tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_911547.js (2775B)

      1 /* Any copyright is dedicated to the Public Domain.
      2   http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 // This test tests that session restore component does restore the right
      5 // content security policy with the document. (The policy being tested
      6 // disallows inline scripts).
      7 
      8 add_task(async function test() {
      9  // allow top level data: URI navigations, otherwise clicking a data: link fails
     10  await SpecialPowers.pushPrefEnv({
     11    set: [["security.data_uri.block_toplevel_data_uri_navigations", false]],
     12  });
     13  // create a tab that has a CSP
     14  let testURL =
     15    "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html";
     16  let tab = (gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, testURL));
     17  gBrowser.selectedTab = tab;
     18 
     19  let browser = tab.linkedBrowser;
     20  await promiseBrowserLoaded(browser);
     21 
     22  // this is a baseline to ensure CSP is active
     23  // attempt to inject and run a script via inline (pre-restore, allowed)
     24  await injectInlineScript(
     25    browser,
     26    `document.getElementById("test_id1").value = "id1_modified";`
     27  );
     28 
     29  let loadedPromise = promiseBrowserLoaded(browser);
     30  await SpecialPowers.spawn(browser, [], function () {
     31    is(
     32      content.document.getElementById("test_id1").value,
     33      "id1_initial",
     34      "CSP should block the inline script that modifies test_id"
     35    );
     36    content.document.getElementById("test_data_link").click();
     37  });
     38 
     39  await loadedPromise;
     40 
     41  await SpecialPowers.spawn(browser, [], function () {
     42    // eslint-disable-line
     43    // the data: URI inherits the CSP and the inline script needs to be blocked
     44    is(
     45      content.document.getElementById("test_id2").value,
     46      "id2_initial",
     47      "CSP should block the script loaded by the clicked data URI"
     48    );
     49  });
     50 
     51  // close the tab
     52  await promiseRemoveTabAndSessionState(tab);
     53 
     54  // open new tab and recover the state
     55  tab = ss.undoCloseTab(window, 0);
     56  await promiseTabRestored(tab);
     57  browser = tab.linkedBrowser;
     58 
     59  await SpecialPowers.spawn(browser, [], function () {
     60    // eslint-disable-line
     61    // the data: URI should be restored including the inherited CSP and the
     62    // inline script should be blocked.
     63    is(
     64      content.document.getElementById("test_id2").value,
     65      "id2_initial",
     66      "CSP should block the script loaded by the clicked data URI after restore"
     67    );
     68  });
     69 
     70  // clean up
     71  gBrowser.removeTab(tab);
     72 });
     73 
     74 // injects an inline script element (with a text body)
     75 function injectInlineScript(browser, scriptText) {
     76  return SpecialPowers.spawn(browser, [scriptText], function (text) {
     77    let scriptElt = content.document.createElement("script");
     78    scriptElt.type = "text/javascript";
     79    scriptElt.text = text;
     80    content.document.body.appendChild(scriptElt);
     81  });
     82 }