tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_upgrade_insecure_navigation.sjs (2291B)

      1 // Custom *.sjs file specifically for the needs of
      2 // https://bugzilla.mozilla.org/show_bug.cgi?id=1271173
      3 
      4 "use strict";
      5 
      6 const TEST_NAVIGATIONAL_UPGRADE = `
      7   <!DOCTYPE html>
      8   <html>
      9   <head><meta charset="utf-8"></head>
     10   <body>
     11   <a href="http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_navigation.sjs?action=framenav" id="testlink">clickme</a>
     12   <script type="text/javascript">
     13     // before navigating the current frame we open the window and check that uir applies
     14     var myWin = window.open("http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_navigation.sjs?action=docnav");
     15 
     16     window.addEventListener("message", receiveMessage, false);
     17     function receiveMessage(event) {
     18       myWin.close();
     19       var link = document.getElementById('testlink');
     20       link.click();
     21     }
     22   </script>
     23   </body>
     24   </html>`;
     25 
     26 const FRAME_NAV = `
     27   <!DOCTYPE html>
     28   <html>
     29   <head><meta charset="utf-8"></head>
     30   <body>
     31   <script type="text/javascript">
     32     parent.postMessage({result: document.documentURI}, "*");
     33   </script>
     34   </body>
     35   </html>`;
     36 
     37 const DOC_NAV = `
     38   <!DOCTYPE html>
     39   <html>
     40   <head><meta charset="utf-8"></head>
     41   <body>
     42   <script type="text/javascript">
     43     // call back to the main testpage signaling whether the upgraded succeeded
     44     window.opener.parent.postMessage({result: document.documentURI}, "*");
     45     // let the opener (iframe) now that we can now close the window and move on with the test.
     46     window.opener.postMessage({result: "readyToMoveOn"}, "*");
     47   </script>
     48   </body>
     49   </html>`;
     50 
     51 function handleRequest(request, response) {
     52   const query = new URLSearchParams(request.queryString);
     53 
     54   response.setHeader("Cache-Control", "no-cache", false);
     55   response.setHeader("Content-Type", "text/html", false);
     56   if (query.get("csp")) {
     57     response.setHeader("Content-Security-Policy", query.get("csp"), false);
     58   }
     59 
     60   if (query.get("action") === "perform_navigation") {
     61     response.write(TEST_NAVIGATIONAL_UPGRADE);
     62     return;
     63   }
     64 
     65   if (query.get("action") === "framenav") {
     66     response.write(FRAME_NAV);
     67     return;
     68   }
     69 
     70   if (query.get("action") === "docnav") {
     71     response.write(DOC_NAV);
     72     return;
     73   }
     74 
     75   // we should never get here, but just in case
     76   // return something unexpected
     77   response.write("do'h");
     78 }