectBinding::DOMRectMethods;
 use dom::bindings::codegen::Bindings::DocumentBinding::DocumentMethods;
 use dom::bindings::codegen::Bindings::ElementBinding::ElementMethods;
-use dom::bindings::codegen::Bindings::LocationBinding::LocationMethods;
 use dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
 use dom::bindings::conversions::{ConversionResult, FromJSValConvertible, jsstring_to_str};
 use dom::bindings::inheritance::Castable;
@@ -261,6 +260,6 @@ pub fn handle_request_animation_frame(documents: &Documents,
 pub fn handle_reload(documents: &Documents,
                      id: PipelineId) {
     if let Some(win) = documents.find_window(id) {
-        win.Location().Reload();
+        win.Location().reload_without_origin_check();
     }
 }

components/script/dom/document.rs

@@ -3396,7 +3396,10 @@ impl DocumentMethods for Document {
 
         let entry_responsible_document = GlobalScope::entry().as_window().Document();
 
-        if !self.origin.same_origin(&entry_responsible_document.origin) {
+        // This check should probably be same-origin-domain
+        // https://github.com/whatwg/html/issues/2282
+        // https://github.com/whatwg/html/pull/2288
+        if !self.origin.same_origin_domain(&entry_responsible_document.origin) {
             // Step 4.
             return Err(Error::Security);
         }

components/script/dom/history.rs

@@ -4,7 +4,6 @@
 
 use dom::bindings::codegen::Bindings::HistoryBinding;
 use dom::bindings::codegen::Bindings::HistoryBinding::HistoryMethods;
-use dom::bindings::codegen::Bindings::LocationBinding::LocationMethods;
 use dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
 use dom::bindings::inheritance::Castable;
 use dom::bindings::js::{JS, Root};
@@ -65,7 +64,7 @@ impl HistoryMethods for History {
         } else if delta < 0 {
             TraversalDirection::Back(-delta as usize)
         } else {
-            self.window.Location().Reload();
+            self.window.Location().reload_without_origin_check();
             return;
         };
 

components/script/dom/htmliframeelement.rs

@@ -327,20 +327,6 @@ impl HTMLIFrameElement {
             false
         }
     }
-
-    pub fn get_content_window(&self) -> Option<Root<Window>> {
-        self.pipeline_id.get()
-            .and_then(|pipeline_id| ScriptThread::find_document(pipeline_id))
-            .and_then(|document| {
-                let current_global = GlobalScope::current();
-                let current_document = current_global.as_window().Document();
-                if document.origin().same_origin(current_document.origin()) {
-                    Some(Root::from_ref(document.window()))
-                } else {
-                    None
-                }
-            })
-    }
 }
 
 pub trait HTMLIFrameElementLayoutMethods {
@@ -512,15 +498,33 @@ impl HTMLIFrameElementMethods for HTMLIFrameElement {
 
     // https://html.spec.whatwg.org/multipage/#dom-iframe-contentwindow
     fn GetContentWindow(&self) -> Option<Root<BrowsingContext>> {
-        match self.get_content_window() {
+        if self.pipeline_id.get().is_some() {
-            Some(ref window) => Some(window.browsing_context()),
+            ScriptThread::find_browsing_context(self.frame_id)
-            None => None
+        } else {
+            None
         }
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-iframe-contentdocument
+    // https://html.spec.whatwg.org/multipage/#concept-bcc-content-document
     fn GetContentDocument(&self) -> Option<Root<Document>> {
-        self.get_content_window().map(|window| window.Document())
+        // Step 1.
+        let pipeline_id = match self.pipeline_id.get() {
+            None => return None,
+            Some(pipeline_id) => pipeline_id,
+        };
+        // Step 2-3.
+        let document = match ScriptThread::find_document(pipeline_id) {
+            None => return None,
+            Some(document) => document,
+        };
+        // Step 4.
+        let current = GlobalScope::current().as_window().Document();
+        if !current.origin().same_origin_domain(document.origin()) {
+            return None;
+        }
+        // Step 5.
+        Some(document)
     }
 
