tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_sibling_navigation_by_location.html (2576B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 https://bugzilla.mozilla.org/show_bug.cgi?id=785310
      5 html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
      6 -->
      7 <head>
      8 <meta charset="utf-8">
      9 <title>Test for Bug 785310 - iframe sandbox sibling navigation by location tests</title>
     10 <script src="/tests/SimpleTest/SimpleTest.js"></script>
     11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
     12 
     13 <script>
     14  SimpleTest.waitForExplicitFinish();
     15 
     16  function runScriptNavigationTest(testCase) {
     17    window.onmessage = function(event) {
     18      if (event.data != "siblingIframe") {
     19        ok(false, "event.data: got '" + event.data + "', expected 'siblingIframe'");
     20      }
     21 
     22      ok(false, testCase.desc + " - sibling navigation was NOT blocked");
     23      runNextTest();
     24    };
     25 
     26    try {
     27      window.testIframe.eval(testCase.script);
     28    } catch (e) {
     29      ok(true, testCase.desc + " - " + e.message);
     30      runNextTest();
     31    }
     32  }
     33 
     34  var testCaseIndex = -1;
     35  var testCases = [
     36    {
     37      desc: "Test 1: sibling location.replace should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
     38      script: "parent['siblingIframe'].location.replace('file_sibling_navigation_by_location.html')",
     39    },
     40    {
     41      desc: "Test 2: sibling location.assign should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
     42      script: "parent['siblingIframe'].location.assign('file_sibling_navigation_by_location.html')",
     43    },
     44    {
     45      desc: "Test 3: sibling location.href should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
     46      script: "parent['siblingIframe'].location.href = 'file_sibling_navigation_by_location.html'",
     47    },
     48    {
     49      desc: "Test 4: sibling location.hash should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
     50      script: "parent['siblingIframe'].location.hash = 'wibble'",
     51    },
     52  ];
     53 
     54  function runNextTest() {
     55    ++testCaseIndex;
     56    if (testCaseIndex == testCases.length) {
     57      SimpleTest.finish();
     58      return;
     59    }
     60 
     61    runScriptNavigationTest(testCases[testCaseIndex]);
     62  }
     63 
     64  window.onmessage = runNextTest;
     65 </script>
     66 </head>
     67 <body>
     68 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
     69 <p id="display"></p>
     70 <div id="content">
     71 Tests for Bug 785310
     72 </div>
     73 
     74 <iframe name="testIframe" sandbox="allow-scripts allow-same-origin allow-top-navigation"></iframe>
     75 <iframe name="siblingIframe" src="file_sibling_navigation_by_location.html"></iframe>
     76 
     77 </body>
     78 </html>