Add m-esr52 at 52.6.0

8 files changed, 553 insertions, 0 deletions

diff --git a/testing/web-platform/tests/html/browsers/origin/.gitkeep b/testing/web-platform/tests/html/browsers/origin/.gitkeep
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/.gitkeep
diff --git a/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-on-new-window.html b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-on-new-window.html
new file mode 100644
index 000000000..3ad0de6a3
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-on-new-window.html
@@ -0,0 +1,25 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta name="timeout" content="long">
+<title>Cross-origin behavior of Window and Location on new Window</title>
+<link rel="author" title="Bobby Holley (:bholley)" href="bobbyholley@gmail.com">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#security-window">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#security-location">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<div id=log></div>
+<script>
+setup({explicit_done: true});
+
+window.addEventListener('message', function onmessage(evt) {
+  window.removeEventListener('message', onmessage);
+  test(function() {
+    var results = evt.data;
+    assert_true(results.length > 0, 'Need results');
+    results.forEach(function(r) { assert_true(r.pass, r.message); });
+  }, "Cross-origin object identity preserved across document.domain");
+  win.close();
+  done();
+});
+var win = window.open('win-documentdomain.sub.html');
+</script>
diff --git a/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
new file mode 100644
index 000000000..090510de6
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
@@ -0,0 +1,373 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta name="timeout" content="long">
+<title>Cross-origin behavior of Window and Location</title>
+<link rel="author" title="Bobby Holley (:bholley)" href="bobbyholley@gmail.com">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#security-window">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#security-location">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<div id=log></div>
+<iframe id="B"></iframe>
+<iframe id="C"></iframe>
+<script>
+
+/*
+ * Setup boilerplate. This gives us a same-origin window "B" and a cross-origin
+ * window "C".
+ */
+var host_info = get_host_info();
+
+setup({explicit_done: true});
+path = location.pathname.substring(0, location.pathname.lastIndexOf('/')) + '/frame.html';
+var B = document.getElementById('B').contentWindow;
+var C = document.getElementById('C').contentWindow;
+B.frameElement.uriToLoad = path;
+C.frameElement.uriToLoad = get_host_info().HTTP_REMOTE_ORIGIN + path;
+
+function reloadSubframes(cb) {
+  var iframes = document.getElementsByTagName('iframe');
+  iframes.forEach = Array.prototype.forEach;
+  var count = 0;
+  function frameLoaded() {
+    this.onload = null;
+    if (++count == iframes.length)
+      cb();
+  }
+  iframes.forEach(function(ifr) { ifr.onload = frameLoaded; ifr.setAttribute('src', ifr.uriToLoad); });
+}
+function isObject(x) { return Object(x) === x; }
+
+/*
+ * Note: we eschew assert_equals in a lot of these tests, since the harness ends
+ * up throwing when it tries to format a message involving a cross-origin object.
+ */
+
+var testList = [];
+function addTest(fun, desc) { testList.push([fun, desc]); }
+
+
+/*
+ * Basic sanity testing.
+ */
+
+addTest(function() {
+  // Note: we do not check location.host as its default port semantics are hard to reflect statically
+  assert_equals(location.hostname, host_info.ORIGINAL_HOST, 'Need to run the top-level test from domain ' + host_info.ORIGINAL_HOST);
+  assert_equals(get_port(location), host_info.HTTP_PORT, 'Need to run the top-level test from port ' + host_info.HTTP_PORT);
+  assert_equals(B.parent, window, "window.parent works same-origin");
+  assert_equals(C.parent, window, "window.parent works cross-origin");
+  assert_equals(B.location.pathname, path, "location.href works same-origin");
+  assert_throws(null, function() { C.location.pathname; }, "location.pathname throws cross-origin");
+  assert_equals(B.frames, 'override', "Overrides visible in the same-origin case");
+  assert_equals(C.frames, C, "Overrides invisible in the cross-origin case");
+}, "Basic sanity-checking");
+
+/*
+ * Whitelist behavior.
+ *
+ * Also tests for [[GetOwnProperty]] and [[HasOwnProperty]] behavior.
