tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_pdf_print.html (2282B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title><!-- TODO: insert title here --></title>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" href="/tests/SimpleTest/test.css"/>
      8 </head>
      9 <body>
     10 <p id="display"></p>
     11 <div id="content" style="display: none">
     12  <script>
     13    SimpleTest.waitForExplicitFinish();
     14    const blob = new Blob(["x"], { type: "application/pdf" });
     15    const blobURL = URL.createObjectURL(blob);
     16    const blobFrame = document.createElement("iframe");
     17    blobFrame.src = blobURL;
     18    document.getElementById("content").appendChild(blobFrame);
     19 
     20    const dataURL = "data:application/pdf,";
     21    const dataFrame = document.createElement("iframe");
     22    dataFrame.src = dataURL;
     23    document.getElementById("content").appendChild(dataFrame);
     24 
     25    addLoadEvent(function() {
     26      // blob:// URLs inherit their origin, so the window inside blobFrame
     27      // should be same-orgin with us except for the PDF viewer messing with
     28      // origins.
     29      const printFunc = blobFrame.contentWindow.print;
     30      is(typeof printFunc, "function", "Should have a 'print' function");
     31      ok(Object.getOwnPropertyNames(blobFrame.contentWindow).includes("print"),
     32         "Should see 'print' property in property names");
     33 
     34      try {
     35        // data: URLs get nonce origins, so the window inside dataFrame is not
     36        // same-origin with us in any way.
     37        dataFrame.contentWindow.print;
     38        ok(false, "Should throw on cross-origin .print access");
     39      } catch (e) {
     40        ok(/Permission denied/.test(e.message), "Should have a security error");
     41      }
     42      ok(!Object.getOwnPropertyNames(dataFrame.contentWindow).includes("print"),
     43         "Should not see 'print' property in property names");
     44 
     45      try {
     46        printFunc.call(dataFrame.contentWindow);
     47        ok(false, "Should throw on cross-origin call");
     48      } catch (e) {
     49        ok(/Permission to call/.test(e.message),
     50           "Should have a security error for call");
     51      }
     52 
     53      // It'd be nice to test that calling the function works right, but if it
     54      // does it'll put up the print dialog, which is not helpful in an
     55      // automated test.
     56      SimpleTest.finish();
     57    });
     58  </script>
     59 </div>
     60 <pre id="test"></pre>
     61 </body>
     62 </html>