Open srujzs opened 4 weeks ago
Summary: The test_runner
does not report violations of the same-origin policy when running tests that access cross-origin windows using JS interop. This leads to incorrect test results, as the code should throw a SecurityError
but does not.
This is a similar issue as https://github.com/dart-lang/test/issues/2282.
Running the following code:
does not result in a
SecurityError
when run withtools/test.py -r chrome -c dart2js <test_path>
.devicePixelRatio
is a disallowed API on cross-origin windows. When I single-stepped the test however, the test does throw that error:SecurityError: Failed to read a named property 'devicePixelRatio' from 'Window': Blocked a frame with origin "http://127.0.0.1:61457" from accessing a cross-origin frame.
It's possible we may need to enable same-origin policy (if possible) for this. It'd be useful to enable this so that we can run interop tests like
cross_origin_test
correctly.