Create a basic partitioned sessionStorage WPT

Bug: 1253351 Change-Id: I0837b00407760bf256bd7adc8a84777a8c307923 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3932745 Reviewed-by: Philip Rogers <pdr@chromium.org> Reviewed-by: Mike Taylor <miketaylr@chromium.org> Commit-Queue: Kyra Seevers <kyraseevers@chromium.org> Cr-Commit-Position: refs/heads/main@{#1054980}
web-platform-tests · Oct 4, 2022 · a82ac22 · a82ac22
1 parent 76ccc49
commit a82ac22
Show file tree

Hide file tree

Showing 2 changed files with 117 additions and 0 deletions.
diff --git a/webstorage/resources/sessionStorage-about-blank-partitioned-iframe.html b/webstorage/resources/sessionStorage-about-blank-partitioned-iframe.html
@@ -0,0 +1,44 @@
+<!doctype html>
+<meta charset="utf-8">
+<script>
+
+function getOrCreateID(key) {
+  if (!sessionStorage.getItem(key)) {
+    const newID = new Date() + "-" + Math.random();
+    sessionStorage.setItem(key, newID);
+  }
+  return sessionStorage.getItem(key);
+}
+
+window.addEventListener("load", () => {
+  // In this testing set-up, only cross-site iframes will have an opener.
+  if (parent.opener) {
+    const payload = {
+      message: "cross-site window iframe loaded",
+      userID: getOrCreateID("userID"),
+    }
+    // Once the cross-site iframe has loaded, we send a message back to
+    // the main window with the ID from sessionStorage.
+    parent.opener.postMessage(payload, parent.opener.origin);
+  }
+});
+
+window.addEventListener("message", (e) => {
+  if (e.data.command == "create ID") {
+    // e.data.key is equivalent to "userID"
+    getOrCreateID(e.data.key);
+
+    const payload = {
+      message: "ID created",
+      userID: sessionStorage.getItem("userID"),
+    }
+    // Return the ID from sessionStorage to the main window.
+    e.source.postMessage(payload, e.source.origin);
+  }
+
+  // Additional functionality for clean-up at the end of the test.
+  if (e.data.command == "clearStorage") {
+    sessionStorage.clear();
+  }
+});
+</script>
diff --git a/webstorage/sessionStorage-basic-partitioned.tentative.sub.html b/webstorage/sessionStorage-basic-partitioned.tentative.sub.html
@@ -0,0 +1,73 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>sessionStorage: partitioned storage test</title>
+<meta name=help href="https://privacycg.github.io/storage-partitioning/">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<iframe id="shared-iframe" src="http://{{host}}:{{ports[http][0]}}/webstorage/resources/sessionStorage-about-blank-partitioned-iframe.html"></iframe>
+<body>
+<script>
+// Here's the set-up for this test:
+// Step 1. (main window) set up messaging and same-site iframe load listeners.
+// Step 2. (same-site iframe) loads, requests sessionStorage for "userID".
+// Step 3. (same-site iframe) receives the message, gets or allocates sessionStorage,
+// and returns the generated ID to the main frame.
+// Step 4. (main window) receives "storage got set" message from same-site iframe.
+// Step 5. (main window) opens a new cross-site window with the shared-iframe inside.
+// Step 6. (cross-site iframe) loads, requests sessionStorage for "userID", gets or
+// allocates that sessionStorage, and returns the generated ID to the main frame.
+// Step 7. (main window) asserts that the generated IDs should be different, as
+// they should have a different StorageKey.
+const altOrigin = "http://{{hosts[alt][]}}:{{ports[http][0]}}";
+
+async_test(t => {
+  let crossSiteWindow;
+  let crossSiteID;
+  let sameSiteID;
+  // Retrieve the iframe we created in the HTML above.
+  const iframe = document.getElementById("shared-iframe");
+
+  // Once the iframe loads, we request sessionStorage.
+  iframe.addEventListener("load", t.step_func(e => {
+    const payload = {
+      command: "create ID",
+      key: "userID",
+    };
+    iframe.contentWindow.postMessage(payload, iframe.origin);
+  }), {once: true});
+
+  window.addEventListener("message", t.step_func(e => {
+    // Once we get or allocate the sessionStorage, we expect the iframe
+    // to message us back with the generated ID.
+    if (e.data.message === "ID created") {
+      sameSiteID = e.data.userID;
+      assert_true(typeof sameSiteID === "string");
+
+      // Now that same-site storage has been secured, we need to open a
+      // new cross-site window that contains our shared-iframe to repeat
+      // the process in a cross-site environment.
+      if (location.origin !== altOrigin) {
+        crossSiteWindow = window.open(`${altOrigin}/webstorage/sessionStorage-basic-partitioned.tentative.sub.html`, "", "noopener=false");
+        t.add_cleanup(() => crossSiteWindow.close());
+      }
+    }
+
+    // We expect that once the cross-site iframe requests sessionStorage,
+    // it will message us back with the generated ID.
+    if (e.data.message === "cross-site window iframe loaded") {
+      crossSiteID = e.data.userID;
+      t.step(() => {
+        // Same and cross-site iframes should have different generated IDs.
+        assert_true(typeof crossSiteID === "string");
+        assert_true(sameSiteID !== crossSiteID, "IDs pulled from two partitioned iframes are different.")
+      });
+
+      // Clear storage state to clean up after the test.
+      iframe.contentWindow.sessionStorage.clear();
+      crossSiteWindow.postMessage({command: "clearStorage"}, altOrigin);
+      t.done();
+    };
+  }));
+}, "Simple test for partitioned sessionStorage");
+</script>
+</body>