tor-browser

bug704320.sjs (11430B)

---

var BASE_URL = "example.com/tests/dom/base/test/bug704320.sjs";

function createTestUrl(schemeFrom, schemeTo, policy, action, type) {
  return (
    schemeTo +
    "://" +
    BASE_URL +
    "?" +
    "action=" +
    action +
    "&" +
    "scheme=" +
    schemeFrom +
    "-to-" +
    schemeTo +
    "&" +
    "policy=" +
    policy +
    "&" +
    "type=" +
    type
  );
}

function create2ndLevelIframeUrl(schemeFrom, schemeTo, policy, type) {
  return (
    schemeFrom +
    "://" +
    BASE_URL +
    "?" +
    "action=create-2nd-level-iframe&" +
    "scheme-from=" +
    schemeFrom +
    "&" +
    "scheme-to=" +
    schemeTo +
    "&" +
    "policy=" +
    policy +
    "&" +
    "type=" +
    type
  );
}

// Creates the following test cases for the specified scheme and referrer
// policy combination:
//   <link>
//   @import
//   font-face
//   bg-url
//   <script>
//   <img>
//   <iframe>
//   <audio>
//   <video>
//   <object type="bogus">
//   <object type="image/svg+xml">
//   <a>
//   <a ping>
//   <form>
//   window.location
//   window.open
//   XMLHttpRequest
//   EventSource
//   TODO: XSLT?
//
// This returns a page that loads all of the above resources and contains a
// script that clicks a link after all resources are (hopefully)
// loaded. The click triggers a redirection to file_bug704320_redirect.html,
// which in turn notifies the main window that it's time to check the test
// results.
function createTest(schemeFrom, schemeTo, policy, optionalEarlierPolicy) {
  var _createTestUrl = createTestUrl.bind(
    null,
    schemeFrom,
    schemeTo,
    policy,
    "test"
  );

  var _create2ndLevelIframeUrl = create2ndLevelIframeUrl.bind(
    null,
    schemeFrom,
    schemeTo,
    policy
  );

  var metaReferrerPolicyString = "";
  if (optionalEarlierPolicy && optionalEarlierPolicy != "") {
    metaReferrerPolicyString +=
      '<meta name="referrer" content="' + optionalEarlierPolicy + '">\n';
  }
  metaReferrerPolicyString += '<meta name="referrer" content="' + policy + '">';

