localstorage: test storage is not shared across iframes with opaque origins (#44038)

Adds a WPT test to make sure we do not share the storage thread between any document that has an opaque URL. The test is required for #43988 Testing: Adds a WPT test. Fixes: #44001 --------- Signed-off-by: Niya Gupta <niyabits@disroot.org>
2026-04-25 17:15:48 +02:00 · 2026-04-10 23:28:58 +05:30
parent 3bf38ef7ea
commit c3d4c014c7
4 changed files with 69 additions and 0 deletions
--- a/tests/wpt/meta/MANIFEST.json
+++ b/tests/wpt/meta/MANIFEST.json
@@ -566709,6 +566709,10 @@
      "90d3a4309ec32596faa2084c91b21915d0c798a9",
      []
     ],
+     "localstorage_origin_page_two.html": [
+      "d10c877e576c24099311eb16ae01b0d02f238d75",
+      []
+     ],
     "partitioning-utils.js": [
      "9d9e0b8ac5ccdff2fd4358766fa219979b1ad589",
      []
@@ -967252,6 +967256,13 @@
      }
     ]
    ],
+    "localstorage-share-data-unrelated-origins.html": [
+     "bcc405940cc99b4299b7772e1746543c80043f46",
+     [
+      null,
+      {}
+     ]
+    ],
    "missing_arguments.window.js": [
     "2e41a22ec70cedc30bae3bb3b0974572b85ee6c7",
     [
--- a/tests/wpt/meta/webstorage/localstorage-share-data-unrelated-origins.html.ini
+++ b/tests/wpt/meta/webstorage/localstorage-share-data-unrelated-origins.html.ini
@@ -0,0 +1,3 @@
+[localstorage-share-data-unrelated-origins.html]
+  [Ensure two about:srcdoc origins cannot share localstorage]
+    expected: FAIL
--- a/tests/wpt/tests/webstorage/localstorage-share-data-unrelated-origins.html
+++ b/tests/wpt/tests/webstorage/localstorage-share-data-unrelated-origins.html
@@ -0,0 +1,40 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>localStorage: origin sharing test</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src='/common/get-host-info.sub.js'></script>
+<iframe id="iframe" srcdoc="
+  <script>
+    window.localStorage.setItem('test', 'user')
+  </script>
+"></iframe>
+
+<body>
+  <div id="testDiv"></div>
+  <script>
+    // Here's the set-up for this test:
+    // Step 1. (iframe) has the URI about:srcdoc and sets a localstorage key.
+    // Step 2. (window) an onload handler for the iframe runs a JavaScript function that
+    //          creates a new iframe with cross-origin URL to page two.
+    // Step 3. (page two iframe) has the URI about:src.
+    //          It retrieves the value from localStorage set by the iframe in step 1.
+    //          And sends the value using postMessage to window.parent.parent
+    // Step 4. (window) Uses an `onmessage` handler to recieve the value from the dispatched event.
+    //          A test inside the handler uses assert_not_equals to verify that
+    //          the two origins do not share the same localStorage
+    var t = async_test(t => {
+      const iframe = document.getElementById("iframe")
+      const pageURL = get_host_info().HTTP_REMOTE_ORIGIN + "/webstorage/resources/localstorage_origin_page_two.html";
+
+      iframe.addEventListener("load", t.step_func(() => {
+        const iframe_page_two = document.createElement("iframe");
+        iframe_page_two.src = pageURL;
+        testDiv.appendChild(iframe_page_two);
+        window.onmessage = t.step_func(function(e) {
+          assert_not_equals(e.data, 'user');
+          t.done()
+        })
+      }))
+    }, "Ensure two about:srcdoc origins cannot share localstorage")
+  </script>
--- a/tests/wpt/tests/webstorage/resources/localstorage_origin_page_two.html
+++ b/tests/wpt/tests/webstorage/resources/localstorage_origin_page_two.html
@@ -0,0 +1,15 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>localStorage: origin test page two</title>
+<iframe id="iframe" srcdoc="
+  <script src='/common/get-host-info.sub.js'></script>
+  <script>
+    const value = window.localStorage.getItem('test');
+    const pageURL = get_host_info().HTTP_ORIGIN;
+    window.parent.parent.postMessage(value, pageURL);
+  </script>
+"></iframe>
+<body>
+</body>
+<script>
+</script>