tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_nested.html (2073B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Test feature policy - permission delegation to nested browsing contexts</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      7 </head>
      8 <body>
      9 <script type="text/javascript">
     10 SimpleTest.waitForExplicitFinish();
     11 
     12 const SAME_ORIGIN = new URL("empty.html", location).href;
     13 const CROSS_ORIGIN = "https://example.org" + new URL(SAME_ORIGIN).pathname;
     14 
     15 async function makeChild(target, testParams) {
     16  // eslint-disable-next-line no-shadow
     17  await SpecialPowers.spawn(target, [testParams], async testParams => {
     18    const ifr = this.content.document.createElement(testParams.elem);
     19    ifr.setAttribute(
     20      testParams.elem === "object" ? "data" : "src",
     21      testParams.url
     22    );
     23 
     24    return new Promise(resolve => {
     25      ifr.onload = async function() {
     26        const isAllowed = await SpecialPowers.spawn(ifr, [], () =>
     27          this.content.document.featurePolicy.allowsFeature("microphone")
     28        );
     29        Assert.equal(
     30          isAllowed,
     31          testParams.allow,
     32          `permission delegation to ${ifr.outerHTML}`
     33        );
     34        resolve();
     35      };
     36      this.content.document.body.appendChild(ifr);
     37    });
     38  });
     39 }
     40 
     41 (async () => {
     42  info("Checking direct children");
     43  for (const elemType of ["iframe", "embed", "object"]) {
     44    await makeChild(window, { url: SAME_ORIGIN, elem: elemType, allow: true });
     45    await makeChild(window, {
     46      url: CROSS_ORIGIN,
     47      elem: elemType,
     48      allow: false,
     49    });
     50  }
     51 
     52  info("Checking children nested inside cross-origin iframe");
     53  const ifr = document.createElement("iframe");
     54  ifr.setAttribute("src", CROSS_ORIGIN);
     55  ifr.onload = async function() {
     56    for (const elemType of ["iframe", "embed", "object"]) {
     57      await makeChild(ifr, { url: SAME_ORIGIN, elem: elemType, allow: false });
     58      await makeChild(ifr, { url: CROSS_ORIGIN, elem: elemType, allow: false });
     59    }
     60    SimpleTest.finish();
     61  }
     62  document.body.appendChild(ifr);
     63 })();
     64 
     65 </script>
     66 </body>
     67 </html>