Implement setter for document.domain

2025-08-13 17:35:36 +01:00 · 2017-02-10 17:24:44 -06:00 · 2017-02-10 17:24:44 -06:00 · 5348b63e38
commit 5348b63e38
parent 1f61a549a3
68 changed files with 217 additions and 736 deletions
--- a/tests/wpt/web-platform-tests/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_setter.html
+++ b/tests/wpt/web-platform-tests/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_setter.html
@ -0,0 +1,68 @@
+<!doctype html>
+<html>
+  <head>
+    <title></title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+  </head>
+  <body>
+    <iframe id="iframe"></iframe>
+    <script>
+      var host_info = get_host_info();
+      var HTTP_PORT = host_info.HTTP_PORT;
+      var ORIGINAL_HOST = host_info.ORIGINAL_HOST; // e.g. "web-platform.test"
+      var SUFFIX_HOST = ORIGINAL_HOST.substring(ORIGINAL_HOST.lastIndexOf('.') + 1); // e.g. "test"
+      var PREFIX_HOST = "www1." + ORIGINAL_HOST; // e.g. "www1.web-platform.test"
+      var iframe = document.getElementById("iframe");
+      var iframe_url = new URL("document_domain_setter_iframe.html", document.location);
+      iframe_url.hostname = PREFIX_HOST;
+      iframe.src = iframe_url;
+      test(function() {
+        assert_throws("SecurityError", function() { document.domain = SUFFIX_HOST; });
+        assert_throws("SecurityError", function() { document.domain = "." + SUFFIX_HOST; });
+        assert_throws("SecurityError", function() { document.domain = PREFIX_HOST; });
+        assert_throws("SecurityError", function() { document.domain = "example.com"; });
+      }, "failed setting of document.domain");
+      async_test(function(t) {
+        iframe.addEventListener("load", t.step_func(function() {
+          // Before setting document.domain, the iframe is not
+          // same-origin-domain, so security checks fail.
+          assert_equals(iframe.contentDocument, null);
+          assert_equals(iframe.contentWindow.frameElement, null);
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.origin; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.href; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.protocol; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.host; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.port; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.hostname; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.pathname; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.hash; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.search; });
+          assert_throws("SecurityError", function() { iframe.contentWindow.location.toString(); });
+          // Set document.domain
+          document.domain = ORIGINAL_HOST;
+          // After setting document.domain, the iframe is
+          // same-origin-domain, so security checks pass.
+          assert_equals(iframe.contentDocument.domain, document.domain);
+          assert_equals(iframe.contentWindow.frameElement, iframe)
+          assert_equals(iframe.contentWindow.origin, window.origin);
+          assert_equals(iframe.contentWindow.location.href, iframe_url.href);
+          assert_equals(iframe.contentWindow.location.protocol, iframe_url.protocol);
+          assert_equals(iframe.contentWindow.location.host, iframe_url.host);
+          assert_equals(iframe.contentWindow.location.port, iframe_url.port);
+          assert_equals(iframe.contentWindow.location.hostname, iframe_url.hostname);
+          assert_equals(iframe.contentWindow.location.pathname, iframe_url.pathname);
+          assert_equals(iframe.contentWindow.location.hash, iframe_url.hash);
+          assert_equals(iframe.contentWindow.location.search, iframe_url.search);
+          assert_equals(iframe.contentWindow.location.search, iframe_url.search);
+          assert_equals(iframe.contentWindow.location.toString(), iframe_url.toString());
+          // document.open checks for same-origin, not same-origin-domain,
+          // https://github.com/whatwg/html/issues/2282
+          assert_throws("SecurityError", function() { iframe.contentDocument.open(); });
+          t.done();
+        }));
+      }, "same-origin-domain iframe");
+    </script>
+  </body>
+</html>
--- a/tests/wpt/web-platform-tests/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_setter_iframe.html
+++ b/tests/wpt/web-platform-tests/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain_setter_iframe.html
@ -0,0 +1,12 @@
+<!doctype html>
+<html>
+  <head>
+    <title></title>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script>
+      document.domain = get_host_info().ORIGINAL_HOST;
+    </script>
+  </head>
+  <body>
+  </body>
+</html>