+ */
+
+var whitelistedWindowPropNames = ['location', 'postMessage', 'window', 'frames', 'self', 'top', 'parent',
+                                  'opener', 'closed', 'close', 'blur', 'focus', 'length'];
+var whitelistedSymbols = [Symbol.isConcatSpreadable, Symbol.toStringTag,
+                          Symbol.hasInstance];
+var whitelistedWindowProps = whitelistedWindowPropNames.concat(whitelistedSymbols);
+
+addTest(function() {
+  for (var prop in window) {
+    if (whitelistedWindowProps.indexOf(prop) != -1) {
+      C[prop]; // Shouldn't throw.
+      Object.getOwnPropertyDescriptor(C, prop); // Shouldn't throw.
+      assert_true(Object.prototype.hasOwnProperty.call(C, prop), "hasOwnProperty for " + String(prop));
+    } else {
+      assert_throws(null, function() { C[prop]; }, "Should throw when accessing " + String(prop) + " on Window");
+      assert_throws(null, function() { Object.getOwnPropertyDescriptor(C, prop); },
+                    "Should throw when accessing property descriptor for " + prop + " on Window");
+      assert_throws(null, function() { Object.prototype.hasOwnProperty.call(C, prop); },
+                    "Should throw when invoking hasOwnProperty for " + prop + " on Window");
+    }
+    if (prop != 'location')
+      assert_throws(null, function() { C[prop] = undefined; }, "Should throw when writing to " + prop + " on Window");
+  }
+  for (var prop in location) {
+    if (prop == 'replace') {
+      C.location[prop]; // Shouldn't throw.
+      Object.getOwnPropertyDescriptor(C.location, prop); // Shouldn't throw.
+      assert_true(Object.prototype.hasOwnProperty.call(C.location, prop), "hasOwnProperty for " + prop);
+    }
+    else {
+      assert_throws(null, function() { C[prop]; }, "Should throw when accessing " + prop + " on Location");
+      assert_throws(null, function() { Object.getOwnPropertyDescriptor(C, prop); },
+                    "Should throw when accessing property descriptor for " + prop + " on Location");
+      assert_throws(null, function() { Object.prototype.hasOwnProperty.call(C, prop); },
+                    "Should throw when invoking hasOwnProperty for " + prop + " on Location");
+    }
+    if (prop != 'href')
+      assert_throws(null, function() { C[prop] = undefined; }, "Should throw when writing to " + prop + " on Location");
+  }
+}, "Only whitelisted properties are accessible cross-origin");
+
+/*
+ * ES Internal Methods.
+ */
+
+/*
+ * [[GetPrototypeOf]]
+ */
+addTest(function() {
+  assert_true(Object.getPrototypeOf(C) === null, "cross-origin Window proto is null");
+  assert_true(Object.getPrototypeOf(C.location) === null, "cross-origin Location proto is null (__proto__)");
+  var protoGetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').get;
+  assert_true(protoGetter.call(C) === null, "cross-origin Window proto is null");
+  assert_true(protoGetter.call(C.location) === null, "cross-origin Location proto is null (__proto__)");
+  assert_throws(null, function() { C.__proto__; }, "__proto__ property not available cross-origin");
+  assert_throws(null, function() { C.location.__proto__; }, "__proto__ property not available cross-origin");
+
+}, "[[GetPrototypeOf]] should return null");
+
+/*
+ * [[SetPrototypeOf]]
+ */
+addTest(function() {
+  assert_throws(null, function() { C.__proto__ = new Object(); }, "proto set on cross-origin Window");
+  assert_throws(null, function() { C.location.__proto__ = new Object(); }, "proto set on cross-origin Location");
+  var setters = [Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').set];
+  if (Object.setPrototypeOf)
+    setters.push(function(p) { Object.setPrototypeOf(this, p); });
+  setters.forEach(function(protoSetter) {
+    assert_throws(null, function() { protoSetter.call(C, new Object()); }, "proto setter |call| on cross-origin Window");
+    assert_throws(null, function() { protoSetter.call(C.location, new Object()); }, "proto setter |call| on cross-origin Location");
+  });
+}, "[[SetPrototypeOf]] should throw");
+
+/*
+ * [[IsExtensible]]
+ */
+addTest(function() {
+  assert_true(Object.isExtensible(C), "cross-origin Window should be extensible");
+  assert_true(Object.isExtensible(C.location), "cross-origin Location should be extensible");
+}, "[[IsExtensible]] should return true for cross-origin objects");
+
+/*
+ * [[PreventExtensions]]
+ */
+addTest(function() {
+  assert_throws(null, function() { Object.preventExtensions(C) },
+                "preventExtensions on cross-origin Window should throw");
