tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_anchor_area_referrer.html (4707B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Test anchor and area policy attribute for Bug 1174913</title>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
      8 
      9  <!--
     10  Testing that anchor and area referrer attributes are honoured correctly
     11  * anchor tag with referrer attribute (generate-anchor-policy-test)
     12  https://bugzilla.mozilla.org/show_bug.cgi?id=1174913
     13  -->
     14 
     15  <script type="application/javascript">
     16 
     17  SimpleTest.requestLongerTimeout(2);
     18 
     19  const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?";
     20  const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "REL", "SCHEME_FROM", "SCHEME_TO"];
     21 
     22  const testCases = [
     23    {ACTION: ["generate-anchor-policy-test", "generate-area-policy-test"],
     24      TESTS: [
     25        {ATTRIBUTE_POLICY: 'unsafe-url',
     26         NAME: 'unsafe-url-with-origin-in-meta',
     27         META_POLICY: 'origin',
     28         DESC: "unsafe-url (anchor) with origin in meta",
     29         RESULT: 'full'},
     30        {ATTRIBUTE_POLICY: 'origin',
     31         NAME: 'origin-with-unsafe-url-in-meta',
     32         META_POLICY: 'unsafe-url',
     33         DESC: "origin (anchor) with unsafe-url in meta",
     34         RESULT: 'origin'},
     35        {ATTRIBUTE_POLICY: 'no-referrer',
     36         NAME: 'no-referrer-with-origin-in-meta',
     37         META_POLICY: 'origin',
     38         DESC: "no-referrer (anchor) with origin in meta",
     39         RESULT: 'none'},
     40        {ATTRIBUTE_POLICY: 'same-origin',
     41         NAME: 'same-origin-with-origin-in-meta',
     42         META_POLICY: 'origin',
     43         DESC: "same-origin with origin in meta",
     44         RESULT: 'full'},
     45        {NAME: 'no-referrer-in-meta',
     46         META_POLICY: 'no-referrer',
     47         DESC: "no-referrer in meta",
     48         RESULT: 'none'},
     49 
     50         // Test if element attr would override meta referr policy.
     51 
     52         // 1. Downgrade.
     53        {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade',
     54         NAME: 'origin-in-meta-downgrade-in-attr',
     55         META_POLICY: 'origin',
     56         DESC: 'origin in meta downgrade in attr',
     57         SCHEME_FROM: 'https',
     58         SCHEME_TO: 'http',
     59         RESULT: 'none'},
     60        {ATTRIBUTE_POLICY: 'strict-origin',
     61         NAME: 'origin-in-meta-strict-origin-in-attr',
     62         META_POLICY: 'origin',
     63         DESC: 'origin in meta strict-origin in attr',
     64         SCHEME_FROM: 'https',
     65         SCHEME_TO: 'http',
     66         RESULT: 'none'},
     67        {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
     68         NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr',
     69         META_POLICY: 'origin',
     70         DESC: 'origin in meta strict-origin-when-cross-origin in attr',
     71         SCHEME_FROM: 'https',
     72         SCHEME_TO: 'http',
     73         RESULT: 'none'},
     74 
     75         // 2. No downgrade.
     76        {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade',
     77         NAME: 'origin-in-meta-downgrade-in-attr',
     78         META_POLICY: 'origin',
     79         DESC: 'origin in meta downgrade in attr',
     80         SCHEME_FROM: 'https',
     81         SCHEME_TO: 'https',
     82         RESULT: 'full'},
     83        {ATTRIBUTE_POLICY: 'strict-origin',
     84         NAME: 'origin-in-meta-strict-origin-in-attr',
     85         META_POLICY: 'origin',
     86         DESC: 'origin in meta strict-origin in attr',
     87         SCHEME_FROM: 'https',
     88         SCHEME_TO: 'https',
     89         RESULT: 'origin'},
     90        {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
     91         NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr',
     92         META_POLICY: 'origin',
     93         DESC: 'origin in meta strict-origin-when-cross-origin in attr',
     94         SCHEME_FROM: 'https',
     95         SCHEME_TO: 'https',
     96         RESULT: 'full'},
     97        {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
     98         NAME: 'strict-origin-when-cross-origin-with-origin-in-meta',
     99         META_POLICY: 'origin',
    100         SCHEME_FROM: 'http',
    101         SCHEME_TO: 'https',
    102         DESC: "strict-origin-when-cross-origin with origin in meta",
    103         RESULT: 'origin'},
    104        {ATTRIBUTE_POLICY: 'same-origin',
    105         NAME: 'same-origin-with-origin-in-meta',
    106         META_POLICY: 'origin',
    107         SCHEME_FROM: 'http',
    108         SCHEME_TO: 'https',
    109         DESC: "same-origin with origin in meta",
    110         RESULT: 'none'},
    111 
    112         // End of element attr overriding test..
    113 
    114        {ATTRIBUTE_POLICY: 'origin',
    115         NAME: 'origin-with-no-meta',
    116         META_POLICY: '',
    117         DESC: "origin (anchor) with no meta",
    118         RESULT: 'origin'}]}
    119  ];
    120  </script>
    121  <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script>
    122 </head>
    123 <body onload="tests.next();">
    124  <iframe id="testframe"></iframe>
    125 </body>
    126 </html>