[wpt-sync] Sync PR 32413 - AnonymousIframe: Check FencedFrame Interaction (3/3)
Categories
(Core :: DOM: Core & HTML, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox99 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
(Depends on 1 open bug, )
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 32413 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/32413
Details from upstream follow.
Arthur Sonzogni <arthursonzogni@chromium.org> wrote:
AnonymousIframe: Check FencedFrame Interaction (3/3)
Add a WPT:
It shows you can bypass fencedframe using the anonymous one.A (this document) ┌────────────────────────┴──┐ ┌─┼──────────────────────┐ D (anonymous-iframe) │ B (fenced-frame) │ ^ │ │ │ | │ C (anonymous-iframe) -->----` (BroadcastChannel) └────────────────────────┘
Note that the mparch implementation is working correctly, because it
uses a different content::Page.If the shadow-dom implementation ship, this would require finding a way to use a different nonce inside the fencedframe.
Bug: 1287458
Change-Id: I8282a8acf8a0c7bf938f54ca9c0abf04215ffc5b
Reviewed-on: https://chromium-review.googlesource.com/3395556
WPT-Export-Revision: 8cc25a434dae0e958d31294d8b88c059ef9c3641
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Assignee | ||
Comment 2•3 years ago
|
||
Assignee | ||
Comment 3•3 years ago
|
||
Assignee | ||
Comment 4•3 years ago
|
||
CI Results
Ran 11 Firefox configurations based on mozilla-central, and Firefox, and Chrome on GitHub CI
Total 8 tests and 1 subtests
Status Summary
Firefox
OK : 4[Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 6[GitHub]
PASS : 6[Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 8[GitHub]
FAIL : 14[Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 16[GitHub]
ERROR: 2
Chrome
OK : 6
PASS : 8
FAIL : 16
ERROR: 2
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
/html/cross-origin-embedder-policy/anonymous-iframe/anonymous-iframe-popup.tentative.https.window.html
Cross-origin popup from normal/anonymous iframes.: FAIL (Chrome: FAIL)
Same-origin popup from normal/anonymous iframes.: FAIL (Chrome: FAIL)
/html/cross-origin-embedder-policy/anonymous-iframe/cookie.tentative.https.window.html
Anonymous same-origin iframe is loaded without credentials: FAIL (Chrome: FAIL)
Anonymous cross-origin iframe is loaded without credentials: FAIL (Chrome: FAIL)
same_origin anonymous iframe can't send same_origin credentials: FAIL (Chrome: FAIL)
same_origin anonymous iframe can't send cross_origin credentials: FAIL (Chrome: FAIL)
cross_origin anonymous iframe can't send cross_origin credentials: FAIL (Chrome: FAIL)
cross_origin anonymous iframe can't send same_origin credentials: FAIL (Chrome: FAIL)
same_origin anonymous iframe can't send same_origin credentials on child iframe: FAIL (Chrome: FAIL)
same_origin anonymous iframe can't send cross_origin credentials on child iframe: FAIL (Chrome: FAIL)
cross_origin anonymous iframe can't send cross_origin credentials on child iframe: FAIL (Chrome: FAIL)
cross_origin anonymous iframe can't send same_origin credentials on child iframe: FAIL (Chrome: FAIL)
/html/cross-origin-embedder-policy/anonymous-iframe/fenced-frame-bypass.tentative.https.window.html: ERROR (Chrome: ERROR)
/html/cross-origin-embedder-policy/anonymous-iframe/fenced-frame.tentative.https.window.html: ERROR (Chrome: ERROR)
/html/cross-origin-embedder-policy/anonymous-iframe/local-storage.tentative.https.window.html
same_origin anonymous iframe can't access the localStorage: FAIL (Chrome: FAIL)
cross_origin anonymous iframe can't access the localStorage: FAIL (Chrome: FAIL)
/html/cross-origin-embedder-policy/anonymous-iframe/session-storage.tentative.https.window.html
same_origin anonymous iframe can't access the sessionStorage: FAIL (Chrome: FAIL)
/html/cross-origin-embedder-policy/anonymous-iframe/web-lock.tentative.https.window.html
web-lock: FAIL (Chrome: FAIL)
Comment 7•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b5704301d77a
https://hg.mozilla.org/mozilla-central/rev/ea3828995df5
Description
•