+  assert_throws(null, function() { Object.preventExtensions(C.location) },
+                "preventExtensions on cross-origin Location should throw");
+}, "[[PreventExtensions]] should throw for cross-origin objects");
+
+/*
+ * [[GetOwnProperty]]
+ */
+
+addTest(function() {
+  assert_true(isObject(Object.getOwnPropertyDescriptor(C, 'close')), "C.close is |own|");
+  assert_true(isObject(Object.getOwnPropertyDescriptor(C, 'top')), "C.top is |own|");
+  assert_true(isObject(Object.getOwnPropertyDescriptor(C.location, 'href')), "C.location.href is |own|");
+  assert_true(isObject(Object.getOwnPropertyDescriptor(C.location, 'replace')), "C.location.replace is |own|");
+}, "[[GetOwnProperty]] - Properties on cross-origin objects should be reported |own|");
+
+function checkPropertyDescriptor(desc, propName, expectWritable) {
+  var isSymbol = (typeof(propName) == "symbol");
+  propName = String(propName);
+  assert_true(isObject(desc), "property descriptor for " + propName + " should exist");
+  assert_equals(desc.enumerable, false, "property descriptor for " + propName + " should be non-enumerable");
+  assert_equals(desc.configurable, true, "property descriptor for " + propName + " should be configurable");
+  if (isSymbol) {
+    assert_true("value" in desc,
+                "property descriptor for " + propName + " should be a value descriptor");
+    assert_equals(desc.value, undefined,
+                  "symbol-named cross-origin visible prop " + propName +
+                  " should come back as undefined");
+  }
+  if ('value' in desc)
+    assert_equals(desc.writable, expectWritable, "property descriptor for " + propName + " should have writable: " + expectWritable);
+  else
+    assert_equals(typeof desc.set != 'undefined', expectWritable,
+                  "property descriptor for " + propName + " should " + (expectWritable ? "" : "not ") + "have setter");
+}
+
+addTest(function() {
+  whitelistedWindowProps.forEach(function(prop) {
+    var desc = Object.getOwnPropertyDescriptor(C, prop);
+    checkPropertyDescriptor(desc, prop, prop == 'location');
+  });
+  checkPropertyDescriptor(Object.getOwnPropertyDescriptor(C.location, 'replace'), 'replace', false);
+  checkPropertyDescriptor(Object.getOwnPropertyDescriptor(C.location, 'href'), 'href', true);
+  assert_equals(typeof Object.getOwnPropertyDescriptor(C.location, 'href').get, 'undefined', "Cross-origin location should have no href getter");
+  whitelistedSymbols.forEach(function(prop) {
+    var desc = Object.getOwnPropertyDescriptor(C.location, prop);
+    checkPropertyDescriptor(desc, prop, false);
+  });
+}, "[[GetOwnProperty]] - Property descriptors for cross-origin properties should be set up correctly");
+
+/*
+ * [[Delete]]
+ */
+addTest(function() {
+  assert_throws(null, function() { delete C[0]; }, "Can't delete cross-origin indexed property");
+  assert_throws(null, function() { delete C[100]; }, "Can't delete cross-origin indexed property");
+  assert_throws(null, function() { delete C.location; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.parent; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.length; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.document; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.foopy; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.location.href; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.location.replace; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.location.port; }, "Can't delete cross-origin property");
+  assert_throws(null, function() { delete C.location.foopy; }, "Can't delete cross-origin property");
+}, "[[Delete]] Should throw on cross-origin objects");
+
+/*
+ * [[DefineOwnProperty]]
+ */
+function checkDefine(obj, prop) {
+  var valueDesc = { configurable: true, enumerable: false, writable: false, value: 2 };
+  var accessorDesc = { configurable: true, enumerable: false, get: function() {} };
+  assert_throws(null, function() { Object.defineProperty(obj, prop, valueDesc); }, "Can't define cross-origin value property " + prop);
+  assert_throws(null, function() { Object.defineProperty(obj, prop, accessorDesc); }, "Can't define cross-origin accessor property " + prop);
+}
+addTest(function() {
+  checkDefine(C, 'length');
+  checkDefine(C, 'parent');
+  checkDefine(C, 'location');
+  checkDefine(C, 'document');
+  checkDefine(C, 'foopy');
+  checkDefine(C.location, 'href');
+  checkDefine(C.location, 'replace');
+  checkDefine(C.location, 'port');
