tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_iframe_srcdoc.sjs (2115B)

      1 // Custom *.sjs file specifically for the needs of
      2 // https://bugzilla.mozilla.org/show_bug.cgi?id=1073952
      3 
      4 "use strict";
      5 
      6 const SCRIPT = `
      7   <script>
      8     parent.parent.postMessage({result: &quot;allowed&quot;}, &quot;*&quot;);
      9   </script>`;
     10 
     11 const SIMPLE_IFRAME_SRCDOC =
     12   `
     13   <!DOCTYPE html>
     14   <html>
     15   <head><meta charset="utf-8"></head>
     16   <body>
     17     <iframe sandbox="allow-scripts" srcdoc="` +
     18   SCRIPT +
     19   `"></iframe>
     20   </body>
     21   </html>`;
     22 
     23 const INNER_SRCDOC_IFRAME = `
     24   <iframe sandbox='allow-scripts' srcdoc='<script>
     25       parent.parent.parent.postMessage({result: &quot;allowed&quot;}, &quot;*&quot;);
     26     </script>'>
     27   </iframe>`;
     28 
     29 const NESTED_IFRAME_SRCDOC =
     30   `
     31   <!DOCTYPE html>
     32   <html>
     33   <head><meta charset="utf-8"></head>
     34   <body>
     35     <iframe sandbox="allow-scripts" srcdoc="` +
     36   INNER_SRCDOC_IFRAME +
     37   `"></iframe>
     38   </body>
     39   </html>`;
     40 
     41 const INNER_DATAURI_IFRAME = `
     42   <iframe sandbox='allow-scripts' src='data:text/html,<script>
     43       parent.parent.parent.postMessage({result: &quot;allowed&quot;}, &quot;*&quot;);
     44     </script>'>
     45   </iframe>`;
     46 
     47 const NESTED_IFRAME_SRCDOC_DATAURI =
     48   `
     49   <!DOCTYPE html>
     50   <html>
     51   <head><meta charset="utf-8"></head>
     52   <body>
     53     <iframe sandbox="allow-scripts" srcdoc="` +
     54   INNER_DATAURI_IFRAME +
     55   `"></iframe>
     56   </body>
     57   </html>`;
     58 
     59 function handleRequest(request, response) {
     60   const query = new URLSearchParams(request.queryString);
     61 
     62   response.setHeader("Cache-Control", "no-cache", false);
     63   if (typeof query.get("csp") === "string") {
     64     response.setHeader("Content-Security-Policy", query.get("csp"), false);
     65   }
     66   response.setHeader("Content-Type", "text/html", false);
     67 
     68   if (query.get("action") === "simple_iframe_srcdoc") {
     69     response.write(SIMPLE_IFRAME_SRCDOC);
     70     return;
     71   }
     72 
     73   if (query.get("action") === "nested_iframe_srcdoc") {
     74     response.write(NESTED_IFRAME_SRCDOC);
     75     return;
     76   }
     77 
     78   if (query.get("action") === "nested_iframe_srcdoc_datauri") {
     79     response.write(NESTED_IFRAME_SRCDOC_DATAURI);
     80     return;
     81   }
     82 
     83   // we should never get here, but just in case
     84   // return something unexpected
     85   response.write("do'h");
     86 }