tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_iframe_navigation.js (4624B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* Any copyright is dedicated to the Public Domain.
      4 * http://creativecommons.org/publicdomain/zero/1.0/ */
      5 
      6 // Tests that the site identity icon and related machinery reflects the correct
      7 // security state after navigating an iframe in various contexts.
      8 // See bug 1490982.
      9 
     10 const ROOT_URI = getRootDirectory(gTestPath).replace(
     11  "chrome://mochitests/content",
     12  "https://example.com"
     13 );
     14 const SECURE_TEST_URI = ROOT_URI + "iframe_navigation.html";
     15 // eslint-disable-next-line @microsoft/sdl/no-insecure-url
     16 const INSECURE_TEST_URI = SECURE_TEST_URI.replace("https://", "http://");
     17 
     18 const NOT_SECURE_LABEL = Services.prefs.getBoolPref(
     19  "security.insecure_connection_text.enabled"
     20 )
     21  ? "notSecure notSecureText"
     22  : "notSecure";
     23 
     24 // From a secure URI, navigate the iframe to about:blank (should still be
     25 // secure).
     26 add_task(async function () {
     27  let uri = SECURE_TEST_URI + "#blank";
     28  await BrowserTestUtils.withNewTab(uri, async browser => {
     29    let identityMode = window.document.getElementById("identity-box").className;
     30    is(identityMode, "verifiedDomain", "identity should be secure before");
     31 
     32    await SpecialPowers.spawn(browser, [], async () => {
     33      content.postMessage("", "*"); // This kicks off the navigation.
     34      await ContentTaskUtils.waitForCondition(() => {
     35        return !content.document.body.classList.contains("running");
     36      });
     37    });
     38 
     39    let newIdentityMode =
     40      window.document.getElementById("identity-box").className;
     41    is(newIdentityMode, "verifiedDomain", "identity should be secure after");
     42  });
     43 });
     44 
     45 // From a secure URI, navigate the iframe to an insecure URI (http://...)
     46 // (mixed active content should be blocked, should still be secure).
     47 add_task(async function () {
     48  let uri = SECURE_TEST_URI + "#insecure";
     49  await BrowserTestUtils.withNewTab(uri, async browser => {
     50    let identityMode = window.document.getElementById("identity-box").className;
     51    is(identityMode, "verifiedDomain", "identity should be secure before");
     52 
     53    await SpecialPowers.spawn(browser, [], async () => {
     54      content.postMessage("", "*"); // This kicks off the navigation.
     55      await ContentTaskUtils.waitForCondition(() => {
     56        return !content.document.body.classList.contains("running");
     57      });
     58    });
     59 
     60    let newIdentityMode =
     61      window.document.getElementById("identity-box").classList;
     62    ok(
     63      newIdentityMode.contains("mixedActiveBlocked"),
     64      "identity should be blocked mixed active content after"
     65    );
     66    ok(
     67      newIdentityMode.contains("verifiedDomain"),
     68      "identity should still contain 'verifiedDomain'"
     69    );
     70    is(newIdentityMode.length, 2, "shouldn't have any other identity states");
     71  });
     72 });
     73 
     74 // From an insecure URI (http://..), navigate the iframe to about:blank (should
     75 // still be insecure).
     76 add_task(async function () {
     77  let uri = INSECURE_TEST_URI + "#blank";
     78  await BrowserTestUtils.withNewTab(uri, async browser => {
     79    let identityMode = window.document.getElementById("identity-box").className;
     80    is(
     81      identityMode,
     82      NOT_SECURE_LABEL,
     83      "identity should be 'not secure' before"
     84    );
     85 
     86    await SpecialPowers.spawn(browser, [], async () => {
     87      content.postMessage("", "*"); // This kicks off the navigation.
     88      await ContentTaskUtils.waitForCondition(() => {
     89        return !content.document.body.classList.contains("running");
     90      });
     91    });
     92 
     93    let newIdentityMode =
     94      window.document.getElementById("identity-box").className;
     95    is(
     96      newIdentityMode,
     97      NOT_SECURE_LABEL,
     98      "identity should be 'not secure' after"
     99    );
    100  });
    101 });
    102 
    103 // From an insecure URI (http://..), navigate the iframe to a secure URI
    104 // (https://...) (should still be insecure).
    105 add_task(async function () {
    106  let uri = INSECURE_TEST_URI + "#secure";
    107  await BrowserTestUtils.withNewTab(uri, async browser => {
    108    let identityMode = window.document.getElementById("identity-box").className;
    109    is(
    110      identityMode,
    111      NOT_SECURE_LABEL,
    112      "identity should be 'not secure' before"
    113    );
    114 
    115    await SpecialPowers.spawn(browser, [], async () => {
    116      content.postMessage("", "*"); // This kicks off the navigation.
    117      await ContentTaskUtils.waitForCondition(() => {
    118        return !content.document.body.classList.contains("running");
    119      });
    120    });
    121 
    122    let newIdentityMode =
    123      window.document.getElementById("identity-box").className;
    124    is(
    125      newIdentityMode,
    126      NOT_SECURE_LABEL,
    127      "identity should be 'not secure' after"
    128    );
    129  });
    130 });