+  checkDefine(C.location, 'foopy');
+}, "[[DefineOwnProperty]] Should throw for cross-origin objects");
+
+/*
+ * [[Enumerate]]
+ */
+
+addTest(function() {
+  for (var prop in C)
+    assert_unreached("Shouldn't have been able to enumerate " + prop + " on cross-origin Window");
+  for (var prop in C.location)
+    assert_unreached("Shouldn't have been able to enumerate " + prop + " on cross-origin Location");
+}, "[[Enumerate]] should return an empty iterator");
+
+/*
+ * [[OwnPropertyKeys]]
+ */
+
+addTest(function() {
+  assert_array_equals(whitelistedWindowPropNames.sort(),
+                      Object.getOwnPropertyNames(C).sort(),
+                      "Object.getOwnPropertyNames() gives the right answer for cross-origin Window");
+  assert_array_equals(Object.getOwnPropertyNames(C.location).sort(), ['href', 'replace'],
+                      "Object.getOwnPropertyNames() gives the right answer for cross-origin Location");
+}, "[[OwnPropertyKeys]] should return all properties from cross-origin objects");
+
+// Compare two arrays that need to have the same elements but may be in
+// different orders.  The problem is that there's no good way to sort arrays
+// containing Symbols.
+function assert_arrays_equal_up_to_order(arr1, arr2, desc) {
+  for (let item of arr1) {
+    assert_in_array(item, arr2, desc);
+  }
+
+  for (let item of arr2) {
+    assert_in_array(item, arr1, desc);
+  }
+}
+
+addTest(function() {
+  assert_arrays_equal_up_to_order(Object.getOwnPropertySymbols(C),
+                                  whitelistedSymbols,
+    "Object.getOwnPropertySymbols() should return the three symbol-named properties that are exposed on a cross-origin Window");
+  assert_arrays_equal_up_to_order(Object.getOwnPropertySymbols(C.location),
+                                  whitelistedSymbols,
+    "Object.getOwnPropertySymbols() should return the three symbol-named properties that are exposed on a cross-origin Location");
+}, "[[OwnPropertyKeys]] should return the right symbol-named properties for cross-origin objects");
+
+addTest(function() {
+  assert_true(B.eval('parent.C') === C, "A and B observe the same identity for C's Window");
+  assert_true(B.eval('parent.C.location') === C.location, "A and B observe the same identity for C's Location");
+}, "A and B jointly observe the same identity for cross-origin Window and Location");
+
+function checkFunction(f, proto) {
+  var name = f.name || '<missing name>';
+  assert_equals(typeof f, 'function', name + " is a function");
+  assert_equals(Object.getPrototypeOf(f), proto, f.name + " has the right prototype");
+}
+
+addTest(function() {
+  checkFunction(C.close, Function.prototype);
+  checkFunction(C.location.replace, Function.prototype);
+}, "Cross-origin functions get local Function.prototype");
+
+addTest(function() {
+  assert_true(isObject(Object.getOwnPropertyDescriptor(C, 'parent')),
+              "Need to be able to use Object.getOwnPropertyDescriptor do this test");
+  checkFunction(Object.getOwnPropertyDescriptor(C, 'parent').get, Function.prototype);
+  checkFunction(Object.getOwnPropertyDescriptor(C.location, 'href').set, Function.prototype);
+}, "Cross-origin Window accessors get local Function.prototype");
+
+addTest(function() {
+  checkFunction(close, Function.prototype);
+  assert_true(close != B.close, 'same-origin Window functions get their own object');
+  assert_true(close != C.close, 'cross-origin Window functions get their own object');
+  var close_B = B.eval('parent.C.close');
+  assert_true(close != close_B, 'close_B is unique when viewed by the parent');
+  assert_true(close_B != C.close, 'different Window functions per-incumbent script settings object');
+  checkFunction(close_B, B.Function.prototype);
+
+  checkFunction(location.replace, Function.prototype);
+  assert_true(location.replace != C.location.replace, "cross-origin Location functions get their own object");
+  var replace_B = B.eval('parent.C.location.replace');
+  assert_true(replace_B != C.location.replace, 'different Location functions per-incumbent script settings object');
+  checkFunction(replace_B, B.Function.prototype);
+}, "Same-origin observers get different functions for cross-origin objects");
+
+addTest(function() {
+  assert_true(isObject(Object.getOwnPropertyDescriptor(C, 'parent')),
+              "Need to be able to use Object.getOwnPropertyDescriptor do this test");
+  var get_self_parent = Object.getOwnPropertyDescriptor(window, 'parent').get;
