tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_net_json-xssi-protection.js (3035B)

      1 /* Any copyright is dedicated to the Public Domain.
      2   http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 /**
      7 * Tests if JSON responses and requests with XSSI protection sequences
      8 * are handled correctly.
      9 */
     10 
     11 add_task(async function () {
     12  const { tab, monitor } = await initNetMonitor(JSON_XSSI_PROTECTION_URL, {
     13    requestCount: 1,
     14  });
     15  info("Starting test... ");
     16 
     17  const { document, store, windowRequire } = monitor.panelWin;
     18  const Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
     19 
     20  store.dispatch(Actions.batchEnable(false));
     21 
     22  // Execute requests.
     23  await performRequests(monitor, tab, 1);
     24 
     25  const wait = waitForDOM(document, "#response-panel .data-header");
     26  const waitForRawView = waitForDOM(document, "#response-panel .cm-content", 1);
     27  const waitForRawToggleOn = waitUntil(
     28    () =>
     29      document.querySelector("#response-panel #raw-response-checkbox")?.checked
     30  );
     31 
     32  store.dispatch(Actions.toggleNetworkDetails());
     33  info("Opening response panel");
     34  clickOnSidebarTab(document, "response");
     35 
     36  await Promise.all([wait, waitForRawView, waitForRawToggleOn]);
     37 
     38  info(
     39    "making sure response panel defaults to raw view and correctly displays payload"
     40  );
     41  const codeLines = document.querySelector("#response-panel .cm-content");
     42  const firstLine = codeLines.firstChild;
     43  is(
     44    firstLine.textContent,
     45    ")]}'",
     46    "XSSI protection sequence should be visibly in raw view"
     47  );
     48 
     49  info("making sure XSSI notification box is not present in raw view");
     50  let notification = document.querySelector(
     51    '.network-monitor #response-panel .notification[data-key="xssi-string-removed-info-box"]'
     52  );
     53  ok(!notification, "notification should not be present in raw view");
     54 
     55  info("switching to props view");
     56  const waitForPropsView = waitForDOM(
     57    document,
     58    "#response-panel .properties-view",
     59    1
     60  );
     61  const tabpanel = document.querySelector("#response-panel");
     62  clickElement(tabpanel.querySelector("#raw-response-checkbox"), monitor);
     63  await waitForPropsView;
     64 
     65  is(
     66    tabpanel.querySelectorAll(".treeRow").length,
     67    1,
     68    "There should be 1 json property displayed in the response."
     69  );
     70 
     71  const labels = tabpanel.querySelectorAll("tr .treeLabelCell .treeLabel");
     72  const values = tabpanel.querySelectorAll("tr .treeValueCell .objectBox");
     73  info("Checking content of displayed json response");
     74  is(labels[0].textContent, "greeting", "The first key should be correct");
     75  is(
     76    values[0].textContent,
     77    `"Hello good XSSI protection"`,
     78    "The first property should be correct"
     79  );
     80 
     81  info("making sure notification box is present and correct in props view");
     82 
     83  notification = document.querySelector(
     84    '.network-monitor #response-panel .notification[data-key="xssi-string-removed-info-box"] .notificationInner .messageText'
     85  );
     86 
     87  is(
     88    notification.textContent,
     89    "The string ā€œ)]}'\nā€ was removed from the beginning of the JSON shown below",
     90    "The notification message is correct"
     91  );
     92 
     93  await teardown(monitor);
     94 });