Add some multi-global navigation tests

For whatwg/html#6514.

fetch/metadata/multi-globals.https.sub.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Multi-globals: which one is the initiator?</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<body>
+<script>
+"use strict";
+document.domain = "{{hosts[][]}}";
+
+promise_test(async t => {
+  const iframe = await insertIframe(t);
+
+  // In terms of https://github.com/whatwg/html/issues/6514,
+  // - incumbentNavigationOrigin = this page's origin, https://{{hosts[][]}}:{{ports[https][0]}}
+  // - source browsing context = iframe element's node document's BC so
+  //   source BC's active document's origin = outer frame origin, https://{{hosts[][www]}}:{{ports[https][0]}}
+  // - destination origin = https://{{hosts[][]}}:{{ports[https][0]}} (this page's origin)
+  //
+  // If Sec-Fetch-Site uses incumbentNavigationOrigin then the result will be same-origin.
+  // If Sec-Fech-Site uses source BC's active document's origin then the result will be same-site.
+  iframe.contentDocument.querySelector("iframe").src = "https://{{hosts[][]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py";
+
+  const data = await waitForMessage();
+  assert_equals(data.site, "same-origin"); // TODO figure out if this is correct. It'd be nice to get rid of incumbentNavigationOrigin.
+}, "Using iframeEl.src");
+
+promise_test(async t => {
+  const iframe = await insertIframe(t);
+
+  // Here, https://html.spec.whatwg.org/#location-object-navigate sets the source browsing context to the
+  // incumbent settings object's browsing context. So both incumbentNavigationOrigin and source BC's active document's
+  // origin both = this page's origin, https://{{hosts[][]}}:{{ports[https][0]}}.
+  //
+  // So, the result needs to be same-origin.
+
+  iframe.contentWindow.frames[0].location.href = "https://{{hosts[][]}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py";
+
+  const data = await waitForMessage();
+  assert_equals(data.site, "same-origin");
+}, "Using location.href");
+
+function insertIframe(t) {
+  return new Promise((resolve, reject) => {
+    const iframe = document.createElement("iframe");
+    iframe.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/multi-globals-subframe-1.sub.html";
+    iframe.onload = () => resolve(iframe);
+    iframe.onerror = () => reject(new Error("Failed to load iframe"));
+
+    t.add_cleanup(() => iframe.remove());
+
+    document.body.append(iframe);
+  });
+}
+
+function waitForMessage() {
+  return new Promise(resolve => {
+    window.addEventListener("message", e => {
+      resolve(e.data);
+    }, { once: true });
+  });
+}
+</script>

fetch/metadata/resources/multi-globals-subframe-1.sub.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Multi-globals test outer subframe</title>
+
+<script>
+"use strict";
+document.domain = "{{hosts[][]}}";
+</script>
+
+<iframe></iframe>

html/browsers/browsing-the-web/navigating-across-documents/about-blank-multi-globals.sub.html

@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Multi-globals: which one is the initiator?</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<body>
+<script>
+"use strict";
+document.domain = "{{hosts[][]}}";
+
+promise_test(async t => {
+  const iframe = await insertIframe(t);
+  const innerIframe =  iframe.contentDocument.querySelector("iframe");
+
+  // In terms of https://github.com/whatwg/html/issues/6514,
+  // - incumbentNavigationOrigin = this page's origin, https://{{hosts[][]}}:{{ports[https][0]}}
+  // - source browsing context = iframe element's node document's BC so
+  //   source BC's active document's origin = outer frame origin, https://{{hosts[][www]}}:{{ports[https][0]}}
+  // - destination origin = https://{{hosts[][]}}:{{ports[https][0]}} (this page's origin)
+  //
+  // If the response's origin is constructed using incumbentNavigationOrigin, then the innermost iframe will be
+  // same-origin. If it's constructed using the source browsing context's active document's origin, then it will be
+  // cross-origin.
+  innerIframe.src = "about:blank";
+
+  await waitForLoad(innerIframe, "Failed to load the about:blank URL");
+
+  // Test passes if this does not throw
+  innerIframe.contentDocument.body;
+}, "Using iframeEl.src");
+
+promise_test(async t => {
+  const iframe = await insertIframe(t);
+  const innerIframe =  iframe.contentDocument.querySelector("iframe");
+
+  // Here, https://html.spec.whatwg.org/#location-object-navigate sets the source browsing context to the
+  // incumbent settings object's browsing context. So both incumbentNavigationOrigin and source BC's active document's
+  // origin both = this page's origin, https://{{hosts[][]}}:{{ports[https][0]}}.
+  //
+  // So, the check will definitely pass.
+
+  innerIframe.src = "about:blank";
+
+  await waitForLoad(innerIframe, "Failed to load the about:blank URL");
+
+  // Test passes if this does not throw
+  innerIframe.contentDocument.body;
+}, "Using location.href");
+
+function insertIframe(t) {
+  return new Promise((resolve, reject) => {
+    const iframe = document.createElement("iframe");
+    iframe.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/html/browsers/browsing-the-web/navigating-across-documents/resources/multi-globals-subframe-1.sub.html";
+    iframe.onload = () => resolve(iframe);
+    iframe.onerror = () => reject(new Error("Failed to load the outer iframe"));
+
+    t.add_cleanup(() => iframe.remove());
+
+    document.body.append(iframe);
+  });
+}
+
+function waitForLoad(iframe, errorMessage = "Failed to load iframe") {
+  return new Promise((resolve, reject) => {
+    iframe.onload = () => resolve(iframe);
+    iframe.onerror = () => reject(new Error(errorMessage));
+  });
+}
+</script>