  return (
    "<!DOCTYPE HTML>\n\
         <html>\n\
         <head>\n\
	    " +
    metaReferrerPolicyString +
    '\n\
           <link rel="stylesheet" type="text/css" href="' +
    _createTestUrl("stylesheet") +
    '">\n\
           <style type="text/css">\n\
             @import "' +
    _createTestUrl("import-css") +
    '";\n\
             @font-face {\n\
               font-family: "Fake Serif Bold";\n\
               src: url("' +
    _createTestUrl("font-face") +
    '");\n\
             }\n\
             body {\n\
               font-family: "Fake Serif Bold", serif;\n\
               background: url("' +
    _createTestUrl("bg-url") +
    '");\n\
             }\n\
           </style>\n\
         </head>\n\
         <body>\n\
           <script src="' +
    _createTestUrl("script") +
    '"></script>\n\
           <img src="' +
    _createTestUrl("img") +
    '"></img>\n\
           <iframe src="' +
    _createTestUrl("iframe") +
    '"></iframe>\n\
           <audio src="' +
    _createTestUrl("audio") +
    '"></audio>\n\
           <video src="' +
    _createTestUrl("video") +
    '"></video>\n\
           <object type="bogus" data="' +
    _createTestUrl("object") +
    '"></object>\n\
           <object type="image/svg+xml" data="' +
    _createTestUrl("object-svg") +
    '"></object>\n\
           <a id="link" href="' +
    _createTestUrl("link") +
    '" ping="' +
    _createTestUrl("link-ping") +
    '"></a>\n\
           <iframe src="' +
    _create2ndLevelIframeUrl("form") +
    '"></iframe>\n\
           <iframe src="' +
    _create2ndLevelIframeUrl("window.location") +
    '"></iframe>\n\
           <script>\n\
              var _testFinished = 0\n\
             (function() {\n\
               var x = new XMLHttpRequest();\n\
               x.open("GET", "' +
    _createTestUrl("xmlhttprequest") +
    '");\n\
               x.send();\n\
             })();\n\
             (function() {\n\
               var eventSource = new EventSource("' +
    _createTestUrl("eventsource") +
    '");\n\
             })();' +
    // LOAD EVENT (most of the tests)
    // fires when the resources for the page are loaded
    'var _isLoaded = false;\n\
             window.addEventListener("load", function() {\n\
               this._isLoaded = true;\n\
               this.checkForFinish();\n\
             }.bind(window), false);' +
    // WINDOW.OPEN test
    // listen for incoming status from window.open, close the window
    // and check if we're done.
    'var _openedWindowLoaded = false;\n\
             window.addEventListener("message", function(message) {\n\
               if (message.data == "window.open") {\n\
                 this._openedWindowLoaded = true;\n\
                 this.win.close();\n\
                 this.checkForFinish();\n\
               }\n\
             }.bind(window), false);\n\
             var win = window.open("' +
    _createTestUrl("window.open") +
    '", "");' +
    // called by the two things that must complete: window.open page
    // and the window load event.  When both are complete, this
    // "finishes" the iframe subtest by clicking the link.
    // _testFinished avoids calling this function twice (which may happen)
    'function checkForFinish() {\n\
               if (window._isLoaded && window._openedWindowLoaded && !window._testFinished) {\n\
                 window._testFinished = 1;\n\
                 document.getElementById("link").click();\n\
               }\n\
             }\n\
           </script>\n\
         </body>\n\
         </html>'
  );
}

function createIframedFormTest(schemeFrom, schemeTo, policy) {
  var actionUrl = schemeTo + "://" + BASE_URL;

  return (
    '<!DOCTYPE HTML>\n\
         <html>\n\
         <head>\n\
           <meta name="referrer" content="' +
    policy +
    '">\n\
         </head>\n\
         <body>\n\
           <form id="form" action="' +
    actionUrl +
    '">\n\
             <input type="hidden" name="action" value="test">\n\
             <input type="hidden" name="scheme" value="' +
    schemeFrom +
    "-to-" +
    schemeTo +
    '">\n\
             <input type="hidden" name="policy" value="' +
    policy +
    '">\n\
             <input type="hidden" name="type" value="form">\n\
           </form>\n\
           <script>\n\
             document.getElementById("form").submit();\n\
           </script>\n\
         </body>\n\
         </html>'
  );
}

function createIframedWindowLocationTest(schemeFrom, schemeTo, policy) {
  var url = createTestUrl(
    schemeFrom,
    schemeTo,
    policy,
    "test",
    "window.location"
  );

  return (
    '<!DOCTYPE HTML>\n\
         <html>\n\
         <head>\n\
           <meta name="referrer" content="' +
    policy +
    '">\n\
         </head>\n\
         <body>\n\
           <script>\n\
            window.location = "' +
    url +
    '";\n\
           </script>\n\
         </body>\n\
         </html>'
  );
}

function createPolicyTest(policy, optionalEarlierPolicy) {
  var metaReferrerPolicyString = "";
  if (optionalEarlierPolicy && optionalEarlierPolicy != "") {
    metaReferrerPolicyString +=
      '<meta name="referrer" content="' + optionalEarlierPolicy + '">\n';
  }
  metaReferrerPolicyString += '<meta name="referrer" content="' + policy + '">';