+  var get_parent_A = Object.getOwnPropertyDescriptor(C, 'parent').get;
+  var get_parent_B = B.eval('Object.getOwnPropertyDescriptor(parent.C, "parent").get');
+  assert_true(get_self_parent != get_parent_A, 'different Window accessors per-incumbent script settings object');
+  assert_true(get_parent_A != get_parent_B, 'different Window accessors per-incumbent script settings object');
+  checkFunction(get_self_parent, Function.prototype);
+  checkFunction(get_parent_A, Function.prototype);
+  checkFunction(get_parent_B, B.Function.prototype);
+}, "Same-origin observers get different accessors for cross-origin Window");
+
+addTest(function() {
+  var set_self_href = Object.getOwnPropertyDescriptor(window.location, 'href').set;
+  var set_href_A = Object.getOwnPropertyDescriptor(C.location, 'href').set;
+  var set_href_B = B.eval('Object.getOwnPropertyDescriptor(parent.C.location, "href").set');
+  assert_true(set_self_href != set_href_A, 'different Location accessors per-incumbent script settings object');
+  assert_true(set_href_A != set_href_B, 'different Location accessors per-incumbent script settings object');
+  checkFunction(set_self_href, Function.prototype);
+  checkFunction(set_href_A, Function.prototype);
+  checkFunction(set_href_B, B.Function.prototype);
+}, "Same-origin observers get different accessors for cross-origin Location");
+
+addTest(function() {
+  assert_equals({}.toString.call(C), "[object Object]");
+  assert_equals({}.toString.call(C.location), "[object Object]");
+}, "{}.toString.call() does the right thing on cross-origin objects");
+
+// We do a fresh load of the subframes for each test to minimize side-effects.
+// It would be nice to reload ourselves as well, but we can't do that without
+// disrupting the test harness.
+function runNextTest() {
+  var entry = testList.shift();
+  test(entry[0], entry[1]);
+  if (testList.length != 0)
+    reloadSubframes(runNextTest);
+  else
+    done();
+}
+reloadSubframes(runNextTest);
+
+</script>
diff --git a/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html
new file mode 100644
index 000000000..046e49da7
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/frame.html
@@ -0,0 +1,39 @@
+<!doctype html>
+<html>
+<head>
+<script>
+  // Override the |frames| property to test that such overrides are
+  // properly ignored cross-origin.
+  window.frames = "override";
+
+  // If we get a postMessage, we grab references to everything and set
+  // document.domain to trim off our topmost subdomain.
+  window.onmessage = function(evt) {
+    window.windowReferences = [];
+    window.locationReferences = [];
+    for (var i = 0; i < parent.length; ++i) {
+      windowReferences.push(parent[i]);
+      locationReferences.push(parent[i].location);
+    }
+    try {
+      document.domain = document.domain.substring(document.domain.indexOf('.') + 1);
+      evt.source.postMessage('PASS', '*');
+    } catch (e) {
+      evt.source.postMessage('FAIL: cannot trim off document.domain: ' + e, '*');
+    }
+  }
+
+  function checkWindowReferences() {
+    for (var i = 0; i < parent.length; ++i) {
+      if (windowReferences[i] != parent[i])
+        throw new Error("Window references don't match for " + i + " after document.domain");
+      if (locationReferences[i] != parent[i].location)
+        throw new Error("Location references don't match for " + i + " after document.domain");
+    }
+    return true;
+  }
+</script>
+</head>
+<body>
+</body>
+</html>
diff --git a/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/win-documentdomain.sub.html b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/win-documentdomain.sub.html
new file mode 100644
index 000000000..a315e2120
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/cross-origin-objects/win-documentdomain.sub.html
@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/common/get-host-info.sub.js"></script>
+  <script>
+    function loadFrames() {
+      window.A = document.getElementById('A').contentWindow;
+      window.B = document.getElementById('B').contentWindow;
+      window.C = document.getElementById('C').contentWindow;
+      window.D = document.getElementById('D').contentWindow;
+
+      var path = location.pathname.substring(0, location.pathname.lastIndexOf('/')) + '/frame.html';
+      A.location = 'frame.html';
+      B.location = '//{{domains[www2]}}:' + get_port(location) + path;
+      C.location = '//{{domains[www2]}}:' + get_port(location) + path;
