1 files changed, 29 insertions, 12 deletions

diff --git a/tests/wpt/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js b/tests/wpt/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js
index ebc9f2b1f14..7ca4edef8ab 100644
--- a/tests/wpt/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js
+++ b/tests/wpt/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js
@@ -52,7 +52,8 @@ const eLoadInEverything        = eLoadInPopup | eLoadInUnsandboxedIframe | eLoad
 
 // Flags indicating if a document type is expected to be a Secure Context:
 const eSecureNo              = 1;
-const eSecureIfCreatorSecure = 2;
+const eSecureIfNewWindow     = 2;
+const eSecureIfCreatorSecure = 3;
 
 // Flags indicating how the result of a test is obtained:
 const eResultFromPostMessage       = 1;
@@ -69,7 +70,7 @@ const loadTypes = [
   new LoadType("an https: URI",
                eLoadInEverything,
                https_dir + "postMessage-helper.https.html",
-               eSecureIfCreatorSecure,
+               eSecureIfNewWindow,
                eResultFromPostMessage),
   new LoadType("a blob: URI",
                eLoadInEverything,
@@ -80,7 +81,7 @@ const loadTypes = [
                // popup not relevant:
                eLoadInUnsandboxedIframe | eLoadInSandboxedIframe,
                "<script>(opener||parent).postMessage(isSecureContext, '*')</script>",
-               eSecureIfCreatorSecure,
+               eSecureIfNewWindow,
                eResultFromPostMessage),
   new LoadType("a javascript: URI",
                // can't load in sandbox:
@@ -179,31 +180,39 @@ LoadTarget.prototype.load_and_get_result_for = function(loadType) {
                                 " loading " + loadType.desc)
   if (loadType.resultFrom == eResultFromExaminationSync) {
     let domTarget = this.open(loadType);
-    let result = domTarget instanceof Window ?
+    let isFrame = domTarget instanceof HTMLIFrameElement;
+    let result = !isFrame ?
           domTarget.isSecureContext : domTarget.contentWindow.isSecureContext;
     this.close(domTarget);
-    return Promise.resolve(result);
+    return Promise.resolve({ result: result, isFrame: isFrame});
   }
   let target = this;
   if (loadType.resultFrom == eResultFromExaminationOnLoad) {
     return new Promise(function(resolve, reject) {
       function handleLoad(event) {
-        let result = domTarget instanceof Window ?
+        clearTimeout(timer);
+        let isFrame = domTarget instanceof HTMLIFrameElement;
+        let result = !isFrame ?
               domTarget.isSecureContext : domTarget.contentWindow.isSecureContext;
         domTarget.removeEventListener("load", handleLoad);
         target.close(domTarget);
-        resolve(result);
+        resolve({ result: result, isFrame: isFrame});
       }
       let domTarget = target.open(loadType);
       domTarget.addEventListener("load", handleLoad, false);
+
+      // Some browsers don't fire `load` events for `about:blank`. That's weird, but it also
+      // isn't what we're testing here.
+      let timer = setTimeout(handleLoad, 500);
     });
   }
   if (loadType.resultFrom == eResultFromPostMessage) {
     return new Promise(function(resolve, reject) {
       function handleMessage(event) {
+        let isFrame = domTarget instanceof HTMLIFrameElement;
         window.removeEventListener("message", handleMessage);
         target.close(domTarget);
-        resolve(event.data);
+        resolve({ result: event.data, isFrame: isFrame});
       }
       window.addEventListener("message", handleMessage, false);
       let domTarget = target.open(loadType);
@@ -232,13 +241,21 @@ function run_next_test() {
     function(value) {
       run_next_test_soon();
       loadTarget.currentTest.step(function() {
+        // If the new context is always non-secure, the assertion is straightforward.
         if (loadType.expectedSecureFlag == eSecureNo) {
-          assert_false(value, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context");
-        } else if (loadType.expectedSecureFlag == eSecureIfCreatorSecure) {
+          assert_false(value.result, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context");
+        // If the new context is always secure if opened in a new window, and it's
+        // been opened in a new window, the assertion is likewise straightforward.
+        } else if (loadType.expectedSecureFlag == eSecureIfNewWindow && !value.isFrame) {
+          assert_true(value.result, loadType.desc + " in " + loadTarget.desc + " should create a secure context regardless of its creator's state.");
+        // Otherwise, we're either dealing with a context that's secure if and only
+        // if its creator context (e.g. this window) is secure.
+        } else if ((loadType.expectedSecureFlag == eSecureIfNewWindow && value.isFrame) ||
+                   (loadType.expectedSecureFlag == eSecureIfCreatorSecure)) {
           if (!window.isSecureContext) {
-            assert_false(value, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context when its creator is not a Secure Context.");
+            assert_false(value.result, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context when its creator is not a Secure Context.");
           } else {
-            assert_true(value, loadType.desc + " in " + loadTarget.desc + " should create a Secure Context when its creator is a Secure Context");
+            assert_true(value.result, loadType.desc + " in " + loadTarget.desc + " should create a Secure Context when its creator is a Secure Context");
           }
         } else {
           assert_unreached(loadType.desc + " - unknown expected secure flag: " + expectedSecureFlag);