tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_csp_error_messages.html (2339B)

      1 <!doctype html>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Test some specialized CSP errors</title>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
      8 </head>
      9 <body>
     10 
     11 <iframe id="cspframe"></iframe>
     12 
     13 <script class="testbody" type="text/javascript">
     14 SimpleTest.waitForExplicitFinish();
     15 
     16 function cleanup() {
     17  SpecialPowers.postConsoleSentinel();
     18  SimpleTest.finish();
     19 };
     20 
     21 let errors = [];
     22 function add(name) {
     23  ok(!errors.includes(name), `duplicate error for ${name}`);
     24  errors.push(name);
     25 }
     26 
     27 SpecialPowers.registerConsoleListener(msg => {
     28  if (!msg.errorMessage) {
     29    return;
     30  }
     31 
     32  let {errorMessage} = msg;
     33  function contains(str) {
     34    ok(errorMessage.includes(str), `error message contains "${str}"`);
     35  }
     36 
     37  if (errorMessage.includes("(script-src-attr)")) {
     38    contains("blocked an event handler");
     39    contains("from being executed");
     40    contains("Source: alert('onload');");
     41    contains("'sha256-DZiWoZjxgAy1DmtJHfc8u0JhSZm1YuniGAI+cc1R2x0='");
     42    add("event handler");
     43  } else if (errorMessage.includes("(img-src)")) {
     44    contains("blocked the loading of a resource");
     45    contains("/image.png");
     46    add("image");
     47  } else if (errorMessage.includes("an inline script")) {
     48    contains("(script-src-elem)");
     49    contains("from being executed");
     50    contains("'sha256-DOE4qvVpP5+5S6sGuxFDf68+sW1dM9qbvA+i2Feh/Y8='");
     51    add("inline script");
     52  } else if (errorMessage.includes("a script")) {
     53    contains("(script-src-elem)");
     54    contains("from being executed");
     55    contains("/script.js");
     56    add("script");
     57  } else if (errorMessage.includes("(worker-src)")) {
     58    contains("(worker-src)");
     59    contains("from being executed");
     60    contains("/worker.js");
     61    add("worker");
     62  } else if (errorMessage.includes("a JavaScript eval")) {
     63    contains("(script-src)");
     64    contains("from being executed");
     65    contains("Missing 'unsafe-eval'")
     66    add("eval");
     67  } else if (errorMessage.includes("an inline style")) {
     68    contains("(style-src-attr)");
     69    contains("'sha256-C8uD/9cXZAvqgnwxgdb67jgkSDq7f8xjP8F6lhY1Gtk='");
     70    add("style attribute");
     71  }
     72 
     73  if (errors.length == 7) {
     74    SimpleTest.executeSoon(cleanup);
     75  }
     76 });
     77 
     78 document.getElementById('cspframe').src = 'file_csp_error_messages.html';
     79 </script>
     80 </body>
     81 </html>