tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_bug475636.sjs (2137B)

      1 let jsURL =
      2   "javascript:" +
      3   escape(
      4     'window.parent.postMessage("JS uri ran", "*");\
      5 return \'\
      6 <script>\
      7 window.parent.postMessage("Able to access private: " +\
      8   window.parent.private, "*");\
      9 </script>\''
     10   );
     11 let dataURL =
     12   "data:text/html," +
     13   escape(
     14     '<!DOCTYPE HTML>\
     15 <script>\
     16 try {\
     17   window.parent.postMessage("Able to access private: " +\
     18     window.parent.private, "*");\
     19 }\
     20 catch (e) {\
     21   window.parent.postMessage("pass", "*");\
     22 }\
     23 </script>'
     24   );
     25 
     26 let tests = [
     27   // Plain document should work as normal
     28   '<!DOCTYPE HTML>\
     29 <script>\
     30 try {\
     31   window.parent.private;\
     32   window.parent.postMessage("pass", "*");\
     33 }\
     34 catch (e) {\
     35   window.parent.postMessage("Unble to access private", "*");\
     36 }\
     37 </script>',
     38 
     39   // refresh to plain doc
     40   { refresh: "file_bug475636.sjs?1", doc: "<!DOCTYPE HTML>" },
     41 
     42   // meta-refresh to plain doc
     43   '<!DOCTYPE HTML>\
     44 <head>\
     45   <meta http-equiv="refresh" content="0; url=file_bug475636.sjs?1">\
     46 </head>',
     47 
     48   // refresh to data url
     49   { refresh: dataURL, doc: "<!DOCTYPE HTML>" },
     50 
     51   // meta-refresh to data url
     52   '<!DOCTYPE HTML>\
     53 <head>\
     54   <meta http-equiv="refresh" content="0; url=' +
     55     dataURL +
     56     '">\
     57 </head>',
     58 
     59   // refresh to js url should not be followed
     60   {
     61     refresh: jsURL,
     62     doc: '<!DOCTYPE HTML>\
     63 <script>\
     64 setTimeout(function() {\
     65   window.parent.postMessage("pass", "*");\
     66 }, 2000);\
     67 </script>',
     68   },
     69 
     70   // meta refresh to js url should not be followed
     71   '<!DOCTYPE HTML>\
     72 <head>\
     73   <meta http-equiv="refresh" content="0; url=' +
     74     jsURL +
     75     '">\
     76 </head>\
     77 <script>\
     78 setTimeout(function() {\
     79   window.parent.postMessage("pass", "*");\
     80 }, 2000);\
     81 </script>',
     82 ];
     83 
     84 function handleRequest(request, response) {
     85   dump("@@@@@@@@@hi there: " + request.queryString + "\n");
     86   let test = tests[parseInt(request.queryString, 10) - 1];
     87   response.setHeader("Content-Type", "text/html");
     88 
     89   if (!test) {
     90     response.write('<script>parent.postMessage("done", "*");</script>');
     91   } else if (typeof test == "string") {
     92     response.write(test);
     93   } else if (test.refresh) {
     94     response.setHeader("Refresh", "0; url=" + test.refresh);
     95     response.write(test.doc);
     96   }
     97 }