Navigation: non-traditional about:srcdoc WPTs

This CL adds WPTs for some observable behavior (request referrer string
resolution) defined for "about:srcdoc" documents, and ensures that the
behavior is consistent between normal srcdoc documents and what I'm
calling nontraditional srdoc documents, which are those created via:
  1. `document.open()`
  2. `javascript:` URL navigations

Additionally, this CL tests the scenario where we run:

`history.replaceState(null, '', 'about:srcdoc#foo')`

... inside the about:srcdoc iframe to give it the above URL. We then
re-run the referrer resolution test to ensure the
`about:srcdoc#foo` is treated as a normal `about:srcdoc` iframe.

Chromium fails that last part due to a bug in
`blink::CanChangeToUrlForHistoryApi` causing the implementation to
deviate from the spec; see https://crbug.com/1465972.

See whatwg/html#9514.

R=domenic@chromium.org

Bug: 1465972
Change-Id: I62939511995f929f0ad4ce8c121172b1194e2b2e

html/infrastructure/urls/terminology-0/nontraditional-about-srcdoc.html

@@ -0,0 +1,106 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Non-traditional about:srcdoc documents</title>
+<link rel="help" href="https://github.com/whatwg/html/issues/9514">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+promise_test(async t => {
+  const iframe = document.createElement('iframe');
+
+  const srcdocOpenPromise = new Promise(resolve => {
+    window.srcdocOpenResolve = resolve;
+  });
+
+  iframe.srcdoc = `
+    <body onload="document.open();window.parent.srcdocOpenResolve();"></body>`;
+  document.body.append(iframe);
+
+  await srcdocOpenPromise;
+  assert_equals(iframe.contentDocument.URL, 'about:srcdoc');
+
+  // Calling the `about:srcdoc` Window's `fetch()` like this uses that Window's
+  // environment settings object as the request's client, which is where the
+  // request's referrer comes from, per
+  // https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer.
+  //
+  // If this `document.open()`d srcdoc document is considered a proper
+  // `about:srcdoc` document, the referrer will not be `about:srcdoc`, but will
+  // instead come from the parent document.
+  let referrer = await iframe.contentWindow.fetch('resources/echo-referrer-text.py');
+  referrer = await referrer.text();
+  assert_equals(referrer, location.href,
+      'The request referrer is retrieved from the parent document for ' +
+      'about:srcdoc documents');
+
+  // Observe that the "about base URL" is retrieved [1] for `document.baseURI`
+  // as well, indicating that the document is treated like a normal srcdoc
+  // document.
+  // [1]: https://html.spec.whatwg.org/#fallback-base-url
+  assert_equals(iframe.contentDocument.baseURI, location.href,
+      'The about base URL is retrieved as the base URL for srcdoc documents');
+}, 'about:srcdoc with document.open() is treated like a normal about:srcdoc document');
+
+promise_test(async t => {
+  const iframe = document.createElement('iframe');
+
+  const javascriptURLPromise = new Promise(resolve => {
+    window.javascriptURLResolve = resolve;
+  });
+
+  iframe.srcdoc = `
+  <script>
+    location.href = "javascript:'<body onload=window.parent.javascriptURLResolve();>Document contents here</body>'";
+  </scr`+`ipt>`;
+  document.body.append(iframe);
+
+  // This promise will resolve as a result of script running in the *new*
+  // document that gets created by the `javascript:` URL.
+  await javascriptURLPromise;
+  assert_equals(iframe.contentDocument.URL, 'about:srcdoc');
+
+  // See the first assertion in the first test in this file.
+  let referrer = await iframe.contentWindow.fetch('resources/echo-referrer-text.py');
+  referrer = await referrer.text();
+  assert_equals(referrer, location.href,
+      'The request referrer is retrieved from the parent document for ' +
+      'about:srcdoc documents');
+
+  // See the second assertion in the first test in this file.
+  assert_equals(iframe.contentDocument.baseURI, location.href,
+      'The about base URL is retrieved as the base URL for srcdoc documents');
+}, 'about:srcdoc navigated via a `javascript:` URL is treated like a normal about:srcdoc document');
+
+promise_test(async t => {
+  const iframe = document.createElement('iframe');
+
+  const srcdocLoadPromise = new Promise(resolve => {
+    iframe.onload = resolve;
+  });
+  iframe.srcdoc = `Document contents here`;
+  document.body.append(iframe);
+
+  await srcdocLoadPromise;
+  assert_equals(iframe.contentDocument.URL, 'about:srcdoc');
+
+  // Change the document's URL to `about:srcdoc#foo` and ensure that the
+  // observable behavior in that document is consistent with treating it as a
+  // normal `about:srcdoc` document.
+  iframe.contentWindow.history.replaceState(null, '', 'about:srcdoc#foo');
+  assert_equals(iframe.contentDocument.URL, 'about:srcdoc#foo');
+
+  // See the first assertion in the first test in this file.
+  let referrer = await iframe.contentWindow.fetch('resources/echo-referrer-text.py');
+  referrer = await referrer.text();
+  assert_equals(referrer, location.href,
+      'The request referrer is retrieved from the parent document for ' +
+      'about:srcdoc documents');
+
+  // See the second assertion in the first test in this file.
+  assert_equals(iframe.contentDocument.baseURI, location.href,
+      'The about base URL is retrieved as the base URL for srcdoc documents');
+}, 'about:srcdoc with URL changed by history.replaceState() is treated like ' +
+   'a normal about:srcdoc document');
+</script>
+</body>

html/infrastructure/urls/terminology-0/resources/echo-referrer-text.py

@@ -0,0 +1,4 @@
+def main(request, response):
+    response_headers = [(b"Content-Type", b"text/plain")]
+    body = b"%s"% request.headers.get(b"referer", b"")
+    return (200, response_headers, body)