tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_allowJavascript.js (7970B)

      1 "use strict";
      2 
      3 const { XPCShellContentUtils } = ChromeUtils.importESModule(
      4  "resource://testing-common/XPCShellContentUtils.sys.mjs"
      5 );
      6 
      7 XPCShellContentUtils.init(this);
      8 
      9 const ACTOR = "AllowJavascript";
     10 
     11 const HTML = String.raw`<!DOCTYPE html>
     12 <html lang="en">
     13 <head>
     14  <meta charset="UTF-8">
     15  <script type="application/javascript">
     16    "use strict";
     17    var gFiredOnload = false;
     18    var gFiredOnclick = false;
     19  </script>
     20 </head>
     21 <body onload="gFiredOnload = true;" onclick="gFiredOnclick = true;">
     22 </body>
     23 </html>`;
     24 
     25 const server = XPCShellContentUtils.createHttpServer({
     26  hosts: ["example.com", "example.org"],
     27 });
     28 
     29 server.registerPathHandler("/", (request, response) => {
     30  response.setHeader("Content-Type", "text/html");
     31  response.write(HTML);
     32 });
     33 
     34 const { AllowJavascriptParent } = ChromeUtils.importESModule(
     35  "resource://test/AllowJavascriptParent.sys.mjs"
     36 );
     37 
     38 async function assertScriptsAllowed(bc, expectAllowed, desc) {
     39  let actor = bc.currentWindowGlobal.getActor(ACTOR);
     40  let allowed = await actor.sendQuery("CheckScriptsAllowed");
     41  equal(
     42    allowed,
     43    expectAllowed,
     44    `Scripts should be ${expectAllowed ? "" : "dis"}allowed for ${desc}`
     45  );
     46 }
     47 
     48 async function assertLoadFired(bc, expectFired, desc) {
     49  let actor = bc.currentWindowGlobal.getActor(ACTOR);
     50  let fired = await actor.sendQuery("CheckFiredLoadEvent");
     51  equal(
     52    fired,
     53    expectFired,
     54    `Should ${expectFired ? "" : "not "}have fired load for ${desc}`
     55  );
     56 }
     57 
     58 function createSubframe(bc, url) {
     59  let actor = bc.currentWindowGlobal.getActor(ACTOR);
     60  return actor.sendQuery("CreateIframe", { url });
     61 }
     62 
     63 add_task(async function () {
     64  Services.prefs.setBoolPref("dom.security.https_first", false);
     65  ChromeUtils.registerWindowActor(ACTOR, {
     66    allFrames: true,
     67    child: {
     68      esModuleURI: "resource://test/AllowJavascriptChild.sys.mjs",
     69      events: { load: { capture: true } },
     70    },
     71    parent: {
     72      esModuleURI: "resource://test/AllowJavascriptParent.sys.mjs",
     73    },
     74  });
     75 
     76  let page = await XPCShellContentUtils.loadContentPage("http://example.com/", {
     77    remote: true,
     78    remoteSubframes: true,
     79  });
     80 
     81  let bc = page.browsingContext;
     82 
     83  {
     84    let oopFrame1 = await createSubframe(bc, "http://example.org/");
     85    let inprocFrame1 = await createSubframe(bc, "http://example.com/");
     86 
     87    let oopFrame1OopSub = await createSubframe(
     88      oopFrame1,
     89      "http://example.com/"
     90    );
     91    let inprocFrame1OopSub = await createSubframe(
     92      inprocFrame1,
     93      "http://example.org/"
     94    );
     95 
     96    equal(
     97      oopFrame1.allowJavascript,
     98      true,
     99      "OOP BC should inherit allowJavascript from parent"
    100    );
    101    equal(
    102      inprocFrame1.allowJavascript,
    103      true,
    104      "In-process BC should inherit allowJavascript from parent"
    105    );
    106    equal(
    107      oopFrame1OopSub.allowJavascript,
    108      true,
    109      "OOP BC child should inherit allowJavascript from parent"
    110    );
    111    equal(
    112      inprocFrame1OopSub.allowJavascript,
    113      true,
    114      "In-process child BC should inherit allowJavascript from parent"
    115    );
    116 
    117    await assertLoadFired(bc, true, "top BC");
    118    await assertScriptsAllowed(bc, true, "top BC");
    119 
    120    await assertLoadFired(oopFrame1, true, "OOP frame 1");
    121    await assertScriptsAllowed(oopFrame1, true, "OOP frame 1");
    122 
    123    await assertLoadFired(inprocFrame1, true, "In-process frame 1");
    124    await assertScriptsAllowed(inprocFrame1, true, "In-process frame 1");
    125 
    126    await assertLoadFired(oopFrame1OopSub, true, "OOP frame 1 subframe");
    127    await assertScriptsAllowed(oopFrame1OopSub, true, "OOP frame 1 subframe");
    128 
    129    await assertLoadFired(
    130      inprocFrame1OopSub,
    131      true,
    132      "In-process frame 1 subframe"
    133    );
    134    await assertScriptsAllowed(
    135      inprocFrame1OopSub,
    136      true,
    137      "In-process frame 1 subframe"
    138    );
    139 
    140    bc.allowJavascript = false;
    141    await assertScriptsAllowed(bc, false, "top BC with scripts disallowed");
    142    await assertScriptsAllowed(
    143      oopFrame1,
