tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_frame_src.html (2296B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Bug 1302667 - Test frame-src</title>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 <body>
     10 <iframe style="width:100%;" id="testframe"></iframe>
     11 
     12 <script class="testbody" type="text/javascript">
     13 
     14 SimpleTest.waitForExplicitFinish();
     15 
     16 /* Description of the test:
     17 * We load a page inlcuding a frame a CSP of:
     18 *   >> frame-src https://example.com; child-src 'none'
     19 * and make sure that frame-src governs frames correctly. In addition,
     20 * we make sure that child-src is discarded in case frame-src is specified.
     21 */
     22 
     23 const ORIGIN_1 = "https://example.com/tests/dom/security/test/csp/";
     24 const ORIGIN_2 = "https://test1.example.com/tests/dom/security/test/csp/";
     25 
     26 let TESTS = [
     27  // frame-src tests
     28  ORIGIN_1 + "file_frame_src_frame_governs.html",
     29  ORIGIN_2 + "file_frame_src_frame_governs.html",
     30  // child-src tests
     31  ORIGIN_1 + "file_frame_src_child_governs.html",
     32  ORIGIN_2 + "file_frame_src_child_governs.html",
     33 ];
     34 
     35 let testIndex = 0;
     36 
     37 function checkFinish() {
     38  if (testIndex >= TESTS.length) {
     39    window.removeEventListener("message", receiveMessage);
     40    SimpleTest.finish();
     41    return;
     42  }
     43  runNextTest();
     44 }
     45 
     46 window.addEventListener("message", receiveMessage);
     47 function receiveMessage(event) {
     48  let href = event.data.href;
     49  let result = event.data.result;
     50 
     51  if (href.startsWith("https://example.com")) {
     52  	if (result == "frame-allowed") {
     53  	  ok(true, "allowing frame from https://example.com (" + result + ")");
     54  	}
     55  	else {
     56  	  ok(false, "blocking frame from https://example.com (" + result + ")");
     57  	}
     58  }
     59  else if (href.startsWith("https://test1.example.com")) {
     60  	if (result == "frame-blocked") {
     61  	  ok(true, "blocking frame from https://test1.example.com (" + result + ")");
     62  	}
     63  	else {
     64  	  ok(false, "allowing frame from https://test1.example.com (" + result + ")");
     65  	}
     66  }
     67  else {
     68    // sanity check, we should never enter that branch, bust just in case...
     69  	ok(false, "unexpected result: " + result);
     70  }
     71  checkFinish();
     72 }
     73 
     74 function runNextTest() {
     75  document.getElementById("testframe").src = TESTS[testIndex];
     76  testIndex++;
     77 }
     78 
     79 // fire up the tests
     80 runNextTest();
     81 
     82 </script>
     83 </body>
     84 </html>