tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_domainPolicy.js (5434B)

      1 // This test waits for a lot of subframe loads, causing it to take a long time,
      2 // especially with Fission enabled.
      3 requestLongerTimeout(2);
      4 
      5 const BASE_FILE =
      6  "http://mochi.test:8888/browser/dom/ipc/tests/file_domainPolicy_base.html";
      7 const SCRIPT_PATH = "/browser/dom/ipc/tests/file_disableScript.html";
      8 
      9 const TEST_POLICY = {
     10  exceptions: ["http://test1.example.com", "http://example.com"],
     11  superExceptions: ["http://test2.example.org", "https://test1.example.com"],
     12  exempt: [
     13    "http://test1.example.com",
     14    "http://example.com",
     15    "http://test2.example.org",
     16    "http://sub1.test2.example.org",
     17    "https://sub1.test1.example.com",
     18  ],
     19  notExempt: [
     20    "http://test2.example.com",
     21    "http://sub1.test1.example.com",
     22    "http://www.example.com",
     23    "https://test2.example.com",
     24    "https://example.com",
     25    "http://test1.example.org",
     26  ],
     27 };
     28 
     29 // To make sure we never leave up an activated domain policy after a failed
     30 // test, let's make this global.
     31 var policy;
     32 
     33 function activateDomainPolicy(isBlock) {
     34  policy = Services.scriptSecurityManager.activateDomainPolicy();
     35 
     36  if (isBlock === undefined) {
     37    return;
     38  }
     39 
     40  let set = isBlock ? policy.blocklist : policy.allowlist;
     41  for (let e of TEST_POLICY.exceptions) {
     42    set.add(makeURI(e));
     43  }
     44 
     45  let superSet = isBlock ? policy.superBlocklist : policy.superAllowlist;
     46  for (let e of TEST_POLICY.superExceptions) {
     47    superSet.add(makeURI(e));
     48  }
     49 }
     50 
     51 function deactivateDomainPolicy() {
     52  if (policy) {
     53    policy.deactivate();
     54    policy = null;
     55  }
     56 }
     57 
     58 add_setup(async function () {
     59  await SpecialPowers.pushPrefEnv({
     60    set: [["browser.pagethumbnails.capturing_disabled", false]],
     61  });
     62 
     63  registerCleanupFunction(() => {
     64    deactivateDomainPolicy();
     65  });
     66 });
     67 
     68 add_task(async function test_domainPolicy() {
     69  function test(testFunc, { activateFirst, isBlock }) {
     70    if (activateFirst) {
     71      activateDomainPolicy(isBlock);
     72    }
     73    return BrowserTestUtils.withNewTab(
     74      {
     75        gBrowser,
     76        opening: BASE_FILE,
     77        forceNewProcess: true,
     78      },
     79      async browser => {
     80        if (!activateFirst) {
     81          activateDomainPolicy(isBlock);
     82        }
     83        await testFunc(browser);
     84        deactivateDomainPolicy();
     85      }
     86    );
     87  }
     88 
     89  async function testDomain(browser, domain, expectEnabled = false) {
     90    function navigateFrame() {
     91      let url = domain + SCRIPT_PATH;
     92      return SpecialPowers.spawn(browser, [url], async src => {
     93        let iframe = content.document.getElementById("root");
     94        await new Promise(resolve => {
     95          iframe.addEventListener("load", resolve, { once: true });
     96          iframe.src = src;
     97        });
     98        return iframe.browsingContext;
     99      });
    100    }
    101 
    102    function checkScriptEnabled(bc) {
    103      return SpecialPowers.spawn(bc, [expectEnabled], enabled => {
    104        content.wrappedJSObject.gFiredOnclick = false;
    105        content.document.body.dispatchEvent(new content.Event("click"));
    106        Assert.equal(
    107          content.wrappedJSObject.gFiredOnclick,
    108          enabled,
    109          `Checking script-enabled for ${content.name} (${content.location})`
    110        );
    111      });
    112    }
    113 
    114    let browsingContext = await navigateFrame();
    115    return checkScriptEnabled(browsingContext);
    116  }
    117 
    118  async function testList(browser, list, expectEnabled) {
    119    // Run these sequentially to avoid navigating multiple domains at once.
    120    for (let domain of list) {
    121      await testDomain(browser, domain, expectEnabled);
    122    }
    123  }
    124 
    125  info("1. Testing simple blocklist policy");
    126 
    127  info("1A. Creating child process first, activating domainPolicy after");
    128  await test(
    129    async browser => {
    130      policy.blocklist.add(Services.io.newURI("http://example.com"));
    131      await testDomain(browser, "http://example.com");
    132    },
    133    { activateFirst: false }
    134  );
    135 
    136  info("1B. Activating domainPolicy first, creating child process after");
    137  await test(
    138    async browser => {
    139      policy.blocklist.add(Services.io.newURI("http://example.com"));
    140      await testDomain(browser, "http://example.com");
    141    },
    142    { activateFirst: true }
    143  );
    144 
    145  info("2. Testing Blocklist-style Domain Policy");
    146 
    147  info("2A. Activating domainPolicy first, creating child process after");
    148  await test(
    149    async browser => {
    150      await testList(browser, TEST_POLICY.notExempt, true);
    151      await testList(browser, TEST_POLICY.exempt, false);
    152    },
    153    { activateFirst: true, isBlock: true }
    154  );
    155 
    156  info("2B. Creating child process first, activating domainPolicy after");
    157  await test(
    158    async browser => {
    159      await testList(browser, TEST_POLICY.notExempt, true);
    160      await testList(browser, TEST_POLICY.exempt, false);
    161    },
    162    { activateFirst: false, isBlock: true }
    163  );
    164 
    165  info("3. Testing Allowlist-style Domain Policy");
    166  await SpecialPowers.pushPrefEnv({ set: [["javascript.enabled", false]] });
    167 
    168  info("3A. Activating domainPolicy first, creating child process after");
    169  await test(
    170    async browser => {
    171      await testList(browser, TEST_POLICY.notExempt, false);
    172      await testList(browser, TEST_POLICY.exempt, true);
    173    },
    174    { activateFirst: true, isBlock: false }
    175  );
    176 
    177  info("3B. Creating child process first, activating domainPolicy after");
    178  await test(
    179    async browser => {
    180      await testList(browser, TEST_POLICY.notExempt, false);
    181      await testList(browser, TEST_POLICY.exempt, true);
    182    },
    183    { activateFirst: false, isBlock: false }
    184  );
    185 
    186  finish();
    187 });