    144      false,
    145      "OOP frame 1 with top BC with scripts disallowed"
    146    );
    147    await assertScriptsAllowed(
    148      inprocFrame1,
    149      false,
    150      "In-process frame 1 with top BC with scripts disallowed"
    151    );
    152    await assertScriptsAllowed(
    153      oopFrame1OopSub,
    154      false,
    155      "OOP frame 1 subframe with top BC with scripts disallowed"
    156    );
    157    await assertScriptsAllowed(
    158      inprocFrame1OopSub,
    159      false,
    160      "In-process frame 1 subframe with top BC with scripts disallowed"
    161    );
    162 
    163    let oopFrame2 = await createSubframe(bc, "http://example.org/");
    164    let inprocFrame2 = await createSubframe(bc, "http://example.com/");
    165 
    166    equal(
    167      oopFrame2.allowJavascript,
    168      false,
    169      "OOP BC 2 should inherit allowJavascript from parent"
    170    );
    171    equal(
    172      inprocFrame2.allowJavascript,
    173      false,
    174      "In-process BC 2 should inherit allowJavascript from parent"
    175    );
    176 
    177    await assertLoadFired(
    178      oopFrame2,
    179      undefined,
    180      "OOP frame 2 with top BC with scripts disallowed"
    181    );
    182    await assertScriptsAllowed(
    183      oopFrame2,
    184      false,
    185      "OOP frame 2 with top BC with scripts disallowed"
    186    );
    187    await assertLoadFired(
    188      inprocFrame2,
    189      undefined,
    190      "In-process frame 2 with top BC with scripts disallowed"
    191    );
    192    await assertScriptsAllowed(
    193      inprocFrame2,
    194      false,
    195      "In-process frame 2 with top BC with scripts disallowed"
    196    );
    197 
    198    bc.allowJavascript = true;
    199    await assertScriptsAllowed(bc, true, "top BC");
    200 
    201    await assertScriptsAllowed(oopFrame1, true, "OOP frame 1");
    202    await assertScriptsAllowed(inprocFrame1, true, "In-process frame 1");
    203    await assertScriptsAllowed(oopFrame1OopSub, true, "OOP frame 1 subframe");
    204    await assertScriptsAllowed(
    205      inprocFrame1OopSub,
    206      true,
    207      "In-process frame 1 subframe"
    208    );
    209 
    210    await assertScriptsAllowed(oopFrame2, false, "OOP frame 2");
    211    await assertScriptsAllowed(inprocFrame2, false, "In-process frame 2");
    212 
    213    oopFrame1.currentWindowGlobal.allowJavascript = false;
    214    inprocFrame1.currentWindowGlobal.allowJavascript = false;
    215 
    216    await assertScriptsAllowed(
    217      oopFrame1,
    218      false,
    219      "OOP frame 1 with second level WC scripts disallowed"
    220    );
    221    await assertScriptsAllowed(
    222      inprocFrame1,
    223      false,
    224      "In-process frame 1 with second level WC scripts disallowed"
    225    );
    226    await assertScriptsAllowed(
    227      oopFrame1OopSub,
    228      false,
    229      "OOP frame 1 subframe second level WC scripts disallowed"
    230    );
    231    await assertScriptsAllowed(
    232      inprocFrame1OopSub,
    233      false,
    234      "In-process frame 1 subframe with second level WC scripts disallowed"
    235    );
    236 
    237    oopFrame1.reload(0);
    238    inprocFrame1.reload(0);
    239    await Promise.all([
    240      AllowJavascriptParent.promiseLoad(oopFrame1),
    241      AllowJavascriptParent.promiseLoad(inprocFrame1),
    242    ]);
    243 
    244    equal(
    245      oopFrame1.currentWindowGlobal.allowJavascript,
    246      true,
    247      "WindowContext.allowJavascript does not persist after navigation for OOP frame 1"
    248    );
    249    equal(
    250      inprocFrame1.currentWindowGlobal.allowJavascript,
    251      true,
    252      "WindowContext.allowJavascript does not persist after navigation for in-process frame 1"
    253    );
    254 
    255    await assertScriptsAllowed(oopFrame1, true, "OOP frame 1");
    256    await assertScriptsAllowed(inprocFrame1, true, "In-process frame 1");
    257  }
    258 
    259  bc.allowJavascript = false;
    260 
    261  bc.reload(0);
    262  await AllowJavascriptParent.promiseLoad(bc);
    263 
    264  await assertLoadFired(
    265    bc,
    266    undefined,
    267    "top BC with scripts disabled after reload"
    268  );
    269  await assertScriptsAllowed(
    270    bc,
    271    false,
    272    "top BC with scripts disabled after reload"
    273  );
    274 
    275  await page.loadURL("http://example.org/?other");
    276  bc = page.browsingContext;
    277 
    278  await assertLoadFired(
    279    bc,
    280    undefined,
    281    "top BC with scripts disabled after navigation"
    282  );
    283  await assertScriptsAllowed(
    284    bc,
    285    false,
    286    "top BC with scripts disabled after navigation"
    287  );
    288 
    289  await page.close();
    290  Services.prefs.clearUserPref("dom.security.https_first");
    291 });