     // Experimental mozbrowser implementation is based on the webidl

components/script/dom/location.rs

@@ -4,10 +4,12 @@
 
 use dom::bindings::codegen::Bindings::LocationBinding;
 use dom::bindings::codegen::Bindings::LocationBinding::LocationMethods;
-use dom::bindings::error::{Error, ErrorResult};
+use dom::bindings::codegen::Bindings::WindowBinding::WindowBinding::WindowMethods;
+use dom::bindings::error::{Error, ErrorResult, Fallible};
 use dom::bindings::js::{JS, Root};
 use dom::bindings::reflector::{Reflector, reflect_dom_object};
 use dom::bindings::str::{DOMString, USVString};
+use dom::globalscope::GlobalScope;
 use dom::urlhelper::UrlHelper;
 use dom::window::Window;
 use dom_struct::dom_struct;
@@ -43,11 +45,27 @@ impl Location {
         setter(&mut url, value);
         self.window.load_url(url, false, false, None);
     }
+
+    fn check_same_origin_domain(&self) -> ErrorResult {
+        let entry_document = GlobalScope::entry().as_window().Document();
+        let this_document = self.window.Document();
+        if entry_document.origin().same_origin_domain(this_document.origin()) {
+            Ok(())
+        } else {
+            Err(Error::Security)
+        }
+    }
+
+    // https://html.spec.whatwg.org/multipage/#dom-location-reload
+    pub fn reload_without_origin_check(&self) {
+        self.window.load_url(self.get_url(), true, true, None);
+    }
 }
 
 impl LocationMethods for Location {
     // https://html.spec.whatwg.org/multipage/#dom-location-assign
     fn Assign(&self, url: USVString) -> ErrorResult {
+        // Note: no call to self.check_same_origin_domain()
         // TODO: per spec, we should use the _API base URL_ specified by the
         //       _entry settings object_.
         let base_url = self.window.get_url();
@@ -60,12 +78,15 @@ impl LocationMethods for Location {
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-reload
-    fn Reload(&self) {
+    fn Reload(&self) -> ErrorResult {
+        try!(self.check_same_origin_domain());
         self.window.load_url(self.get_url(), true, true, None);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-replace
     fn Replace(&self, url: USVString) -> ErrorResult {
+        // Note: no call to self.check_same_origin_domain()
         // TODO: per spec, we should use the _API base URL_ specified by the
         //       _entry settings object_.
         let base_url = self.window.get_url();
@@ -78,97 +99,124 @@ impl LocationMethods for Location {
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-hash
-    fn Hash(&self) -> USVString {
+    fn GetHash(&self) -> Fallible<USVString> {
-        UrlHelper::Hash(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Hash(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-hash
-    fn SetHash(&self, mut value: USVString) {
+    fn SetHash(&self, mut value: USVString) -> ErrorResult {
         if value.0.is_empty() {
             value = USVString("#".to_owned());
         }
+        try!(self.check_same_origin_domain());
         self.set_url_component(value, UrlHelper::SetHash);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-host
-    fn Host(&self) -> USVString {
+    fn GetHost(&self) -> Fallible<USVString> {
-        UrlHelper::Host(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Host(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-host
-    fn SetHost(&self, value: USVString) {
+    fn SetHost(&self, value: USVString) -> ErrorResult {
+        try!(self.check_same_origin_domain());
         self.set_url_component(value, UrlHelper::SetHost);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-origin
-    fn Origin(&self) -> USVString {
+    fn GetOrigin(&self) -> Fallible<USVString> {
-        UrlHelper::Origin(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Origin(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-hostname
-    fn Hostname(&self) -> USVString {
+    fn GetHostname(&self) -> Fallible<USVString> {
-        UrlHelper::Hostname(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Hostname(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-hostname
-    fn SetHostname(&self, value: USVString) {
+    fn SetHostname(&self, value: USVString) -> ErrorResult {
+        try!(self.check_same_origin_domain());
         self.set_url_component(value, UrlHelper::SetHostname);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-href
-    fn Href(&self) -> USVString {
+    fn GetHref(&self) -> Fallible<USVString> {
-        UrlHelper::Href(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Href(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-href
-    fn SetHref(&self, value: USVString) {
+    fn SetHref(&self, value: USVString) -> ErrorResult {
-        if let Ok(url) = self.window.get_url().join(&value.0) {
+        // Note: no call to self.check_same_origin_domain()
+        let url = match self.window.get_url().join(&value.0) {
+            Ok(url) => url,
+            Err(e) => return Err(Error::Type(format!("Couldn't parse URL: {}", e))),
+        };
         self.window.load_url(url, false, false, None);
-        }
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-pathname
-    fn Pathname(&self) -> USVString {
+    fn GetPathname(&self) -> Fallible<USVString> {
-        UrlHelper::Pathname(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Pathname(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-pathname
-    fn SetPathname(&self, value: USVString) {
+    fn SetPathname(&self, value: USVString) -> ErrorResult {
+        try!(self.check_same_origin_domain());
         self.set_url_component(value, UrlHelper::SetPathname);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-port
-    fn Port(&self) -> USVString {
+    fn GetPort(&self) -> Fallible<USVString> {
-        UrlHelper::Port(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Port(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-port
-    fn SetPort(&self, value: USVString) {
+    fn SetPort(&self, value: USVString) -> ErrorResult {
+        try!(self.check_same_origin_domain());
         self.set_url_component(value, UrlHelper::SetPort);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-protocol
-    fn Protocol(&self) -> USVString {
+    fn GetProtocol(&self) -> Fallible<USVString> {
-        UrlHelper::Protocol(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Protocol(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-protocol
-    fn SetProtocol(&self, value: USVString) {
+    fn SetProtocol(&self, value: USVString) -> ErrorResult {
+        try!(self.check_same_origin_domain());
         self.set_url_component(value, UrlHelper::SetProtocol);
+        Ok(())
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-href
-    fn Stringifier(&self) -> DOMString {
+    fn Stringifier(&self) -> Fallible<DOMString> {
-        DOMString::from(self.Href().0)
+        Ok(DOMString::from(try!(self.GetHref()).0))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-search
-    fn Search(&self) -> USVString {
+    fn GetSearch(&self) -> Fallible<USVString> {
-        UrlHelper::Search(&self.get_url())
+        try!(self.check_same_origin_domain());
+        Ok(UrlHelper::Search(&self.get_url()))
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-location-search
-    fn SetSearch(&self, value: USVString) {
+    fn SetSearch(&self, value: USVString) -> ErrorResult {
+        try!(self.check_same_origin_domain());
         self.set_url_component(value, UrlHelper::SetSearch);
+        Ok(())
     }
 }

