[ tor-browser ].git.dasho

test_top_navigation_by_location_exotic.html (9105B)
      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 https://bugzilla.mozilla.org/show_bug.cgi?id=785310
      5 html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
      6 -->
      7 <head>
      8 <meta charset="utf-8">
      9 <title>Test for Bug 785310 - iframe sandbox top navigation by location via exotic means tests</title>
     10 <script src="/tests/SimpleTest/SimpleTest.js"></script>
     11 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
     12 <script>
     13  SimpleTest.waitForExplicitFinish();
     14 
     15  var testWin;
     16 
     17  function runScriptNavigationTest(testCase) {
     18    window.onmessage = function(event) {
     19      if (event.data.name != "newWindow") {
     20        ok(false, "event.data.name: got '" + event.data.name + "', expected 'newWindow'");
     21      }
     22      var diag = "top navigation was " + (event.data.blocked ? "" : "NOT ") + "blocked";
     23      ok((testCase.shouldBeBlocked == event.data.blocked), testCase.desc + " - " + diag);
     24      runNextTest();
     25    };
     26    try {
     27      testWin[testCase.iframeName].eval(testCase.script);
     28    } catch (e) {
     29      ok(testCase.shouldBeBlocked, testCase.desc + " - " + e.message);
     30      runNextTest();
     31    }
     32  }
     33 
     34  var testCaseIndex = -1;
     35  var testCases = [
     36    {
     37      desc: "Test 1: location.replace.call(top.location, ...) should be blocked when sandboxed without allow-top-navigation",
     38      script: "location.replace.call(top.location, 'file_top_navigation_by_location_exotic.html')",
     39      iframeName: "if1",
     40      shouldBeBlocked: true,
     41    },
     42    {
     43      desc: "Test 2: location.replace.bind(top.location, ...) should be blocked when sandboxed without allow-top-navigation",
     44      script: "location.replace.bind(top.location, 'file_top_navigation_by_location_exotic.html')()",
     45      iframeName: "if1",
     46      shouldBeBlocked: true,
     47    },
     48    {
     49      desc: "Test 3: Function.bind.call(location.replace, top.location, ...) should be blocked when sandboxed without allow-top-navigation",
     50      script: "Function.bind.call(location.replace, top.location, 'file_top_navigation_by_location_exotic.html')()",
     51      iframeName: "if1",
     52      shouldBeBlocked: true,
     53    },
     54    {
     55      desc: "Test 4: location.replace.call(top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
     56      script: "location.replace.call(top.location, 'file_top_navigation_by_location_exotic.html')",
     57      iframeName: "if2",
     58      shouldBeBlocked: false,
     59    },
     60    {
     61      desc: "Test 5: location.replace.bind(top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
     62      script: "location.replace.bind(top.location, 'file_top_navigation_by_location_exotic.html')()",
     63      iframeName: "if2",
     64      shouldBeBlocked: false,
     65    },
     66    {
     67      desc: "Test 6: Function.bind.call(location.replace, top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
     68      script: "Function.bind.call(location.replace, top.location, 'file_top_navigation_by_location_exotic.html')()",
     69      iframeName: "if2",
     70      shouldBeBlocked: false,
     71    },
     72    {
     73      desc: "Test 7: top.location.href, via setTimeout, should be blocked when sandboxed without allow-top-navigation",
     74      script: "setTimeout(function() { try { top.location.href = 'file_top_navigation_by_location_exotic.html' } catch (e) { top.onBlock() } }, 0)",
     75      iframeName: "if1",
     76      shouldBeBlocked: true,
     77    },
     78    {
     79      desc: "Test 8: top.location.href, via setTimeout, should NOT be blocked when sandboxed with allow-top-navigation",
     80      script: "setTimeout(function() { try { top.location.href = 'file_top_navigation_by_location_exotic.html' } catch(e) { top.onBlock() } }, 0)",
     81      iframeName: "if2",
     82      shouldBeBlocked: false,
     83    },
     84    {
     85      desc: "Test 9: top.location.href, via eval, should be blocked when sandboxed without allow-top-navigation",
     86      script: "eval('top.location.href = \"file_top_navigation_by_location_exotic.html\"')",
     87      iframeName: "if1",
     88      shouldBeBlocked: true,
     89    },
     90    {
     91      desc: "Test 10: top.location.href, via eval, should NOT be blocked when sandboxed with allow-top-navigation",
     92      script: "eval('top.location.href = \"file_top_navigation_by_location_exotic.html\"')",
     93      iframeName: "if2",
     94      shouldBeBlocked: false,
     95    },
     96    {
     97      desc: "Test 11: top.location.href, via anonymous function, should be blocked when sandboxed without allow-top-navigation",
     98      script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' })()",
     99      iframeName: "if1",
    100      shouldBeBlocked: true,
    101    },
    102    {
