[ tor-browser ].git.dasho

test_top_navigation_by_location.html (6251B)
      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 https://bugzilla.mozilla.org/show_bug.cgi?id=785310
      5 html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
      6 -->
      7 <head>
      8 <meta charset="utf-8">
      9 <title>Test for Bug 785310 - iframe sandbox top navigation by location tests</title>
     10 <script src="/tests/SimpleTest/SimpleTest.js"></script>
     11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
     12 <script>
     13  SimpleTest.waitForExplicitFinish();
     14 
     15  var testWin;
     16 
     17  function runScriptNavigationTest(testCase) {
     18    window.onmessage = function(event) {
     19      if (event.data != "newTop") {
     20        ok(false, "event.data: got '" + event.data + "', expected 'newTop'");
     21      }
     22      ok(!testCase.shouldBeBlocked, testCase.desc + " - top navigation was NOT blocked");
     23      runNextTest();
     24    };
     25    try {
     26      SpecialPowers.wrap(testWin[testCase.iframeName]).eval(testCase.script);
     27    } catch (e) {
     28      ok(testCase.shouldBeBlocked, testCase.desc + " - " + SpecialPowers.wrap(e).message);
     29      runNextTest();
     30    }
     31  }
     32 
     33  var testCaseIndex = -1;
     34  var testCases = [
     35    {
     36      desc: "Test 1: top.location.replace should be blocked when sandboxed without allow-top-navigation",
     37      script: "top.location.replace('file_top_navigation_by_location.html')",
     38      iframeName: "if1",
     39      shouldBeBlocked: true,
     40    },
     41    {
     42      desc: "Test 2: top.location.assign should be blocked when sandboxed without allow-top-navigation",
     43      script: "top.location.assign('file_top_navigation_by_location.html')",
     44      iframeName: "if1",
     45      shouldBeBlocked: true,
     46    },
     47    {
     48      desc: "Test 3: top.location.href should be blocked when sandboxed without allow-top-navigation",
     49      script: "top.location.href = 'file_top_navigation_by_location.html'",
     50      iframeName: "if1",
     51      shouldBeBlocked: true,
     52    },
     53    {
     54      desc: "Test 4: top.location.pathname should be blocked when sandboxed without allow-top-navigation",
     55      script: "top.location.pathname = top.location.pathname",
     56      iframeName: "if1",
     57      shouldBeBlocked: true,
     58    },
     59    {
     60      desc: "Test 5: top.location should be blocked when sandboxed without allow-top-navigation",
     61      script: "top.location = 'file_top_navigation_by_location.html'",
     62      iframeName: "if1",
     63      shouldBeBlocked: true,
     64    },
     65    {
     66      desc: "Test 6: top.location.hash should be blocked when sandboxed without allow-top-navigation",
     67      script: "top.location.hash = 'wibble'",
     68      iframeName: "if1",
     69      shouldBeBlocked: true,
     70    },
     71    {
     72      desc: "Test 7: top.location.replace should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
     73      script: "top.location.replace('file_top_navigation_by_location.html')",
     74      iframeName: "if2",
     75      shouldBeBlocked: false,
     76    },
     77    {
     78      desc: "Test 8: top.location.assign should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
     79      script: "top.location.assign('file_top_navigation_by_location.html')",
     80      iframeName: "if2",
     81      shouldBeBlocked: false,
     82    },
     83    {
     84      desc: "Test 9: top.location.href should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
     85      script: "top.location.href = 'file_top_navigation_by_location.html'",
     86      iframeName: "if2",
     87      shouldBeBlocked: false,
     88    },
     89    {
     90      desc: "Test 10: top.location.pathname should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
     91      script: "top.location.pathname = top.location.pathname",
     92      iframeName: "if2",
     93      shouldBeBlocked: false,
     94    },
     95    {
     96      desc: "Test 11: top.location should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
     97      script: "top.location = 'file_top_navigation_by_location.html'",
     98      iframeName: "if2",
     99      shouldBeBlocked: false,
    100    },
    101    {
    102      desc: "Test 12: top.location.hash should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
    103      script: "top.location.hash = 'wibble'",
    104      iframeName: "if2",
    105      shouldBeBlocked: false,
    106    },
    107    {
    108      desc: "Test 13: top.location.replace should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
    109      script: "top.location.replace('file_top_navigation_by_location.html')",
    110      iframeName: "if3",
    111      shouldBeBlocked: false,
    112    },
    113    {
    114      desc: "Test 14: top.location.assign should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
    115      script: "top.location.assign('file_top_navigation_by_location.html')",
    116      iframeName: "if3",
    117      shouldBeBlocked: true,
    118    },
    119    {
    120      desc: "Test 15: top.location.href should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
    121      script: "top.location.href = 'file_top_navigation_by_location.html'",
    122      iframeName: "if3",
    123      shouldBeBlocked: false,
    124    },
    125    {
    126      desc: "Test 16: top.location.pathname should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
    127      script: "top.location.pathname = top.location.pathname",
    128      iframeName: "if3",
    129      shouldBeBlocked: true,
    130    },
    131    {
    132      desc: "Test 17: top.location should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
    133      script: "top.location = 'file_top_navigation_by_location.html'",
    134      iframeName: "if3",
    135      shouldBeBlocked: false,
    136    },
    137    {
    138      desc: "Test 18: top.location.hash should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
    139      script: "top.location.hash = 'wibble'",
    140      iframeName: "if3",
    141      shouldBeBlocked: true,
    142   },
    143  ];
    144 
    145  function runNextTest() {
    146    ++testCaseIndex;
    147    if (testCaseIndex == testCases.length) {
    148      testWin.close();
    149      SimpleTest.finish();
    150      return;
    151    }
    152 
    153    runScriptNavigationTest(testCases[testCaseIndex]);
    154  }
    155 
    156  window.onmessage = runNextTest;
    157  testWin = window.open("file_top_navigation_by_location.html", "newTop");
    158 </script>
    159 </head>
    160 <body>
    161 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
    162 <p id="display"></p>
    163 <div id="content">
    164 Tests for Bug 785310
    165 </div>
    166 </body>
    167 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE