Bug 1926107 [wpt PR 48741] - WPT for Navigations on Opaque Origins, a=testonly

Automatic update from web-platform-tests
WPT for Navigations on Opaque Origins

Bug: 361751872
Change-Id: I82408f1a73930807f9a8e8642094b687ce17a480
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5935712
Reviewed-by: Andrew Williams <[email protected]>
Commit-Queue: Janice Liu <[email protected]>
Reviewed-by: Kyra Seevers <[email protected]>
Auto-Submit: Janice Liu <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1371585}

--

wpt-commits: 754c94f52671d1354ed53c9c74b3aa5705cf982b
wpt-pr: 48741

Author: Jenny-233

testing/web-platform/tests/FileAPI/BlobURL/cross-partition-navigation.tentative.https.html

@@ -114,7 +114,7 @@
         reject(`Blob URL wasn't opened in same-top-level-site iframe: ${response_2}`);
       }
       const noopener_response_2 = await receive(noopener_response_queue);
-      if (noopener_response_2 !== opener_non_null_response) {
+      if (noopener_response_2 !== opener_not_null_response) {
         reject(`Blob URL page opener was null in same-top-level-site iframe`);
       }
       resolve();
@@ -124,5 +124,46 @@
   });
 }, "Blob URL navigation should enforce noopener for a cross-top-level-site navigation");
 
+// Tests navigating to a cross-frame-origin opaque Blob URL where the embedded origin is null.
+promise_test(t => {
+  return new Promise(async (resolve, reject) => {
+    try {
+      const noopener_response_queue = token();
+      const url_queue = token();
+
+      const data_frame_html = `
+        <!doctype html>
+        <!-- dispatcher.js requires the baseURI to be set in order to compute \
+          the server path correctly in the data URL page. -->
+        <base href="${window.location.href}">
+        <script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"><\/script>
+        <script src="/html/anonymous-iframe/resources/common.js"><\/script>
+        <script src="/common/utils.js"><\/script>
+        <script src="/common/dispatcher/dispatcher.js"><\/script>
+        <script>
+          const frame_html = \`<!doctype html><body>test</body>\`;
+          const blob = new Blob([frame_html], {type : "text/html"});
+          const blob_url = URL.createObjectURL(blob);
+          send("${url_queue}", blob_url);
+        <\/script>
+      `;
+
+      const iframe = document.body.appendChild(document.createElement("iframe"));
+      iframe.src = `data:text/html, ${data_frame_html}`;
+
+      const blob_url = await receive(url_queue);
+      const handle = window.open(blob_url);
+      t.add_cleanup(() => iframe.remove());
+      if (handle !== null) {
+        handle.close();
+        reject(`Cross-origin opaque blob URL navigation succeeded.`);
+      }
+      resolve();
+    } catch (e) {
+      reject(e);
+    }
+  });
+}, "Navigation to a cross-origin opaque blob URL is blocked.");
+
 </script>
 </body>