components/script/dom/webidls/Location.webidl

@@ -4,26 +4,24 @@
 
 // https://html.spec.whatwg.org/multipage/#location
 [Exposed=Window, Unforgeable] interface Location {
-  /*stringifier*/ attribute USVString href;
+  /*stringifier*/ [Throws] attribute USVString href;
-  readonly attribute USVString origin;
+  [Throws] readonly attribute USVString origin;
-           attribute USVString protocol;
+  [Throws]          attribute USVString protocol;
-           attribute USVString host;
+  [Throws]          attribute USVString host;
-           attribute USVString hostname;
+  [Throws]          attribute USVString hostname;
-           attribute USVString port;
+  [Throws]          attribute USVString port;
-           attribute USVString pathname;
+  [Throws]          attribute USVString pathname;
-           attribute USVString search;
+  [Throws]          attribute USVString search;
-           attribute USVString hash;
+  [Throws]          attribute USVString hash;
 
-  [Throws]
+  [Throws] void assign(USVString url);
-  void assign(USVString url);
+  [Throws] void replace(USVString url);
-  [Throws]
+  [Throws] void reload();
-  void replace(USVString url);
-  void reload();
 
   //[SameObject] readonly attribute USVString[] ancestorOrigins;
 
   // This is only doing as well as gecko right now.
   // https://github.com/servo/servo/issues/7590 is on file for
   // adding attribute stringifier support.
-  stringifier;
+  [Throws] stringifier;
 };

components/script/dom/window.rs

@@ -42,7 +42,7 @@ use dom::location::Location;
 use dom::mediaquerylist::{MediaQueryList, WeakMediaQueryListVec};
 use dom::messageevent::MessageEvent;
 use dom::navigator::Navigator;
-use dom::node::{Node, from_untrusted_node_address, window_from_node, NodeDamage};
+use dom::node::{Node, from_untrusted_node_address, document_from_node, window_from_node, NodeDamage};
 use dom::performance::Performance;
 use dom::promise::Promise;
 use dom::screen::Screen;
@@ -528,7 +528,20 @@ impl WindowMethods for Window {
 
