[ tor-browser ].git.dasho

test_parser.html (24528B)
      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Test feature policy - parsing</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      7 </head>
      8 <body>
      9 <iframe src="empty.html" id="ifr"></iframe>
     10 <iframe src="https://example.org/tests/dom/security/featurePolicy/test/mochitest/empty.html" id="cross_ifr"></iframe>
     11 <script type="text/javascript">
     12 
     13 SimpleTest.waitForExplicitFinish();
     14 
     15 const CROSS_ORIGIN = "https://example.org";
     16 
     17 function test_document() {
     18  info("Checking document.featurePolicy");
     19  ok("featurePolicy" in document, "We have document.featurePolicy");
     20 
     21  ok(!document.featurePolicy.allowsFeature("foobar"), "Random feature");
     22  ok(!document.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
     23 
     24  ok(document.featurePolicy.allowsFeature("camera"), "Camera is allowed for self");
     25  ok(document.featurePolicy.allowsFeature("camera", "https://foo.bar"), "Camera is always allowed");
     26  let allowed = document.featurePolicy.getAllowlistForFeature("camera");
     27  is(allowed.length, 1, "Only 1 entry in allowlist for camera");
     28  is(allowed[0], "*", "allowlist is *");
     29 
     30  ok(document.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
     31  ok(document.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
     32  ok(!document.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
     33  allowed = document.featurePolicy.getAllowlistForFeature("geolocation");
     34  is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
     35  is(allowed[0], location.origin, "allowlist is self");
     36 
     37  ok(!document.featurePolicy.allowsFeature("microphone"), "Microphone is disabled for self");
     38  ok(!document.featurePolicy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
     39  ok(!document.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
     40  ok(document.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is allowed for example.com");
     41  ok(document.featurePolicy.allowsFeature("microphone", "https://example.org"), "Microphone is allowed for example.org");
     42  allowed = document.featurePolicy.getAllowlistForFeature("microphone");
     43  is(allowed.length, 0, "No allowlist for microphone");
     44 
     45  ok(!document.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
     46  ok(!document.featurePolicy.allowsFeature("vr", location.origin), "Vibrate is disabled for self");
     47  ok(!document.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
     48  allowed = document.featurePolicy.getAllowlistForFeature("vr");
     49  is(allowed.length, 0, "No allowlist for vr");
     50 
     51  allowed = document.featurePolicy.allowedFeatures();
     52  // microphone is disabled for this origin, vr is disabled everywhere.
     53  let camera = false;
     54  let geolocation = false;
     55  allowed.forEach(a => {
     56    if (a == "camera") camera = true;
     57    if (a == "geolocation") geolocation = true;
     58  });
     59 
     60  ok(camera, "Camera is always allowed");
     61  ok(geolocation, "Geolocation is allowed only for self");
     62 
     63  next();
     64 }
     65 
     66 function test_iframe_without_allow() {
     67  info("Checking HTMLIFrameElement.featurePolicy");
     68  let ifr = document.getElementById("ifr");
     69  ok("featurePolicy" in ifr, "HTMLIFrameElement.featurePolicy exists");
     70 
     71  ok(!ifr.featurePolicy.allowsFeature("foobar"), "Random feature");
     72  ok(!ifr.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
     73 
     74  ok(ifr.featurePolicy.allowsFeature("camera"), "Camera is allowed for self");
     75  ok(ifr.featurePolicy.allowsFeature("camera", location.origin), "Camera is allowed for self");
     76  ok(!ifr.featurePolicy.allowsFeature("camera", "https://foo.bar"), "Camera is not allowed for a random URL");
     77  let allowed = ifr.featurePolicy.getAllowlistForFeature("camera");
     78  is(allowed.length, 1, "Only 1 entry in allowlist for camera");
