Bug 1687734 [wpt PR 27257] - Deflake wpt test about CSPEE., a=testonly

Automatic update from web-platform-tests Deflake wpt test about CSPEE. The test was timing out. This is likely caused by not running as "slow" and having many promise_test running in sequence. This patch: - Make them run in parallel. - Fix an error "is-disallowed" vs "is-not-allowed" - Fix an error HTTP vs HTTPS. The "same-origin" case is now useful. - For injecting a script, prefer document.write over javascript-url. The Javascript-url might be canceled by Document::CancelPendingJavaScriptUrls() and this might be another reason to explain the flakes. Bug: chromium:1163751 Change-Id: Id0fe915c551cc464df23fa4235090216b8f701ad Fixed: chromium:1163751 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2640615 Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/master@{#845706} -- wpt-commits: c788d7b979d0e2791c298da4b7c1aa9bc844f803 wpt-pr: 27257
2024-10-09 03:15:11 +00:00 · 2021-01-21 21:55:43 +00:00 · 2021-01-21 21:55:43 +00:00 · 6b1d629cea
commit 6b1d629cea
parent daedd0e1f4
1 changed files with 39 additions and 26 deletions
--- a/testing/web-platform/tests/html/browsers/sandboxing/sandbox-inherited-from-required-csp.html
+++ b/testing/web-platform/tests/html/browsers/sandboxing/sandbox-inherited-from-required-csp.html
@ -9,31 +9,47 @@
 // Check sandbox flags are properly defined when its parent requires them and
 // the child allows it.

-const same_origin = get_host_info().HTTPS_ORIGIN;
-const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
+const same_origin = get_host_info().HTTP_ORIGIN;
+const cross_origin = get_host_info().HTTP_REMOTE_ORIGIN;
 const check_sandbox_url =
  "/html/browsers/sandboxing/resources/check-sandbox-flags.html?pipe=";
 const allow_csp_from_star = "|header(Allow-CSP-From,*)";

 // Return a promise, resolving when |element| triggers |event_name| event.
-const future = (element, event_name) => {
+const future = (element, event_name, source) => {
  return new Promise(resolve => {
-    element.addEventListener(event_name, event => resolve(event))
+    element.addEventListener(event_name, event => {
+      if (!source || source.contentWindow == event.source)
+        resolve(event)
+    })
  });
 };

 const check_sandbox_script = `
+<script>
  try {
    document.domain = document.domain;
    parent.postMessage("document-domain-is-allowed", "*");
  } catch (exception) {
    parent.postMessage("document-domain-is-disallowed", "*");
  }
+</scr`+`ipt>
 `;

 const sandbox_policy = "sandbox allow-scripts allow-same-origin";

-promise_test(async test => {
+// Test using the modern async/await primitives are easier to read/write.
+// However they run sequentially, contrary to async_test. This is the parallel
+// version, to avoid timing out.
+let promise_test_parallel = (promise, description) => {
+  async_test(test => {
+    promise(test)
+    .then(() => {test.done();})
+    .catch(test.step_func(error => { throw error; }));
+  }, description);
+};
+
+promise_test_parallel(async test => {
  const iframe = document.createElement("iframe");
  iframe.csp = sandbox_policy;

@ -43,16 +59,15 @@ promise_test(async test => {
  iframe.src = "/fetch/api/resources/infinite-slow-response.py";
  document.body.appendChild(iframe);

-  const iframe_reply = future(window, "message");
-  iframe.contentWindow.location =
-    `javascript:${encodeURI(check_sandbox_script)}`;
+  const iframe_reply = future(window, "message", iframe);
+  iframe.contentDocument.write(check_sandbox_script);
  const result = await iframe_reply;
  iframe.remove();

  assert_equals(result.data, "document-domain-is-disallowed");
 }, "initial empty document");

-promise_test(async test => {
+promise_test_parallel(async test => {
  const iframe = document.createElement("iframe");
  iframe.src = "data:text/html,dummy";

@ -65,73 +80,71 @@ promise_test(async test => {
  iframe.src = "about:blank";
  await iframe_load_2;

-  const iframe_reply = future(window, "message");
-  iframe.contentWindow.location =
-    `javascript:${encodeURI(check_sandbox_script)}`;
+  const iframe_reply = future(window, "message", iframe);
+  iframe.contentDocument.write(check_sandbox_script);
  const result = await iframe_reply;

  assert_equals(result.data, "document-domain-is-disallowed");
 }, "about:blank");

-promise_test(async test => {
+promise_test_parallel(async test => {
  const iframe = document.createElement("iframe");
  iframe.csp = sandbox_policy;
  iframe.src =
-    `data:text/html,<script>${encodeURI(check_sandbox_script)}</scr`+`ipt>`;
+    `data:text/html,${encodeURI(check_sandbox_script)}`;

-  const iframe_reply = future(window, "message");
+  const iframe_reply = future(window, "message", iframe);
  document.body.appendChild(iframe);
  const result = await iframe_reply;

  assert_equals(result.data, "document-domain-is-disallowed");
 }, "data-url");

-promise_test(async test => {
+promise_test_parallel(async test => {
  const iframe = document.createElement("iframe");
  iframe.csp = sandbox_policy;
-  iframe.srcdoc = `<script>${check_sandbox_script}</scr`+`ipt>`;
+  iframe.srcdoc = check_sandbox_script;

-  const iframe_reply = future(window, "message");
+  const iframe_reply = future(window, "message", iframe);
  document.body.appendChild(iframe);
  const result = await iframe_reply;

  assert_equals(result.data, "document-domain-is-disallowed");
 }, "srcdoc");

-promise_test(async test => {
+promise_test_parallel(async test => {
  const iframe = document.createElement("iframe");
  iframe.csp = sandbox_policy;

-  const blob = new Blob(
-    [ `<script>${check_sandbox_script}</scr`+`ipt>` ], { type: "text/html" });
+  const blob = new Blob([check_sandbox_script], { type: "text/html" });

  iframe.src = URL.createObjectURL(blob);

-  const iframe_reply = future(window, "message");
+  const iframe_reply = future(window, "message", iframe);
  document.body.appendChild(iframe);
  const result = await iframe_reply;

  assert_equals(result.data, "document-domain-is-disallowed");
 }, "blob URL");

-promise_test(async test => {
+promise_test_parallel(async test => {
  const iframe = document.createElement("iframe");
  iframe.csp = sandbox_policy;
  iframe.src = same_origin + check_sandbox_url + allow_csp_from_star;

-  const iframe_reply = future(window, "message");
+  const iframe_reply = future(window, "message", iframe);
  document.body.appendChild(iframe);
  const result = await iframe_reply;

  assert_equals(result.data, "document-domain-is-disallowed");
 }, "same-origin");

-promise_test(async test => {
+promise_test_parallel(async test => {
  const iframe = document.createElement("iframe");
  iframe.csp = sandbox_policy;
  iframe.src = cross_origin + check_sandbox_url + allow_csp_from_star;

-  const iframe_reply = future(window, "message");
+  const iframe_reply = future(window, "message", iframe);
  document.body.appendChild(iframe);
  const result = await iframe_reply;