+      D.location = '//{{domains[www1]}}:' + get_port(location) + path;
+
+      var loadCount = 0;
+      function frameLoaded() {
+        if (++loadCount == 4)
+          go();
+      }
+      var iframes = document.getElementsByTagName('iframe');
+      for (var i = 0; i < iframes.length; i++) {
+        iframes[i].onload = frameLoaded;
+      }
+    }
+
+    var results = [];
+    function assert(cond, msg) {
+      results.push({pass: !!cond, message: msg});
+    }
+
+    function go() {
+      window.onmessage = function(evt) {
+        try {
+          assert(evt.data == "PASS", "frame.html processing should be PASS but got " + evt.data);
+          assert(B.checkWindowReferences(), "B's Window references are still self-consistent after document.domain");
+          for (var i = 0; i < window.length; ++i) {
+            assert(window[i] === B.windowReferences[i],
+                   "Window reference " + i + " consistent between globals after document.domain");
+            assert(window[i].location === B.locationReferences[i],
+                   "Location reference " + i + " consistent between globals after document.domain");
+          }
+        } catch(e) {
+          assert(false, "Should not receive exception: " + e);
+        }
+        opener.postMessage(results, '*');
+      };
+      A.document.domain = A.document.domain;
+      document.domain = document.domain;
+      B.postMessage('', '*');
+    }
+
+  </script>
+</head>
+<body onload="loadFrames()">
+  <iframe id="A"></iframe>
+  <iframe id="B"></iframe>
+  <iframe id="C"></iframe>
+  <iframe id="D"></iframe>
+</body>
+</html>
diff --git a/testing/web-platform/tests/html/browsers/origin/origin-of-data-document.html b/testing/web-platform/tests/html/browsers/origin/origin-of-data-document.html
new file mode 100644
index 000000000..cedb2513f
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/origin-of-data-document.html
@@ -0,0 +1,28 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Origin of document produced from a 'data:' URL</title>
+    <link rel="help" href="https://html.spec.whatwg.org/multipage/browsers.html#origin">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <script>
+      async_test(function (t) {
+        window.addEventListener("message", t.step_func_done(function (e) {
+          assert_equals(e.origin, "null", "Messages sent from a 'data:' URL should have an opaque origin (which serializes to 'null').");
+          assert_throws("SecurityError", function () {
+            var couldAccessCrossOriginProperty = e.source.location.href;
+          }, "The 'data:' frame should be cross-origin.")
+        }));
+
+        var i = document.createElement('iframe');
+        i.src = "data:text/html,<script>" +
+                "  window.parent.postMessage('Hello!', '*');" +
+                "</scr" + "ipt>";
+        document.body.appendChild(i);
+      }, "The origin of a 'data:' document in a frame is opaque.");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/html/browsers/origin/relaxing-the-same-origin-restriction/.gitkeep b/testing/web-platform/tests/html/browsers/origin/relaxing-the-same-origin-restriction/.gitkeep
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/relaxing-the-same-origin-restriction/.gitkeep
diff --git a/testing/web-platform/tests/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain.html b/testing/web-platform/tests/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain.html
new file mode 100644
index 000000000..af9332173
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/origin/relaxing-the-same-origin-restriction/document_domain.html
@@ -0,0 +1,25 @@
+<!doctype html>
+<html>
+    <head>
+        <title></title>
+        <script src="/resources/testharness.js"></script>
+        <script src="/resources/testharnessreport.js"></script>
+        <script>
+            test(function() {
+                assert_equals(typeof document.domain, "string", "document.domain is a string");
+                assert_not_equals(document.domain, "", "document.domain is not empty");
+            }, "sanity checks");
+
+            test(function() {
+                assert_equals(document.domain, window.location.hostname, "equals location.hostname");
+            }, "current document");
+
+            test(function() {
+                var doc = new Document();
+                assert_equals(doc.domain, "", "new document has empty domain");
+            }, "new document");
+        </script>
+    </head>
+    <body>
+    </body>
+</html>