     79  is(allowed[0], location.origin, "allowlist is 'self'");
     80 
     81  ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
     82  ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
     83  ok(!ifr.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
     84  allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
     85  is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
     86  is(allowed[0], location.origin, "allowlist is '*'");
     87 
     88  ok(!ifr.featurePolicy.allowsFeature("microphone"), "Microphone is disabled for self");
     89  ok(!ifr.featurePolicy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
     90  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
     91  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is disabled for example.com");
     92  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://example.org"), "Microphone is disabled for example.org");
     93  allowed = ifr.featurePolicy.getAllowlistForFeature("microphone");
     94  is(allowed.length, 0, "No allowlist for microphone");
     95 
     96  ok(!ifr.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
     97  ok(!ifr.featurePolicy.allowsFeature("vr", location.origin), "Vibrate is disabled for self");
     98  ok(!ifr.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
     99  allowed = ifr.featurePolicy.getAllowlistForFeature("vr");
    100  is(allowed.length, 0, "No allowlist for vr");
    101 
    102  ok(ifr.featurePolicy.allowedFeatures().includes("camera"), "Camera is allowed");
    103  ok(ifr.featurePolicy.allowedFeatures().includes("geolocation"), "Geolocation is allowed");
    104  // microphone is disabled for this origin
    105  ok(!ifr.featurePolicy.allowedFeatures().includes("microphone"), "microphone is not allowed");
    106  // vr is disabled everywhere.
    107  ok(!ifr.featurePolicy.allowedFeatures().includes("vr"), "VR is not allowed");
    108 
    109  next();
    110 }
    111 
    112 function test_iframe_with_allow() {
    113  info("Checking HTMLIFrameElement.featurePolicy");
    114  let ifr = document.getElementById("ifr");
    115  ok("featurePolicy" in ifr, "HTMLIFrameElement.featurePolicy exists");
    116 
    117  ifr.setAttribute("allow", "camera 'none'");
    118 
    119  ok(!ifr.featurePolicy.allowsFeature("foobar"), "Random feature");
    120  ok(!ifr.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
    121 
    122  ok(!ifr.featurePolicy.allowsFeature("camera"), "Camera is not allowed");
    123  let allowed = ifr.featurePolicy.getAllowlistForFeature("camera");
    124  is(allowed.length, 0, "Camera has an empty allowlist");
    125 
    126  ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
    127  ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
    128  ok(!ifr.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
    129  allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
    130  is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
    131  is(allowed[0], location.origin, "allowlist is '*'");
    132 
    133  ok(!ifr.featurePolicy.allowsFeature("microphone"), "Microphone is disabled for self");
    134  ok(!ifr.featurePolicy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
    135  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
    136  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is disabled for example.com");
    137  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://example.org"), "Microphone is disabled for example.org");
    138  allowed = ifr.featurePolicy.getAllowlistForFeature("microphone");
    139  is(allowed.length, 0, "No allowlist for microphone");
    140 
    141  ok(!ifr.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
    142  ok(!ifr.featurePolicy.allowsFeature("vr", location.origin), "Vibrate is disabled for self");
    143  ok(!ifr.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
    144  allowed = ifr.featurePolicy.getAllowlistForFeature("vr");
    145  is(allowed.length, 0, "No allowlist for vr");
    146 
    147  ok(ifr.featurePolicy.allowedFeatures().includes("geolocation"), "Geolocation is allowed only for self");
    148 
