tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_bug2002654.js (955B)

      1 "use strict";
      2 
      3 // This test makes sure that a policy container & content security policy is initialized for frontend created documents
      4 // see bug https://bugzilla.mozilla.org/show_bug.cgi?id=2002654
      5 add_task(async function test_policy_container_and_csp_in_about_blank() {
      6  let tab = await BrowserTestUtils.openNewForegroundTab(
      7    gBrowser,
      8    "about:blank"
      9  );
     10  try {
     11    await ContentTask.spawn(tab.linkedBrowser, null, function () {
     12      let meta = content.document.createElement("meta");
     13      meta.httpEquiv = "Content-Security-Policy";
     14      meta.content = "script-src 'none'";
     15      content.document.head.appendChild(meta);
     16      Assert.ok(
     17        (() => {
     18          try {
     19            content.window.eval("1 + 1");
     20            return false;
     21          } catch (ex) {
     22            return true;
     23          }
     24        })(),
     25        "CSP set for frontend created document"
     26      );
     27    });
     28  } finally {
     29    BrowserTestUtils.removeTab(tab);
     30  }
     31 });