tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_csp_frame_ancestors_about_blank.html (1961B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Bug 1668071 - CSP frame-ancestors in about:blank</title>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 <body>
     10 
     11 <script class="testbody" type="text/javascript">
     12 
     13 /* Description of the test:
     14 * We dynamically load an about:blank iframe which then loads a testframe
     15 * including a CSP frame-ancestors directive which matches the including
     16 * security context. We make sure that we not incorrectly block on
     17 * about:blank which should inherit the security context.
     18 */
     19 
     20 SimpleTest.waitForExplicitFinish();
     21 
     22 let aboutBlankFrame = document.createElement("iframe");
     23 document.body.appendChild(aboutBlankFrame);
     24 
     25 aboutBlankFrame.onload = function() {
     26  ok(true, "aboutBlankFrame onload should fire");
     27  let aboutBlankDoc = aboutBlankFrame.contentDocument;
     28  is(aboutBlankDoc.documentURI, "about:blank",
     29    "sanity: aboutBlankFrame URI should be about:blank");
     30 
     31  let testframe = aboutBlankDoc.createElement("iframe");
     32  aboutBlankDoc.body.appendChild(testframe);
     33  testframe.onload = function() {
     34    ok(true, "testframe onload should fire");
     35    let testDoc = SpecialPowers.wrap(testframe.contentDocument);
     36    ok(testDoc.documentURI.endsWith("file_csp_frame_ancestors_about_blank.html"),
     37       "sanity: document in testframe should be the testfile");
     38 
     39    let cspJSON = testDoc.cspJSON;
     40    ok(cspJSON.includes("frame-ancestors"), "found frame-ancestors directive");
     41    ok(cspJSON.includes("http://mochi.test:8888"), "found frame-ancestors value");
     42 
     43    SimpleTest.finish();
     44  }
     45 
     46  testframe.onerror = function() {
     47    ok(false, "testframe onerror should not fire");
     48  }
     49  testframe.src = "file_csp_frame_ancestors_about_blank.html";
     50 }
     51 
     52 aboutBlankFrame.onerror = function() {
     53  ok(false, "aboutBlankFrame onerror should not be called");
     54 }
     55 aboutBlankFrame.src = "about:blank";
     56 
     57 </script>
     58 </body>
     59 </html>