    149  next();
    150 }
    151 
    152 function test_iframe_contentDocument() {
    153  info("Checking iframe document.featurePolicy");
    154 
    155  let ifr = document.createElement("iframe");
    156  ifr.setAttribute("src", "empty.html");
    157  ifr.onload = function() {
    158    ok("featurePolicy" in ifr.contentDocument, "We have ifr.contentDocument.featurePolicy");
    159 
    160    ok(!ifr.contentDocument.featurePolicy.allowsFeature("foobar"), "Random feature");
    161    ok(!ifr.contentDocument.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
    162 
    163    ok(ifr.contentDocument.featurePolicy.allowsFeature("camera"), "Camera is allowed for self");
    164    ok(ifr.contentDocument.featurePolicy.allowsFeature("camera", location.origin), "Camera is allowed for self");
    165    ok(!ifr.contentDocument.featurePolicy.allowsFeature("camera", "https://foo.bar"), "Camera is allowed for self");
    166    let allowed = ifr.contentDocument.featurePolicy.getAllowlistForFeature("camera");
    167    is(allowed.length, 1, "Only 1 entry in allowlist for camera");
    168    is(allowed[0], location.origin, "allowlist is 'self'");
    169 
    170    ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
    171    ok(ifr.featurePolicy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
    172    ok(!ifr.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
    173    allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
    174    is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
    175    is(allowed[0], location.origin, "allowlist is '*'");
    176 
    177    ok(!ifr.contentDocument.featurePolicy.allowsFeature("microphone"), "Microphone is disabled for self");
    178    ok(!ifr.contentDocument.featurePolicy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
    179    ok(!ifr.contentDocument.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
    180    ok(!ifr.contentDocument.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is allowed for example.com");
    181    ok(!ifr.contentDocument.featurePolicy.allowsFeature("microphone", "https://example.org"), "Microphone is allowed for example.org");
    182    allowed = ifr.contentDocument.featurePolicy.getAllowlistForFeature("microphone");
    183    is(allowed.length, 0, "No allowlist for microphone");
    184 
    185    ok(!ifr.contentDocument.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
    186    ok(!ifr.contentDocument.featurePolicy.allowsFeature("vr", location.origin), "Vibrate is disabled for self");
    187    ok(!ifr.contentDocument.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
    188    allowed = ifr.contentDocument.featurePolicy.getAllowlistForFeature("vr");
    189    is(allowed.length, 0, "No allowlist for vr");
    190 
    191    ok(ifr.contentDocument.featurePolicy.allowedFeatures().includes("camera"), "Camera is allowed");
    192    ok(ifr.contentDocument.featurePolicy.allowedFeatures().includes("geolocation"), "Geolocation is allowed");
    193    // microphone is disabled for this origin
    194    ok(!ifr.contentDocument.featurePolicy.allowedFeatures().includes("microphone"), "Microphone is not allowed");
    195    // vr is disabled everywhere.
    196    ok(!ifr.contentDocument.featurePolicy.allowedFeatures().includes("vr"), "VR is not allowed");
    197 
    198    next();
    199  };
    200  document.body.appendChild(ifr);
    201 }
    202 
    203 function test_cross_iframe_without_allow() {
    204  info("Checking cross HTMLIFrameElement.featurePolicy no allow");
    205  let ifr = document.getElementById("cross_ifr");
    206  ok("featurePolicy" in ifr, "HTMLIFrameElement.featurePolicy exists");
    207 
    208  ok(!ifr.featurePolicy.allowsFeature("foobar"), "Random feature");
    209  ok(!ifr.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
    210 
    211  ok(ifr.featurePolicy.allowsFeature("camera"), "Camera is allowed for self");
    212  ok(ifr.featurePolicy.allowsFeature("camera", CROSS_ORIGIN), "Camera is allowed for self");
    213  ok(!ifr.featurePolicy.allowsFeature("camera", "https://foo.bar"), "Camera is not allowed for a random URL");