     // https://html.spec.whatwg.org/multipage/#dom-frameelement
     fn GetFrameElement(&self) -> Option<Root<Element>> {
-        self.browsing_context().frame_element().map(Root::from_ref)
+        // Steps 1-3.
+        if let Some(context) = self.browsing_context.get() {
+            // Step 4-5.
+            if let Some(container) = context.frame_element() {
+                // Step 6.
+                let container_doc = document_from_node(container);
+                let current_doc = GlobalScope::current().as_window().Document();
+                if current_doc.origin().same_origin_domain(container_doc.origin()) {
+                    // Step 7.
+                    return Some(Root::from_ref(container));
+                }
+            }
+        }
+        None
     }
 
     // https://html.spec.whatwg.org/multipage/#dom-navigator

components/script/script_thread.rs

@@ -27,7 +27,6 @@ use dom::bindings::cell::DOMRefCell;
 use dom::bindings::codegen::Bindings::CSSStyleDeclarationBinding::CSSStyleDeclarationMethods;
 use dom::bindings::codegen::Bindings::DocumentBinding::{DocumentMethods, DocumentReadyState};
 use dom::bindings::codegen::Bindings::EventBinding::EventInit;
-use dom::bindings::codegen::Bindings::LocationBinding::LocationMethods;
 use dom::bindings::codegen::Bindings::TransitionEventBinding::TransitionEventInit;
 use dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
 use dom::bindings::conversions::{ConversionResult, FromJSValConvertible, StringificationBehavior};
@@ -644,6 +643,14 @@ impl ScriptThread {
         }))
     }
 
+    pub fn find_browsing_context(id: FrameId) -> Option<Root<BrowsingContext>> {
+        SCRIPT_THREAD_ROOT.with(|root| root.get().and_then(|script_thread| {
+            let script_thread = unsafe { &*script_thread };
+            script_thread.browsing_contexts.borrow().get(&id)
+                .map(|context| Root::from_ref(&**context))
+        }))
+    }
+
     /// Creates a new script thread.
     pub fn new(state: InitialScriptState,
                port: Receiver<MainThreadScriptMsg>,
@@ -2101,7 +2108,7 @@ impl ScriptThread {
     fn handle_reload(&self, pipeline_id: PipelineId) {
         let window = self.documents.borrow().find_window(pipeline_id);
         if let Some(window) = window {
-            window.Location().Reload();
+            window.Location().reload_without_origin_check();
         }
     }
 

components/script/webdriver_handlers.rs

@@ -113,29 +113,24 @@ pub fn handle_get_frame_id(documents: &Documents,
                            pipeline: PipelineId,
                            webdriver_frame_id: WebDriverFrameId,
                            reply: IpcSender<Result<Option<PipelineId>, ()>>) {
-    let window = match webdriver_frame_id {
+    let result = match webdriver_frame_id {
         WebDriverFrameId::Short(_) => {
             // This isn't supported yet
             Ok(None)
         },
         WebDriverFrameId::Element(x) => {
-            match find_node_by_unique_id(documents, pipeline, x) {
+            find_node_by_unique_id(documents, pipeline, x)
-                Some(ref node) => {
+                .and_then(|node| node.downcast::<HTMLIFrameElement>().map(|elem| elem.pipeline_id()))
-                    match node.downcast::<HTMLIFrameElement>() {
+                .ok_or(())
-                        Some(ref elem) => Ok(elem.get_content_window()),
-                        None => Err(())
-                    }
-                },
-                None => Err(())
-            }
         },
         WebDriverFrameId::Parent => {
-            documents.find_window(pipeline).map(|window| window.parent()).ok_or(())
+            documents.find_window(pipeline)
+                .map(|window| window.parent_info().map(|(parent_id, _)| parent_id))
+                .ok_or(())
         }
     };
 
-    let frame_id = window.map(|x| x.map(|x| x.upcast::<GlobalScope>().pipeline_id()));
+    reply.send(result).unwrap()
-    reply.send(frame_id).unwrap()
 }
 
 pub fn handle_find_element_css(documents: &Documents, pipeline: PipelineId, selector: String,

components/url/lib.rs

@@ -28,6 +28,8 @@ use std::path::Path;
 use std::sync::Arc;
 use url::{Url, Position};
 