    103      desc: "Test 12: top.location.href, via anonymous function, should NOT be blocked when sandboxed with allow-top-navigation",
    104      script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' })()",
    105      iframeName: "if2",
    106      shouldBeBlocked: false,
    107    },
    108    {
    109      desc: "Test 13: top.location.href, via function inserted in top, should be blocked when sandboxed without allow-top-navigation",
    110      script: "top.doTest = function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }; top.doTest();",
    111      iframeName: "if1",
    112      shouldBeBlocked: true,
    113    },
    114    {
    115      desc: "Test 14: top.location.href, via function inserted in top, should NOT be blocked when sandboxed with allow-top-navigation",
    116      script: "top.doTest = function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }; top.doTest();",
    117      iframeName: "if2",
    118      shouldBeBlocked: false,
    119    },
    120    {
    121      desc: "Test 15: top.location.href, via function inserted in us by top, should NOT be blocked when sandboxed without allow-top-navigation",
    122      script: "top.eval('window[\"if1\"].doTest = function() { top.location.href = \"file_top_navigation_by_location_exotic.html\" };'), doTest();",
    123      iframeName: "if1",
    124      shouldBeBlocked: false,
    125    },
    126    {
    127      desc: "Test 16: top.location.href, via function inserted in top, should NOT be blocked when sandboxed with allow-top-navigation",
    128      script: "top.eval('window[\"if2\"].doTest = function() { top.location.href = \"file_top_navigation_by_location_exotic.html\" };'), doTest();",
    129      iframeName: "if2",
    130      shouldBeBlocked: false,
    131    },
    132    {
    133      desc: "Test 17: top.location.href, via function in top, should NOT be blocked when sandboxed without allow-top-navigation",
    134      script: "top.setOwnHref()",
    135      iframeName: "if1",
    136      shouldBeBlocked: false,
    137    },
    138    {
    139      desc: "Test 18: top.location.href, via function in top, should NOT be blocked when sandboxed with allow-top-navigation",
    140      script: "top.setOwnHref()",
    141      iframeName: "if2",
    142      shouldBeBlocked: false,
    143    },
    144    {
    145      desc: "Test 19: top.location.href, via eval in top, should NOT be blocked when sandboxed without allow-top-navigation",
    146      script: "top.eval('location.href = \"file_top_navigation_by_location_exotic.html\"')",
    147      iframeName: "if1",
    148      shouldBeBlocked: false,
    149    },
    150    {
    151      desc: "Test 20: top.location.href, via eval in top, should NOT be blocked when sandboxed with allow-top-navigation",
    152      script: "top.eval('location.href = \"file_top_navigation_by_location_exotic.html\"')",
    153      iframeName: "if2",
    154      shouldBeBlocked: false,
    155    },
    156    {
    157      desc: "Test 21: top.location.href, via eval in top calling us, should be blocked when sandboxed without allow-top-navigation",
    158      script: "function doTest() { top.location.href = 'file_top_navigation_by_location_exotic.html' } top.eval('window[\"if1\"].doTest()');",
    159      iframeName: "if1",
    160      shouldBeBlocked: true,
    161    },
    162    {
    163      desc: "Test 22: top.location.href, via eval in top calling us, should NOT be blocked when sandboxed with allow-top-navigation",
    164      script: "function doTest() { top.location.href = 'file_top_navigation_by_location_exotic.html' } top.eval('window[\"if2\"].doTest()');",
    165      iframeName: "if2",
    166      shouldBeBlocked: false,
    167    },
    168    {
    169      desc: "Test 23: top.location.href, via function bound to top, should be blocked when sandboxed without allow-top-navigation",
    170      script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }).bind(top)();",
    171      iframeName: "if1",
    172      shouldBeBlocked: true,
    173    },
    174    {
    175      desc: "Test 24: top.location.href, via function bound to top, should NOT be blocked when sandboxed with allow-top-navigation",
    176      script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }).bind(top)();",
    177      iframeName: "if2",
    178      shouldBeBlocked: false,
    179    },
    180  ];
    181 
    182  function runNextTest() {
    183    ++testCaseIndex;
    184    if (testCaseIndex == testCases.length) {
    185      testWin.close();
    186      SimpleTest.finish();
    187      return;
    188    }
    189 
    190    runScriptNavigationTest(testCases[testCaseIndex]);
    191  }
    192 
    193  window.onmessage = runNextTest;
    194  testWin = window.open("file_top_navigation_by_location_exotic.html", "newWindow");
    195 </script>
    196 </head>
    197 <body>
    198 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
    199 <p id="display"></p>
    200 <div id="content">
    201 Tests for Bug 785310
    202 </div>
    203 </body>
    204 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE