From 1de7e8dd6dceb08d4c8300d9308e770d8a12eb63 Mon Sep 17 00:00:00 2001 From: Mike Pennisi Date: Tue, 17 Dec 2019 20:16:30 -0500 Subject: [PATCH 1/6] [html] Add tests for parsing COOP values --- .../header-parsing.https.html | 44 +++++++++++++++++++ .../resources/coop-same-origin-repeated.asis | 24 ++++++++++ 2 files changed, 68 insertions(+) create mode 100644 html/cross-origin-opener-policy/header-parsing.https.html create mode 100644 html/cross-origin-opener-policy/resources/coop-same-origin-repeated.asis diff --git a/html/cross-origin-opener-policy/header-parsing.https.html b/html/cross-origin-opener-policy/header-parsing.https.html new file mode 100644 index 00000000000000..0fef85f6e25239 --- /dev/null +++ b/html/cross-origin-opener-policy/header-parsing.https.html @@ -0,0 +1,44 @@ + + + + + + + +
+ diff --git a/html/cross-origin-opener-policy/resources/coop-same-origin-repeated.asis b/html/cross-origin-opener-policy/resources/coop-same-origin-repeated.asis new file mode 100644 index 00000000000000..082478e1599eb8 --- /dev/null +++ b/html/cross-origin-opener-policy/resources/coop-same-origin-repeated.asis @@ -0,0 +1,24 @@ +HTTP/1.1 200 OK +Cross-Origin-Opener-Policy: same-origin +Cross-Origin-Opener-Policy: same-origin +Server: BaseHTTP/0.3 Python/2.7.15+ +Date: Wed, 18 Dec 2019 00:47:08 GMT + + + + + + From 2843a5070abf872a57433c9ae1c4c2ee10ca8e2c Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Tue, 18 Aug 2020 14:56:16 +0200 Subject: [PATCH 2/6] Update tests to draft-ietf-httpbis-header-structure-19 and current HTML standard --- .../header-parsing.https.html | 24 ++++++++++++------- .../resources/common.js | 6 ++--- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/html/cross-origin-opener-policy/header-parsing.https.html b/html/cross-origin-opener-policy/header-parsing.https.html index 0fef85f6e25239..94fef0a38c291b 100644 --- a/html/cross-origin-opener-policy/header-parsing.https.html +++ b/html/cross-origin-opener-policy/header-parsing.https.html @@ -13,24 +13,32 @@ // None of the following should be recognized as "same-origin" (hence the // "expected opener" value of `true`). - [SAME_ORIGIN, "same\u2014origin;", true], // non-ASCII character (em dash) + [SAME_ORIGIN, "same\u2014origin", true], // non-ASCII character (em dash) [SAME_ORIGIN, "same-origin;", true], - [SAME_ORIGIN, "same-origin\0", true], [SAME_ORIGIN, "\u000bsame-origin\u000b", true], // vertical tab [SAME_ORIGIN, "\u000csame-origin\u000c", true], // form feed [SAME_ORIGIN, "\u000dsame-origin\u000d", true], // carriage return [SAME_ORIGIN, "Same-origin", true], - [SAME_ORIGIN, "same-origin; foo=bar", true], - [SAME_ORIGIN, "\"same-origin\"", true], // HTTP structured header "string" item - [SAME_ORIGIN, "*c2FtZS1vcmlnaW4=*", true], // HTTP structured header "byte sequence" item + [SAME_ORIGIN, "same-origin;\tfoo=bar", true], + [SAME_ORIGIN, "same-origin ;foo=bar", true], + [SAME_ORIGIN, "same-origin; foo=bar;", true], + [SAME_ORIGIN, "\"same-origin\"", true], // HTTP structured fields "string" item + [SAME_ORIGIN, ":c2FtZS1vcmlnaW4=:", true], // HTTP structured fields "byte sequence" item + [SAME_ORIGIN, "?1", true], // HTTP structured fields "boolean" item + [SAME_ORIGIN, "1", true], // HTTP structured fields "integer or decimal" item + [SAME_ORIGIN, "$same-origin", true], // the item type is unrecognized [SAME_ORIGIN, "same-origin same-origin", true], [SAME_ORIGIN, "same-origin,same-origin", true], - [SAME_ORIGIN, "same-origin;same-origin", true], + [SAME_ORIGIN, "\tsame-origin", true], + [SAME_ORIGIN, "same-origin\t", true], + [SAME_ORIGIN, "*same-origin ", true], // All of the following should be recognized as "same-origin" (hence the // "expected opener" value of `false`). - [SAME_ORIGIN, " \tsame-origin", false], - [SAME_ORIGIN, "same-origin\t ", false], + [SAME_ORIGIN, " same-origin", false], + [SAME_ORIGIN, "same-origin ", false], + [SAME_ORIGIN, "same-origin;same-origin", false], + [SAME_ORIGIN, "same-origin; foo=bar", false], ]; run_coop_tests("unspecified", tests); diff --git a/html/cross-origin-opener-policy/resources/common.js b/html/cross-origin-opener-policy/resources/common.js index 8a3cd133734dc3..575ebc233432f7 100644 --- a/html/cross-origin-opener-policy/resources/common.js +++ b/html/cross-origin-opener-policy/resources/common.js @@ -63,7 +63,7 @@ function run_coop_tests(documentCOOPValueTitle, testArray) { coop_test(t, test[0], test[1], `${documentCOOPValueTitle}_to_${test[0].name}_${test[1].replace(/ /g,"-")}`, test[2], () => { t.done(); }); - }, `${documentCOOPValueTitle} document opening popup to ${test[0].origin} with COOP: "${test[1]}"`); + }, `${documentCOOPValueTitle} document opening popup to ${test[0].origin} with COOP: ${format_value(test[1])}`); } } @@ -91,5 +91,5 @@ function run_coop_test_iframe (documentTitle, iframe_origin, popup_origin, popup assert_equals(payload.name, expects_name? name:"", 'name'); }); document.body.append(frame); - }, `${documentTitle} with ${iframe_origin.name} iframe opening popup a ${popup_origin.name} with COOP: ${popup_coop}`); -} \ No newline at end of file + }, `${documentTitle} with ${iframe_origin.name} iframe opening popup a ${popup_origin.name} with COOP: ${format_value(popup_coop)}`); +} From 05c9fe2f02cbad74c225d645b690eb997ab033eb Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Wed, 19 Aug 2020 14:50:16 +0200 Subject: [PATCH 3/6] Fix tests - leading and trailing OWS are removed by HTTP --- html/cross-origin-opener-policy/header-parsing.https.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cross-origin-opener-policy/header-parsing.https.html b/html/cross-origin-opener-policy/header-parsing.https.html index 94fef0a38c291b..a48a9383f7aa3c 100644 --- a/html/cross-origin-opener-policy/header-parsing.https.html +++ b/html/cross-origin-opener-policy/header-parsing.https.html @@ -29,14 +29,14 @@ [SAME_ORIGIN, "$same-origin", true], // the item type is unrecognized [SAME_ORIGIN, "same-origin same-origin", true], [SAME_ORIGIN, "same-origin,same-origin", true], - [SAME_ORIGIN, "\tsame-origin", true], - [SAME_ORIGIN, "same-origin\t", true], [SAME_ORIGIN, "*same-origin ", true], // All of the following should be recognized as "same-origin" (hence the // "expected opener" value of `false`). [SAME_ORIGIN, " same-origin", false], [SAME_ORIGIN, "same-origin ", false], + [SAME_ORIGIN, "\tsame-origin", true], + [SAME_ORIGIN, "same-origin\t", true], [SAME_ORIGIN, "same-origin;same-origin", false], [SAME_ORIGIN, "same-origin; foo=bar", false], ]; From 44ce78b28d4768cf657cc2e5c4cc321bd46de11c Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Thu, 20 Aug 2020 16:41:10 +0200 Subject: [PATCH 4/6] Fix typo --- html/cross-origin-opener-policy/header-parsing.https.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cross-origin-opener-policy/header-parsing.https.html b/html/cross-origin-opener-policy/header-parsing.https.html index a48a9383f7aa3c..8abf85cc379ca3 100644 --- a/html/cross-origin-opener-policy/header-parsing.https.html +++ b/html/cross-origin-opener-policy/header-parsing.https.html @@ -35,8 +35,8 @@ // "expected opener" value of `false`). [SAME_ORIGIN, " same-origin", false], [SAME_ORIGIN, "same-origin ", false], - [SAME_ORIGIN, "\tsame-origin", true], - [SAME_ORIGIN, "same-origin\t", true], + [SAME_ORIGIN, "\tsame-origin", false], + [SAME_ORIGIN, "same-origin\t", false], [SAME_ORIGIN, "same-origin;same-origin", false], [SAME_ORIGIN, "same-origin; foo=bar", false], ]; From 9839b1545c3ff7c89741cbbac0e83612b8db9a0d Mon Sep 17 00:00:00 2001 From: Mike Pennisi Date: Thu, 20 Aug 2020 20:10:47 -0400 Subject: [PATCH 5/6] fixup! [html] Add tests for parsing COOP values --- html/cross-origin-opener-policy/resources/common.js | 2 +- html/cross-origin-opener-policy/resources/coop-coep.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cross-origin-opener-policy/resources/common.js b/html/cross-origin-opener-policy/resources/common.js index 575ebc233432f7..f75cd63db94bf6 100644 --- a/html/cross-origin-opener-policy/resources/common.js +++ b/html/cross-origin-opener-policy/resources/common.js @@ -50,7 +50,7 @@ function url_test(t, url, channelName, hasOpener, openerDOMAccess, callback) { } function coop_coep_test(t, host, coop, coep, channelName, hasOpener, openerDOMAccess, callback) { - url_test(t, `${host.origin}/html/cross-origin-opener-policy/resources/coop-coep.py?coop=${encodeURIComponent(coop)}&coep=${coep}&channel=${channelName}`, channelName, hasOpener, openerDOMAccess, callback); + url_test(t, `${host.origin}/html/cross-origin-opener-policy/resources/coop-coep.py?coop=${encodeURIComponent(coop)}&coep=${coep}&channel=${encodeURIComponent(channelName)}`, channelName, hasOpener, openerDOMAccess, callback); } function coop_test(t, host, coop, channelName, hasOpener, callback) { diff --git a/html/cross-origin-opener-policy/resources/coop-coep.py b/html/cross-origin-opener-policy/resources/coop-coep.py index e0a3d90050a624..31490a162ba66f 100644 --- a/html/cross-origin-opener-policy/resources/coop-coep.py +++ b/html/cross-origin-opener-policy/resources/coop-coep.py @@ -70,7 +70,7 @@ def main(request, response): iframe.contentWindow.postMessage(payload, "*"); }; const channelName = new URL(location).searchParams.get("channel"); - iframe.src = `${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/postback.html?channel=${channelName}`; + iframe.src = `${get_host_info().HTTPS_ORIGIN}/html/cross-origin-opener-policy/resources/postback.html?channel=${encodeURIComponent(channelName)}`; document.body.appendChild(iframe); } From 0cc2a78ea42dc6b2eb86c7ef8cd225c20bf49890 Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Fri, 21 Aug 2020 14:25:15 +0200 Subject: [PATCH 6/6] Add a test for trailing null byte --- html/cross-origin-opener-policy/header-parsing.https.html | 1 + 1 file changed, 1 insertion(+) diff --git a/html/cross-origin-opener-policy/header-parsing.https.html b/html/cross-origin-opener-policy/header-parsing.https.html index 8abf85cc379ca3..94901a4649abde 100644 --- a/html/cross-origin-opener-policy/header-parsing.https.html +++ b/html/cross-origin-opener-policy/header-parsing.https.html @@ -19,6 +19,7 @@ [SAME_ORIGIN, "\u000csame-origin\u000c", true], // form feed [SAME_ORIGIN, "\u000dsame-origin\u000d", true], // carriage return [SAME_ORIGIN, "Same-origin", true], + [SAME_ORIGIN, "same-origin\0", true], [SAME_ORIGIN, "same-origin;\tfoo=bar", true], [SAME_ORIGIN, "same-origin ;foo=bar", true], [SAME_ORIGIN, "same-origin; foo=bar;", true],