html/browsers/browsing-the-web/navigating-across-documents/javascript-url-multi-globals.sub.html

@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Multi-globals: which one is the initiator?</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<body>
+<script>
+"use strict";
+document.domain = "{{hosts[][]}}";
+
+promise_test(async t => {
+  const iframe = await insertIframe(t);
+  const innerIframe =  iframe.contentDocument.querySelector("iframe");
+
+  // In terms of https://github.com/whatwg/html/issues/6514,
+  // - incumbentNavigationOrigin = this page's origin, https://{{hosts[][]}}:{{ports[https][0]}}
+  // - source browsing context = iframe element's node document's BC so
+  //   source BC's active document's origin = outer frame origin, https://{{hosts[][www]}}:{{ports[https][0]}}
+  // - destination origin = https://{{hosts[][]}}:{{ports[https][0]}} (this page's origin)
+  //
+  // The iframe's current origin is this origin, https://{{hosts[][]}}:{{ports[https][0]}}.
+  // If javascript:'s security check uses incumbentNavigationOrigin vs. the iframe's current origin
+  // then the check will pass and the result will get written.
+  // If javascript:'s security check uses source BC's active document's origin  vs. the iframe's current origin
+  // then the check will fail and the result will not be written.
+ innerIframe.src = "javascript:'test'";
+
+  await waitForLoad(innerIframe, "Failed to load the javascript: URL");
+
+  assert_equals(innerIframe.contentDocument.body.textContent, "test"); // TODO figure out if this is actually expected
+}, "Using iframeEl.src");
+
+promise_test(async t => {
+  const iframe = await insertIframe(t);
+  const innerIframe =  iframe.contentDocument.querySelector("iframe");
+
+  // Here, https://html.spec.whatwg.org/#location-object-navigate sets the source browsing context to the
+  // incumbent settings object's browsing context. So both incumbentNavigationOrigin and source BC's active document's
+  // origin both = this page's origin, https://{{hosts[][]}}:{{ports[https][0]}}.
+  //
+  // So, the check will definitely pass.
+
+  iframe.contentWindow.frames[0].location.href = "javascript:'test'";
+
+  await waitForLoad(innerIframe, "Failed to load the javascript: URL");
+
+  assert_equals(innerIframe.contentDocument.body.textContent, "test");
+}, "Using location.href");
+
+function insertIframe(t) {
+  return new Promise((resolve, reject) => {
+    const iframe = document.createElement("iframe");
+    iframe.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/html/browsers/browsing-the-web/navigating-across-documents/resources/multi-globals-subframe-1.sub.html";
+    iframe.onload = () => resolve(iframe);
+    iframe.onerror = () => reject(new Error("Failed to load the outer iframe"));
+
+    t.add_cleanup(() => iframe.remove());
+
+    document.body.append(iframe);
+  });
+}
+
+function waitForLoad(iframe, errorMessage = "Failed to load iframe") {
+  return new Promise((resolve, reject) => {
+    iframe.onload = () => resolve(iframe);
+    iframe.onerror = () => reject(new Error(errorMessage));
+  });
+}
+</script>

html/browsers/browsing-the-web/navigating-across-documents/resources/multi-globals-subframe-1.sub.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Multi-globals test outer subframe</title>
+
+<script>
+"use strict";
+document.domain = "{{hosts[][]}}";
+</script>
+
+<iframe src="https://{{hosts[][]}}:{{ports[https][0]}}/html/browsers/browsing-the-web/navigating-across-documents/resources/multi-globals-subframe-2.sub.html"></iframe>

html/browsers/browsing-the-web/navigating-across-documents/resources/multi-globals-subframe-2.sub.html

@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Multi-globals test inner subframe</title>
+
+<script>
+"use strict";
+document.domain = "{{hosts[][]}}";
+</script>