Test iframes over file scheme in tst_Origins::mixedSchemes

Add previously missing combinations of schemes to the test. Task-number: QTBUG-62536 Change-Id: Idee99ba03ee17af056e57dd0b1ecbf1b6bc80dcd Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Jüri Valdmann <juri.valdmann@qt.io> 2018-06-01 14:09:46 +0200
committer: Jüri Valdmann <juri.valdmann@qt.io> 2018-06-28 08:27:58 +0000
commit: c0d4761f1ee5b09fc908f8d9a58f6fb83e9b79a6 (patch)
tree: 8fbf009193fe2102eee36b2f1cd1a7d23b6a8b51 /tests/auto/widgets/origins
parent: 9055a9ba59c4077a676c9ec6438afb717fa6ca83 (diff)
6 files changed, 64 insertions, 43 deletions
diff --git a/tests/auto/widgets/origins/resources/mixed.html b/tests/auto/widgets/origins/resources/mixed.html
new file mode 100644
index 000000000..c73e9ecdc
--- /dev/null
+++ b/tests/auto/widgets/origins/resources/mixed.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Mixed</title>
+        <script>
+         var result;
+         var canary;
+
+         function setIFrameUrl(url) {
+             result = undefined;
+             canary = undefined;
+             document.getElementById("iframe").setAttribute("src", url);
+             // Early fire is OK unless the test is expecting cannotLoad.
+             // If timeout is too short then a false positive is possible.
+             setTimeout(() => { result = result || "cannotLoad"; }, 500);
+         }
+
+         addEventListener("load", function() {
+             document.getElementById("iframe").addEventListener("load", function() {
+                 if (canary && window[0].canary)
+                     result = "canLoadAndAccess";
+                 else
+                     result = "canLoadButNotAccess";
+             });
+         });
+        </script>
+    </head>
+    <body>
+        <iframe id="iframe"></iframe>
+    </body>
+</html>
diff --git a/tests/auto/widgets/origins/resources/mixed_frame.html b/tests/auto/widgets/origins/resources/mixed_frame.html
index 53d341b93..00c20ba37 100644
--- a/tests/auto/widgets/origins/resources/mixed_frame.html
+++ b/tests/auto/widgets/origins/resources/mixed_frame.html
@@ -3,7 +3,8 @@
     <head>
         <title>Mixed - Frame</title>
         <script>
-         parent.msg = "mixed";
+         var canary = true;
+         parent.canary = true;
         </script>
     </head>
     <body></body>
diff --git a/tests/auto/widgets/origins/resources/mixed_qrc.html b/tests/auto/widgets/origins/resources/mixed_qrc.html
deleted file mode 100644
index 664f7af6f..000000000
--- a/tests/auto/widgets/origins/resources/mixed_qrc.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html>
-    <head>
-        <title>Mixed</title>
-        <script>
-         var msg;
-        </script>
-    </head>
-    <body>
-        <iframe src="qrc:///resources/mixed_frame.html"></iframe>
-    </body>
-</html>
diff --git a/tests/auto/widgets/origins/resources/mixed_tst.html b/tests/auto/widgets/origins/resources/mixed_tst.html
deleted file mode 100644
index 627e58098..000000000
--- a/tests/auto/widgets/origins/resources/mixed_tst.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html>
-    <head>
-        <title>Mixed</title>
-        <script>
-         var msg;
-        </script>
-    </head>
-    <body>
-        <iframe src="tst:///resources/mixed_frame.html"></iframe>
-    </body>
-</html>
diff --git a/tests/auto/widgets/origins/tst_origins.cpp b/tests/auto/widgets/origins/tst_origins.cpp
index 6b1b4bba5..26329c5b5 100644
--- a/tests/auto/widgets/origins/tst_origins.cpp
+++ b/tests/auto/widgets/origins/tst_origins.cpp
@@ -226,24 +226,38 @@ void tst_Origins::subdirWithoutAccess()
     QCOMPARE(eval(QSL("msg[1]")), QVariant(QSL("world")));
 }
 