+pub use url::Host;
+
 #[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
 #[cfg_attr(feature = "servo", derive(HeapSizeOf))]
 pub struct ServoUrl(Arc<Url>);

tests/wpt/metadata/FileAPI/url/origin.sub.html.ini

@@ -1,5 +1,6 @@
 [origin.sub.html]
   type: testharness
+  expected: TIMEOUT
   [Verify serialization of non-ascii origin in Blob URLs]
-    expected: FAIL
+    expected: TIMEOUT
 

tests/wpt/metadata/cors/remote-origin.htm.ini

@@ -1,137 +1,138 @@
 [remote-origin.htm]
   type: testharness
+  expected: TIMEOUT
   [Allow origin: *]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Allow origin: _*__]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Allow origin: [tab\]*]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Allow origin: http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Allow origin: _http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Allow origin: _http://www1.web-platform.test:8000___[tab\]_]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Allow origin: [tab\]http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: //www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: ://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: ftp://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http:://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http:/www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http:www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000?]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000/]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000_/]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000#]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000%23]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000:80]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000,_*]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000\\0]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: HTTP://WWW1.WEB-PLATFORM.TEST:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: HTTP://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://WWW1.WEB-PLATFORM.TEST:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: -]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: **]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: \\0*]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: *\\0]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: '*']
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: "*"]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: *_*]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: *http://*]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: *http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: *_http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: *,_http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: \\0http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: null_http://www1.web-platform.test:8000]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://example.net]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: null]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: ]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://web-platform.test:8000/cors/remote-origin.htm]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://web-platform.test:8000/cors/]
-    expected: FAIL
+    expected: TIMEOUT
 
   [Disallow origin: http://www1.web-platform.test:8000/cors/]
-    expected: FAIL
+    expected: TIMEOUT
 

tests/wpt/metadata/html/browsers/history/the-location-interface/security_location_0.htm.ini

@@ -1,5 +0,0 @@
-[security_location_0.htm]
-  type: testharness
-  [Accessing location object from different origins doesn't raise SECURITY_ERR exception]
-    expected: FAIL
-

tests/wpt/metadata/html/browsers/the-window-object/security-window/window-security.html.ini

@@ -342,39 +342,15 @@
   [A SecurityError exception should not be thrown when window.closed is accessed from a different origin.]
     expected: FAIL
 
-  [A SecurityError exception should not be thrown when window.frames is accessed from a different origin.]
-    expected: FAIL
-
   [A SecurityError exception should not be thrown when window.length is accessed from a different origin.]
     expected: FAIL
 
-  [A SecurityError exception should not be thrown when window.location is accessed from a different origin.]
-    expected: FAIL
-
   [A SecurityError exception should not be thrown when window.opener is accessed from a different origin.]
     expected: FAIL
 
-  [A SecurityError exception should not be thrown when window.parent is accessed from a different origin.]
-    expected: FAIL
-
-  [A SecurityError exception should not be thrown when window.self is accessed from a different origin.]
-    expected: FAIL
-
-  [A SecurityError exception should not be thrown when window.top is accessed from a different origin.]
-    expected: FAIL
-
-  [A SecurityError exception should not be thrown when window.window is accessed from a different origin.]
-    expected: FAIL
-
   [A SecurityError exception should not be thrown when window.blur is accessed from a different origin.]
     expected: FAIL
 
-  [A SecurityError exception should not be thrown when window.close is accessed from a different origin.]
-    expected: FAIL
-
   [A SecurityError exception should not be thrown when window.focus is accessed from a different origin.]
     expected: FAIL
 
-  [A SecurityError exception should not be thrown when window.postMessage is accessed from a different origin.]
-    expected: FAIL
-

tests/wpt/metadata/html/browsers/windows/nested-browsing-contexts/frameElement.html.ini

@@ -1,5 +1,6 @@
 [frameElement.html]
   type: testharness
+  expected: TIMEOUT
   [The window's frameElement attribute must return its container element if it is a nested browsing context]
     expected: FAIL
 
@@ -7,5 +8,5 @@
     expected: FAIL
 
   [The window's frameElement attribute must return null if the container's document does not have the same effective script origin]
-    expected: FAIL
+    expected: TIMEOUT
 

tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe-load-event.html.ini

@@ -1,5 +0,0 @@
-[iframe-load-event.html]
-  type: testharness
-  [load event of blob URL]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_script.html.ini

@@ -1,6 +1,6 @@
 [iframe_sandbox_allow_script.html]
   type: testharness
-  expected: ERROR
+  expected: TIMEOUT
   [iframe_sandbox_allow_scripts]
     expected: NOTRUN
 

