tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_bug885433.html (2410B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Test for Content Security Policy inline stylesheets stuff</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      7 </head>
      8 <body>
      9 <p id="display"></p>
     10 <div id="content" style="display: none">
     11 </div>
     12 
     13 <iframe style="width:100%;" id='cspframe'></iframe>
     14 <iframe style="width:100%;" id='cspframe2'></iframe>
     15 <script class="testbody" type="text/javascript">
     16 
     17 //////////////////////////////////////////////////////////////////////
     18 // set up and go
     19 SimpleTest.waitForExplicitFinish();
     20 
     21 // utilities for check functions
     22 // black means the style wasn't applied, applied styles are green
     23 var green = 'rgb(0, 128, 0)';
     24 var black = 'rgb(0, 0, 0)';
     25 
     26 // We test both script and style execution by observing changes in computed styles
     27 function checkAllowed () {
     28  var cspframe = document.getElementById('cspframe');
     29  var color;
     30 
     31  color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-allowed')).color;
     32  ok(color === green, "Inline script should be allowed");
     33  color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-allowed')).color;
     34  ok(color === green, "Eval should be allowed");
     35  color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-allowed')).color;
     36  ok(color === green, "Inline style should be allowed");
     37 
     38  document.getElementById('cspframe2').src = 'file_bug885433_blocks.html';
     39  document.getElementById('cspframe2').addEventListener('load', checkBlocked);
     40 }
     41 
     42 function checkBlocked () {
     43  var cspframe = document.getElementById('cspframe2');
     44  var color;
     45 
     46  color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-blocked')).color;
     47  ok(color === black, "Inline script should be blocked");
     48  color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-blocked')).color;
     49  ok(color === black, "Eval should be blocked");
     50  color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-blocked')).color;
     51  ok(color === black, "Inline style should be blocked");
     52 
     53  SimpleTest.finish();
     54 }
     55 
     56 document.getElementById('cspframe').src = 'file_bug885433_allows.html';
     57 document.getElementById('cspframe').addEventListener('load', checkAllowed);
     58 </script>
     59 </pre>
     60 </body>
     61 </html>