-// Try to mix schemes, for example by loading the main page over file with an
-// iframe over qrc. This should be forbidden.
+// Load the main page over one scheme with an iframe over another scheme.
+//
+// For file and qrc schemes, the iframe should load but it should not be
+// possible for scripts in different frames to interact.
+//
+// Additionally for custom schemes access to local content is forbidden, so it
+// should not be possible to load an iframe over the file: scheme.
 void tst_Origins::mixedSchemes()
 {
-    QVERIFY(load(QSL("file:" THIS_DIR "resources/mixed_qrc.html")));
-    QCOMPARE(eval(QSL("msg")), QVariant());
-    QVERIFY(load(QSL("file:" THIS_DIR "resources/mixed_tst.html")));
-    QCOMPARE(eval(QSL("msg")), QVariant());
-
-    QVERIFY(load(QSL("qrc:/resources/mixed_qrc.html")));
-    QCOMPARE(eval(QSL("msg")), QVariant(QSL("mixed")));
-    QVERIFY(load(QSL("qrc:/resources/mixed_tst.html")));
-    QCOMPARE(eval(QSL("msg")), QVariant());
-
-    QVERIFY(load(QSL("tst:/resources/mixed_qrc.html")));
-    QCOMPARE(eval(QSL("msg")), QVariant());
-    QVERIFY(load(QSL("tst:/resources/mixed_tst.html")));
-    QCOMPARE(eval(QSL("msg")), QVariant(QSL("mixed")));
+    QVERIFY(load(QSL("file:" THIS_DIR "resources/mixed.html")));
+    eval(QSL("setIFrameUrl('file:" THIS_DIR "resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadAndAccess")));
+    eval(QSL("setIFrameUrl('qrc:/resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess")));
+    eval(QSL("setIFrameUrl('tst:/resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess")));
+
+    QVERIFY(load(QSL("qrc:/resources/mixed.html")));
+    eval(QSL("setIFrameUrl('file:" THIS_DIR "resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess")));
+    eval(QSL("setIFrameUrl('qrc:/resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadAndAccess")));
+    eval(QSL("setIFrameUrl('tst:/resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess")));
+
+    QVERIFY(load(QSL("tst:/resources/mixed.html")));
+    eval(QSL("setIFrameUrl('file:" THIS_DIR "resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("cannotLoad")));
+    eval(QSL("setIFrameUrl('qrc:/resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadButNotAccess")));
+    eval(QSL("setIFrameUrl('tst:/resources/mixed_frame.html')"));
+    QTRY_COMPARE(eval(QSL("result")), QVariant(QSL("canLoadAndAccess")));
 }
 
 // Try opening a WebSocket from pages loaded over various URL schemes.
diff --git a/tests/auto/widgets/origins/tst_origins.qrc b/tests/auto/widgets/origins/tst_origins.qrc
index fbbbef139..410cdc8a7 100644
--- a/tests/auto/widgets/origins/tst_origins.qrc
+++ b/tests/auto/widgets/origins/tst_origins.qrc
@@ -3,9 +3,8 @@
 <qresource>
     <file>resources/dedicatedWorker.html</file>
     <file>resources/dedicatedWorker.js</file>
+    <file>resources/mixed.html</file>
     <file>resources/mixed_frame.html</file>
-    <file>resources/mixed_qrc.html</file>
-    <file>resources/mixed_tst.html</file>
     <file>resources/serviceWorker.html</file>
     <file>resources/serviceWorker.js</file>
     <file>resources/sharedWorker.html</file>
author	Jüri Valdmann <juri.valdmann@qt.io>	2018-06-01 14:09:46 +0200
committer	Jüri Valdmann <juri.valdmann@qt.io>	2018-06-28 08:27:58 +0000
commit	c0d4761f1ee5b09fc908f8d9a58f6fb83e9b79a6 (patch)
tree	8fbf009193fe2102eee36b2f1cd1a7d23b6a8b51 /tests/auto/widgets/origins
parent	9055a9ba59c4077a676c9ec6438afb717fa6ca83 (diff)