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/additions-to-the-steps-to-clone-a-node/templates-copy-document-owner.html.ini

@@ -1,5 +0,0 @@
-[templates-copy-document-owner.html]
-  type: testharness
-  [ownerDocument of cloned template content is set to template content owner. Test loading HTML document from file]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-document-type.html.ini

@@ -1,8 +0,0 @@
-[template-contents-owner-document-type.html]
-  type: testharness
-  [The template contents owner document type is HTML document (case when document has browsing context and the template is created by HTML parser)]
-    expected: FAIL
-
-  [The template contents owner document type is HTML document (case when document has browsing context and the template is created by createElement())]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-002.html.ini

@@ -1,12 +0,0 @@
-[template-contents-owner-test-002.html]
-  type: testharness
-  disabled: https://github.com/servo/servo/issues/9723
-  [The template contents owner document must be different from template owner document, which has browsing context. Template element is created by createElement()]
-    expected: FAIL
-
-  [The template contents owner document must be different from template owner document, which has browsing context. Template element is created via innerHTML]
-    expected: FAIL
-
-  [The template contents owner document must be different from template owner document, which has browsing context. Template element is created by HTML parser]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/definitions/template-contents.html.ini

@@ -1,14 +0,0 @@
-[template-contents.html]
-  type: testharness
-  [The template contents must be a DocumentFragment (the empty template tag inside HTML file loaded in iframe)]
-    expected: FAIL
-
-  [The template contents must be a DocumentFragment (non empty template tag inside HTML file loaded in iframe)]
-    expected: FAIL
-
-  [The template contents must be a DocumentFragment (the template tag with some text inside HTML file loaded in iframe)]
-    expected: FAIL
-
-  [The template contents must be a DocumentFragment (the template tag with nested template tag inside HTML file loaded in iframe)]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/innerhtml-on-templates/innerhtml.html.ini

@@ -1,5 +0,0 @@
-[innerhtml.html]
-  type: testharness
-  [innerHTML of template element replaces all referenced by the content attribute. Test loading of HTML document from a file]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/template-element/content-attribute.html.ini

@@ -1,8 +0,0 @@
-[content-attribute.html]
-  type: testharness
-  [Content attribute of template element is read-only. Text value of content attribute of template tag should be ignored, when loading document from a file]
-    expected: FAIL
-
-  [Content attribute of template element is read-only. Test content attribute of a document loaded from a file]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/template-element/node-document-changes.html.ini

@@ -1,11 +0,0 @@
-[node-document-changes.html]
-  type: testharness
-  [Changing of template element's node document. Test document loaded from a file]
-    expected: FAIL
-
-  [Changing of template element's node document. Test the case when both old and new owner documents of template element have browsing context]
-    expected: FAIL
-
-  [Changing of template element's node document. Adobt template element into a document that has a browsing context]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/template-element/template-content-node-document.html.ini

@@ -1,5 +0,0 @@
-[template-content-node-document.html]
-  type: testharness
-  [Node document of the template content attribute must be template contents owner. Load HTML file with multiple template elements]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/template-element/template-descendant-body.html.ini

@@ -1,5 +0,0 @@
-[template-descendant-body.html]
-  type: testharness
-  [Template element as a descendant of the body element. Test loading from a file]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/template-element/template-descendant-frameset.html.ini

@@ -1,11 +0,0 @@
-[template-descendant-frameset.html]
-  type: testharness
-  [Template element as a descendant of the frameset element. Test loading from a file]
-    expected: FAIL
-
-  [Template element as a descendant of the frameset element. Test template element is assigned to frameset's innerHTML)]
-    expected: FAIL
-
-  [Template element as a descendant of the frameset element. Test template element appended to frameset by appendChild()]
-    expected: FAIL
-

tests/wpt/metadata/html/semantics/scripting-1/the-template-element/template-element/template-descendant-head.html.ini

@@ -1,5 +0,0 @@
-[template-descendant-head.html]
-  type: testharness
-  [Template element as a descendant of the head element. Test loading from a file]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/generating-of-implied-end-tags.html.ini

@@ -1,8 +0,0 @@
-[generating-of-implied-end-tags.html]
-  type: testharness
-  [Generating of implied end tags. Test table elements. Loading of HTML document from a file]
-    expected: FAIL
-
-  [Generating of implied end tags. Test div element. Loading of HTML document from a file]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-body-token.html.ini