  return (
    "<!DOCTYPE HTML>\n\
          <html>\n\
          <head>\n\
	    " +
    metaReferrerPolicyString +
    '\n\
            <script type="text/javascript" src="/tests/dom/base/test/file_bug704320_preload_common.js"></script>\n\
          </head>\n\
          <body>\n\
            <img src="/tests/dom/base/test/bug704320_counter.sjs?type=img"\n\
                    onload="incrementLoad2(\'img\', 2);">\n\
            <img src="http://example.com/tests/dom/base/test/bug704320_counter.sjs?type=img"\n\
                    onload="incrementLoad2(\'img\', 2);">\n\
          </body>\n\
          </html>'
  );
}

function handleRequest(request, response) {
  var sharedKey = "bug704320.sjs";
  var params = request.queryString.split("&");
  var action = params[0].split("=")[1];

  if (action === "create-1st-level-iframe") {
    // ?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=origin
    var schemeFrom = params[1].split("=")[1];
    var schemeTo = params[2].split("=")[1];
    var policy = params[3].split("=")[1];
    var optionalEarlierPolicy = "";
    if (params[4]) {
      optionalEarlierPolicy = params[4].split("=")[1];
    }

    response.setHeader("Content-Type", "text/html; charset=utf-8", false);
    response.setHeader("Cache-Control", "no-cache", false);
    response.write(
      createTest(schemeFrom, schemeTo, policy, optionalEarlierPolicy)
    );
  } else if (action === "create-2nd-level-iframe") {
    // ?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=origin&type=form"
    var schemeFrom = params[1].split("=")[1];
    var schemeTo = params[2].split("=")[1];
    var policy = params[3].split("=")[1];
    var type = params[4].split("=")[1];

    response.setHeader("Content-Type", "text/html; charset=utf-8", false);
    response.setHeader("Cache-Control", "no-cache", false);

    if (type === "form") {
      response.write(createIframedFormTest(schemeFrom, schemeTo, policy));
    } else if (type === "window.location") {
      response.write(
        createIframedWindowLocationTest(schemeFrom, schemeTo, policy)
      );
    }
  } else if (action === "test") {
    // ?action=test&scheme=http-to-https&policy=origin&type=img
    var scheme = params[1].split("=")[1];
    var policy = params[2].split("=")[1];
    var type = params[3].split("=")[1];
    var result = getSharedState(sharedKey);

    if (result === "") {
      result = {};
    } else {
      result = JSON.parse(result);
    }

    if (!result[type]) {
      result[type] = {};
    }

    if (!result[type][scheme]) {
      result[type][scheme] = {};
    }

    if (request.hasHeader("Referer")) {
      result[type][scheme][policy] = request.getHeader("Referer");
    } else {
      result[type][scheme][policy] = "";
    }

    setSharedState(sharedKey, JSON.stringify(result));

    if (type === "link") {
      var loc =
        "https://example.com/tests/dom/base/test/file_bug704320_redirect.html";
      response.setStatusLine("1.1", 302, "Found");
      response.setHeader("Location", loc, false);
    }

    if (type === "window.open") {
      response.setHeader("Cache-Control", "no-cache", false);
      response.setHeader("Content-Type", "text/html", false);
      response.write(
        "<html><body><script>" +
          'window.opener.postMessage("window.open", "*");' +
          "</script></body></html>"
      );
    }
  } else if (action === "get-test-results") {
    // ?action=get-result
    response.setHeader("Cache-Control", "no-cache", false);
    response.setHeader("Content-Type", "text/plain", false);
    response.write(getSharedState(sharedKey));
  } else if (action === "generate-policy-test") {
    // ?action=generate-policy-test&policy=b64-encoded-string
    response.setHeader("Cache-Control", "no-cache", false);
    response.setHeader("Content-Type", "text/html", false);
    var policy = unescape(params[1].split("=")[1]);
    var optionalEarlierPolicy = "";
    if (params[2]) {
      optionalEarlierPolicy = params[2].split("=")[1];
    }

    response.write(createPolicyTest(policy, optionalEarlierPolicy));
  }
}