    214  let allowed = ifr.featurePolicy.getAllowlistForFeature("camera");
    215  is(allowed.length, 1, "Only 1 entry in allowlist for camera");
    216  is(allowed[0], CROSS_ORIGIN, "allowlist is 'self'");
    217 
    218  ok(!ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is not allowed for self");
    219  ok(!ifr.featurePolicy.allowsFeature("geolocation", CROSS_ORIGIN),
    220    "Geolocation is not allowed for self");
    221  ok(!ifr.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
    222  allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
    223  is(allowed.length, 0, "No allowlist for geolocation");
    224 
    225  ok(ifr.featurePolicy.allowsFeature("microphone"), "Microphone is enabled for self");
    226  ok(ifr.featurePolicy.allowsFeature("microphone", CROSS_ORIGIN), "Microphone is enabled for self");
    227  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
    228  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is disabled for example.com");
    229  allowed = ifr.featurePolicy.getAllowlistForFeature("microphone");
    230  is(allowed.length, 1, "Only 1 entry in allowlist for microphone");
    231  is(allowed[0], CROSS_ORIGIN, "allowlist is self");
    232 
    233  ok(!ifr.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
    234  ok(!ifr.featurePolicy.allowsFeature("vr", CROSS_ORIGIN), "Vibrate is disabled for self");
    235  ok(!ifr.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
    236  allowed = ifr.featurePolicy.getAllowlistForFeature("vr");
    237  is(allowed.length, 0, "No allowlist for vr");
    238 
    239  ok(ifr.featurePolicy.allowedFeatures().includes("camera"), "Camera is allowed");
    240  ok(!ifr.featurePolicy.allowedFeatures().includes("geolocation"), "Geolocation is not allowed");
    241  // microphone is enabled for this origin
    242  ok(ifr.featurePolicy.allowedFeatures().includes("microphone"), "microphone is allowed");
    243  // vr is disabled everywhere.
    244  ok(!ifr.featurePolicy.allowedFeatures().includes("vr"), "VR is not allowed");
    245 
    246  next();
    247 }
    248 
    249 function test_cross_iframe_with_allow() {
    250  info("Checking cross HTMLIFrameElement.featurePolicy with allow");
    251  let ifr = document.getElementById("cross_ifr");
    252  ok("featurePolicy" in ifr, "HTMLIFrameElement.featurePolicy exists");
    253 
    254  ifr.setAttribute("allow", "geolocation; camera 'none'");
    255 
    256  ok(!ifr.featurePolicy.allowsFeature("foobar"), "Random feature");
    257  ok(!ifr.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
    258 
    259  ok(!ifr.featurePolicy.allowsFeature("camera"), "Camera is not allowed");
    260  let allowed = ifr.featurePolicy.getAllowlistForFeature("camera");
    261  is(allowed.length, 0, "Camera has an empty allowlist");
    262 
    263  ok(ifr.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
    264  ok(ifr.featurePolicy.allowsFeature("geolocation", CROSS_ORIGIN), "Geolocation is allowed for self");
    265  ok(!ifr.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
    266  allowed = ifr.featurePolicy.getAllowlistForFeature("geolocation");
    267  is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
    268  is(allowed[0], CROSS_ORIGIN, "allowlist is '*'");
    269 
    270  ok(ifr.featurePolicy.allowsFeature("microphone"), "Microphone is enabled for self");
    271  ok(ifr.featurePolicy.allowsFeature("microphone", CROSS_ORIGIN), "Microphone is enabled for self");
    272  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
    273  ok(!ifr.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is disabled for example.com");
    274  allowed = ifr.featurePolicy.getAllowlistForFeature("microphone");
    275  is(allowed.length, 1, "Only 1 entry in allowlist for microphone");
    276  is(allowed[0], CROSS_ORIGIN, "allowlist is self");
    277 
    278  ok(!ifr.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
    279  ok(!ifr.featurePolicy.allowsFeature("vr", CROSS_ORIGIN), "Vibrate is disabled for self");
    280  ok(!ifr.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
    281  allowed = ifr.featurePolicy.getAllowlistForFeature("vr");