@@ -1,5 +0,0 @@
-[ignore-body-token.html]
-  type: testharness
-  [Ignore BODY token. Test loading a HTML file with BODY tag inside template]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-frameset-token.html.ini

@@ -1,5 +0,0 @@
-[ignore-frameset-token.html]
-  type: testharness
-  [Ignore frameset token. Test loading a HTML file with FRAMESET tag inside template]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-head-token.html.ini

@@ -1,5 +0,0 @@
-[ignore-head-token.html]
-  type: testharness
-  [Ignore HEAD token. Test loading a HTML file with HEAD tag inside template]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/ignore-html-token.html.ini

@@ -1,5 +0,0 @@
-[ignore-html-token.html]
-  type: testharness
-  [Ignore HTML token. Test loading a HTML file with HTML tag inside template]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/start-tag-html.html.ini

@@ -1,5 +0,0 @@
-[start-tag-html.html]
-  type: testharness
-  [In body insertion mode: html start tag should add only absent attributes]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-body-insertion-mode/template-end-tag-without-start-one.html.ini

@@ -1,5 +0,0 @@
-[template-end-tag-without-start-one.html]
-  type: testharness
-  [</template> tag in HTML body without start one should be ignored. Test HTML document loaded from file]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset.html.ini

@@ -1,5 +0,0 @@
-[end-tag-frameset.html]
-  type: testharness
-  [<template> tag should be ignored in "in frameset" insertion mode]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/generating-of-implied-end-tags.html.ini

@@ -1,8 +0,0 @@
-[generating-of-implied-end-tags.html]
-  type: testharness
-  [Generating of implied end tags. Test table elements. Load HTML document from file]
-    expected: FAIL
-
-  [Generating of implied end tags. Test div element. Load HTML document from file]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/additions-to-the-in-head-insertion-mode/template-end-tag-without-start-one.html.ini

@@ -1,5 +0,0 @@
-[template-end-tag-without-start-one.html]
-  type: testharness
-  [</template> tag in HTML head without start one should be ignored. Test HTML document loaded from file]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/appending-to-a-template/template-child-nodes.html.ini

@@ -1,8 +0,0 @@
-[template-child-nodes.html]
-  type: testharness
-  [Template child nodes must be appended to template content node. Load HTML document from a file]
-    expected: FAIL
-
-  [Template child nodes must be appended to nested template content node. Load HTML document from a file]
-    expected: FAIL
-

tests/wpt/metadata/html/syntax/parsing/template/creating-an-element-for-the-token/template-owner-document.html.ini

@@ -1,11 +0,0 @@
-[template-owner-document.html]
-  type: testharness
-  [Test ownerDocument property of two elements in a template. Load HTML document from a file, current DOCUMENT has browsing context]
-    expected: FAIL
-
-  [Test ownerDocument property of the element in a template. Load HTML document from a file, current DOCUMENT has browsing context]
-    expected: FAIL
-
-  [Test ownerDocument property of the element in a nested template. Load HTML document from a file, current DOCUMENT has browsing context]
-    expected: FAIL
-

tests/wpt/metadata/navigation-timing/test_unique_performance_objects.html.ini

@@ -1,3 +0,0 @@
-[test_unique_performance_objects.html]
-  type: testharness
-  expected: ERROR

tests/wpt/mozilla/meta/MANIFEST.json

@@ -25696,7 +25696,7 @@
    "support"
   ],
   "mozilla/referrer-policy/generic/common.js": [
-   "1f4a0fa9285ad504cba75c01b4938c9da78cace3",
+   "6882adfd624da27cd226e1575988e85ad4e0a562",
    "support"
   ],
   "mozilla/referrer-policy/generic/referrer-policy-test-case.js": [

tests/wpt/mozilla/tests/mozilla/referrer-policy/generic/common.js

@@ -195,8 +195,8 @@ function queryAnchor(url, callback, referrer_policy) {
     var url_with_params = url + "&id=" + id + "&tagAttrs=" + JSON.stringify(referrer_policy);
     var iframe = appendIframeToBody(url_with_params);
     iframe.addEventListener("load", function listener() {
-      if ((iframe.contentWindow !== null) &&
+      if ((iframe.contentDocument !== null) &&
-          (iframe.contentWindow.location.toString() === url_with_params)) {
+          (iframe.contentDocument.location.toString() === url_with_params)) {
         return;
       }