tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 042c73176b6365220db3775baf1be950ad81ec55
parent 26a55e242dd744539791dc24d9b396f22dfed603
Author: Vincent Hilla <vhilla@mozilla.com>
Date:   Wed, 26 Nov 2025 09:27:41 +0000

Bug 2002073 - Test CSP inheritance with document.open() separately for the initial loaded vs transient document. r=dom-core,smaug

The initial document might behave differently depending on whether it has
loaded or is transient. Before bug 543435, Gecko would have passed the first,
but not the third subtest.

Differential Revision: https://phabricator.services.mozilla.com/D274017

Diffstat:

Mtesting/web-platform/tests/content-security-policy/inheritance/document-write-iframe.html | 20+++++++++++++++++++-


1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/testing/web-platform/tests/content-security-policy/inheritance/document-write-iframe.html b/testing/web-platform/tests/content-security-policy/inheritance/document-write-iframe.html
@@ -35,7 +35,9 @@
 
     promise_test(async () => {
       let iframe = document.createElement('iframe');
+      let loaded = new Promise(resolve => iframe.onload = resolve);
       document.body.appendChild(iframe);
+      await loaded;
 
       let msg = message_from(iframe.contentWindow);
       let doc = iframe.contentWindow.document;
@@ -43,7 +45,7 @@
       doc.write("<html><body>" + documentBody(false) + "</body></html>");
       doc.close();
       assert_equals(await msg, "blocked");
-    }, "document.open() keeps inherited CSPs on empty iframe.");
+    }, "document.open() keeps inherited CSPs on initial about:blank.");
 
     promise_test(async () => {
       let iframe = document.createElement('iframe');
@@ -60,6 +62,22 @@
       assert_equals(await msg, "loaded");
     }, "document.open() does not change delivered CSPs.");
 
+    promise_test(async () => {
+      let iframe = document.createElement('iframe');
+      iframe.src = "/common/blank.html";
+      let loaded = false;
+      iframe.onload = () => loaded = true;
+      document.body.appendChild(iframe);
+      assert_false(loaded, "iframe document should be transient");
+
+      let msg = message_from(iframe.contentWindow);
+      let doc = iframe.contentWindow.document;
+      doc.open();
+      doc.write("<html><body>" + documentBody(false) + "</body></html>");
+      doc.close();
+      assert_equals(await msg, "blocked");
+    }, "document.open() keeps inherited CSPs on transient about:blank.");
+
   </script>
 </body>
 </html>