tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_javascript_sandboxed_popup.html (881B)

      1 <!DOCTYPE html>
      2 <head>
      3 <meta charset="utf-8">
      4 <script src="/tests/SimpleTest/SimpleTest.js"></script>
      5 <link rel="stylesheet" href="/tests/SimpleTest/test.css" />
      6 </head>
      7 
      8 <body>
      9 <iframe srcdoc="<a href='javascript:opener.parent.ok(false, `The JS ran!`)' target=_blank rel=opener>click</a>"
     10  sandbox="allow-popups allow-same-origin"></iframe>
     11 
     12 <script>
     13 add_task(async function() {
     14  let promise = new Promise(resolve =>{
     15    SpecialPowers.addObserver(function obs(subject) {
     16      is(subject.opener, window[0],
     17         "blocked javascript URI should have been targeting the pop-up document");
     18      subject.close();
     19      SpecialPowers.removeObserver(obs, "javascript-uri-blocked-by-sandbox");
     20      resolve();
     21    }, "javascript-uri-blocked-by-sandbox");
     22  });
     23  document.querySelector("iframe").contentDocument.querySelector("a").click();
     24  await promise;
     25 });
     26 </script>
     27 </body>