    282  is(allowed.length, 0, "No allowlist for vr");
    283 
    284  ok(ifr.featurePolicy.allowedFeatures().includes("geolocation"), "Geolocation is allowed only for self");
    285  // microphone is enabled for this origin
    286  ok(ifr.featurePolicy.allowedFeatures().includes("microphone"), "microphone is allowed");
    287 
    288  next();
    289 }
    290 
    291 function test_cross_iframe_contentDocument_no_allow() {
    292  info("Checking cross iframe document.featurePolicy no allow");
    293 
    294  let ifr = document.createElement("iframe");
    295  ifr.setAttribute("src", "https://example.org/tests/dom/security/featurePolicy/test/mochitest/empty.html");
    296  ifr.onload = async function() {
    297    await SpecialPowers.spawn(ifr, [], () => {
    298      Assert.ok("featurePolicy" in this.content.document, "We have this.content.document.featurePolicy");
    299 
    300      Assert.ok(!this.content.document.featurePolicy.allowsFeature("foobar"), "Random feature");
    301      Assert.ok(!this.content.document.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
    302 
    303      Assert.ok(this.content.document.featurePolicy.allowsFeature("camera"), "Camera is allowed for self");
    304      Assert.ok(this.content.document.featurePolicy.allowsFeature("camera", "https://example.org"), "Camera is allowed for self");
    305      Assert.ok(!this.content.document.featurePolicy.allowsFeature("camera", "https://foo.bar"), "Camera is not allowed for a random URL");
    306      let allowed = this.content.document.featurePolicy.getAllowlistForFeature("camera");
    307      Assert.equal(allowed.length, 1, "Only 1 entry in allowlist for camera");
    308      Assert.equal(allowed[0], "https://example.org", "allowlist is 'self'");
    309 
    310      Assert.ok(!this.content.document.featurePolicy.allowsFeature("geolocation"), "Geolocation is not allowed for self");
    311      Assert.ok(!this.content.document.featurePolicy.allowsFeature("geolocation", "https://example.org"),
    312        "Geolocation is not allowed for self");
    313      Assert.ok(!this.content.document.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
    314      allowed = this.content.document.featurePolicy.getAllowlistForFeature("geolocation");
    315      Assert.equal(allowed.length, 0, "No allowlist for geolocation");
    316 
    317      Assert.ok(this.content.document.featurePolicy.allowsFeature("microphone"), "Microphone is enabled for self");
    318      Assert.ok(this.content.document.featurePolicy.allowsFeature("microphone", "https://example.org"), "Microphone is enabled for self");
    319      Assert.ok(!this.content.document.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
    320      Assert.ok(!this.content.document.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is disabled for example.com");
    321      allowed = this.content.document.featurePolicy.getAllowlistForFeature("microphone");
    322      Assert.equal(allowed.length, 1, "Only 1 entry in allowlist for microphone");
    323      Assert.equal(allowed[0], "https://example.org", "allowlist is self");
    324 
    325      Assert.ok(!this.content.document.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
    326      Assert.ok(!this.content.document.featurePolicy.allowsFeature("vr", "https://example.org"), "Vibrate is disabled for self");
    327      Assert.ok(!this.content.document.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
    328      allowed = this.content.document.featurePolicy.getAllowlistForFeature("vr");
    329      Assert.equal(allowed.length, 0, "No allowlist for vr");
    330 
    331      Assert.ok(this.content.document.featurePolicy.allowedFeatures().includes("camera"), "Camera is allowed");
    332      Assert.ok(!this.content.document.featurePolicy.allowedFeatures().includes("geolocation"), "Geolocation is not allowed");
    333      // microphone is enabled for this origin
    334      Assert.ok(this.content.document.featurePolicy.allowedFeatures().includes("microphone"), "microphone is allowed");
    335      // vr is disabled everywhere.
    336      Assert.ok(!this.content.document.featurePolicy.allowedFeatures().includes("vr"), "VR is not allowed");
    337    });
    338 
    339    next();
    340  };
    341  document.body.appendChild(ifr);
    342 }
    343 
    344 function test_cross_iframe_contentDocument_allow() {
    345  info("Checking cross iframe document.featurePolicy with allow");
    346 
    347  let ifr = document.createElement("iframe");
    348  ifr.setAttribute("src", "https://example.org/tests/dom/security/featurePolicy/test/mochitest/empty.html");
    349  ifr.setAttribute("allow", "geolocation; camera 'none'");
    350  ifr.onload = async function() {
    351    await SpecialPowers.spawn(ifr, [], () => {
    352      Assert.ok("featurePolicy" in this.content.document, "We have this.content.document.featurePolicy");
    353 
    354      Assert.ok(!this.content.document.featurePolicy.allowsFeature("foobar"), "Random feature");
    355      Assert.ok(!this.content.document.featurePolicy.allowsFeature("foobar", "https://www.something.net"), "Random feature");
    356 
    357      Assert.ok(!this.content.document.featurePolicy.allowsFeature("camera"), "Camera is not allowed");
    358      let allowed = this.content.document.featurePolicy.getAllowlistForFeature("camera");
    359      Assert.equal(allowed.length, 0, "Camera has an empty allowlist");
    360 
    361      Assert.ok(this.content.document.featurePolicy.allowsFeature("geolocation"), "Geolocation is allowed for self");
    362      Assert.ok(this.content.document.featurePolicy.allowsFeature("geolocation", "https://example.org"), "Geolocation is allowed for self");
    363      Assert.ok(!this.content.document.featurePolicy.allowsFeature("geolocation", "https://foo.bar"), "Geolocation is not allowed for any random URL");
    364      allowed = this.content.document.featurePolicy.getAllowlistForFeature("geolocation");
    365      Assert.equal(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
    366      Assert.equal(allowed[0], "https://example.org", "allowlist is '*'");
    367 
    368      Assert.ok(this.content.document.featurePolicy.allowsFeature("microphone"), "Microphone is enabled for self");
    369      Assert.ok(this.content.document.featurePolicy.allowsFeature("microphone", "https://example.org"), "Microphone is enabled for self");
    370      Assert.ok(!this.content.document.featurePolicy.allowsFeature("microphone", "https://foo.bar"), "Microphone is disabled for foo.bar");
    371      Assert.ok(!this.content.document.featurePolicy.allowsFeature("microphone", "https://example.com"), "Microphone is disabled for example.com");
    372      allowed = this.content.document.featurePolicy.getAllowlistForFeature("microphone");
    373      Assert.equal(allowed.length, 1, "Only 1 entry in allowlist for microphone");
    374      Assert.equal(allowed[0], "https://example.org", "allowlist is self");
    375 
    376      Assert.ok(!this.content.document.featurePolicy.allowsFeature("vr"), "Vibrate is disabled for self");
    377      Assert.ok(!this.content.document.featurePolicy.allowsFeature("vr", "https://example.org"), "Vibrate is disabled for self");
    378      Assert.ok(!this.content.document.featurePolicy.allowsFeature("vr", "https://foo.bar"), "Vibrate is disabled for foo.bar");
    379      allowed = this.content.document.featurePolicy.getAllowlistForFeature("vr");
    380      Assert.equal(allowed.length, 0, "No allowlist for vr");
    381 
    382      Assert.ok(this.content.document.featurePolicy.allowedFeatures().includes("geolocation"), "Geolocation is allowed only for self");
    383      // microphone is enabled for this origin
    384      Assert.ok(this.content.document.featurePolicy.allowedFeatures().includes("microphone"), "microphone is allowed");
    385    });
    386 
    387    next();
    388  };
    389  document.body.appendChild(ifr);
    390 }
    391 
    392 
    393 var tests = [
    394  test_document,
    395  test_iframe_without_allow,
    396  test_iframe_with_allow,
    397  test_iframe_contentDocument,
    398  test_cross_iframe_without_allow,
    399  test_cross_iframe_with_allow,
    400  test_cross_iframe_contentDocument_no_allow,
    401  test_cross_iframe_contentDocument_allow
    402 ];
    403 
    404 function next() {
    405  if (!tests.length) {
    406    SimpleTest.finish();
    407    return;
    408  }
    409 
    410  var test = tests.shift();
    411  test();
    412 }
    413 
    414 next();
    415 
    416 </script>
    417 </body>
    418 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE