tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_webconsole_requestStorageAccess_errors.js (4348B)

      1 /* Any copyright is dedicated to the Public Domain.
      2 * http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 const TEST_URI_FIRST_PARTY = "https://example.com";
      7 const TEST_URI_THIRD_PARTY = "https://itisatracker.org";
      8 const LEARN_MORE_URI =
      9  "https://developer.mozilla.org/docs/Web/API/Document/requestStorageAccess" +
     10  DOCS_GA_PARAMS;
     11 
     12 const { UrlClassifierTestUtils } = ChromeUtils.importESModule(
     13  "resource://testing-common/UrlClassifierTestUtils.sys.mjs"
     14 );
     15 
     16 UrlClassifierTestUtils.addTestTrackers();
     17 registerCleanupFunction(function () {
     18  UrlClassifierTestUtils.cleanupTestTrackers();
     19 });
     20 
     21 /**
     22 * Run document.requestStorageAccess in an iframe.
     23 *
     24 * @param {object} options - Request / iframe options.
     25 * @param {boolean} [options.withUserActivation] - Whether the requesting iframe
     26 * should have user activation prior to calling rsA.
     27 * @param {string} [options.sandboxAttr] - Iframe sandbox attributes.
     28 * @param {boolean} [options.nested] - If the iframe calling rsA should be
     29 * nested in another same-origin iframe.
     30 */
     31 async function runRequestStorageAccess({
     32  withUserActivation = false,
     33  sandboxAttr = "",
     34  nested = false,
     35 }) {
     36  let parentBC = gBrowser.selectedBrowser.browsingContext;
     37 
     38  // Spawn the rsA iframe in an iframe.
     39  if (nested) {
     40    parentBC = await SpecialPowers.spawn(
     41      parentBC,
     42      [TEST_URI_THIRD_PARTY],
     43      async uri => {
     44        const frame = content.document.createElement("iframe");
     45        frame.setAttribute("src", uri);
     46        const loadPromise = ContentTaskUtils.waitForEvent(frame, "load");
     47        content.document.body.appendChild(frame);
     48        await loadPromise;
     49        return frame.browsingContext;
     50      }
     51    );
     52  }
     53 
     54  // Create an iframe which is a third party to the top level.
     55  const frameBC = await SpecialPowers.spawn(
     56    parentBC,
     57    [TEST_URI_THIRD_PARTY, sandboxAttr],
     58    async (uri, sandbox) => {
     59      const frame = content.document.createElement("iframe");
     60      frame.setAttribute("src", uri);
     61      if (sandbox) {
     62        frame.setAttribute("sandbox", sandbox);
     63      }
     64      const loadPromise = ContentTaskUtils.waitForEvent(frame, "load");
     65      content.document.body.appendChild(frame);
     66      await loadPromise;
     67      return frame.browsingContext;
     68    }
     69  );
     70 
     71  // Call requestStorageAccess in the iframe.
     72  await SpecialPowers.spawn(frameBC, [withUserActivation], userActivation => {
     73    if (userActivation) {
     74      content.document.notifyUserGestureActivation();
     75    }
     76    content.document.requestStorageAccess();
     77  });
     78 }
     79 
     80 add_task(async function () {
     81  const hud = await openNewTabAndConsole(TEST_URI_FIRST_PARTY);
     82 
     83  async function checkErrorMessage(text) {
     84    const message = await waitFor(
     85      () => findErrorMessage(hud, text),
     86      undefined,
     87      100
     88    );
     89    ok(true, "Error message is visible: " + text);
     90 
     91    const checkLink = ({ link, where, expectedLink, expectedTab }) => {
     92      is(link, expectedLink, `Clicking the provided link opens ${link}`);
     93      is(
     94        where,
     95        expectedTab,
     96        `Clicking the provided link opens in expected tab`
     97      );
     98    };
     99 
    100    info("Clicking on the Learn More link");
    101    const learnMoreLink = message.querySelector(".learn-more-link");
    102    const linkSimulation = await simulateLinkClick(learnMoreLink);
    103    checkLink({
    104      ...linkSimulation,
    105      expectedLink: LEARN_MORE_URI,
    106      expectedTab: "tab",
    107    });
    108  }
    109 
    110  const userGesture =
    111    "document.requestStorageAccess() may only be requested from inside a short running user-generated event handler";
    112  const nullPrincipal =
    113    "document.requestStorageAccess() may not be called on a document with an opaque origin, such as a sandboxed iframe without allow-same-origin in its sandbox attribute.";
    114  const sandboxed =
    115    "document.requestStorageAccess() may not be called in a sandboxed iframe without allow-storage-access-by-user-activation in its sandbox attribute.";
    116 
    117  await runRequestStorageAccess({ withUserActivation: false });
    118  await checkErrorMessage(userGesture);
    119 
    120  await runRequestStorageAccess({
    121    withUserActivation: true,
    122    sandboxAttr: "allow-scripts",
    123  });
    124  await checkErrorMessage(nullPrincipal);
    125 
    126  await runRequestStorageAccess({
    127    withUserActivation: true,
    128    sandboxAttr: "allow-same-origin allow-scripts",
    129  });
    130  await checkErrorMessage(sandboxed);
    131 
    132  await closeConsole();
    133 });