tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_iframe_sandbox_top_1.html (2665B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 https://bugzilla.mozilla.org/show_bug.cgi?id=671389
      5 Bug 671389 - Implement CSP sandbox directive
      6 
      7 Tests CSP sandbox attribute on top-level page.
      8 
      9 Minimal flags: allow-same-origin allow-scripts:
     10 Since we need to load the SimpleTest files, we have to set the
     11 allow-same-origin flag. Additionally, we set the allow-scripts flag
     12 since we need JS to check the flags.
     13 
     14 Though not necessary, for this test we also set the allow-forms flag.
     15 We may later wish to extend the testing suite with sandbox_csp_top_*
     16 tests that set different permutations of the flags.
     17 
     18 CSP header: Content-Security-Policy: sandbox allow-forms allow-scripts allow-same-origin
     19 -->
     20 <head>
     21  <meta charset="utf-8">
     22  <title>Tests for Bug 671389</title>
     23  <script src="/tests/SimpleTest/SimpleTest.js"></script>
     24  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
     25 </head>
     26 <script type="application/javascript">
     27 
     28 SimpleTest.waitForExplicitFinish();
     29 
     30 // Check if two sandbox flags are the same.
     31 // getSandboxFlags returns a list of sandbox flags (if any) or
     32 // null if the flag is not set.
     33 // This function checks if two flags are the same, i.e., they're
     34 // either not set or have the same flags.
     35 function eqFlags(a, b) {
     36  if (a === null && b === null) { return true; }
     37  if (a === null || b === null) { return false; }
     38  if (a.length !== b.length) { return false; }
     39  var a_sorted = a.sort();
     40  var b_sorted = b.sort();
     41  for (var i in a_sorted) {
     42    if (a_sorted[i] !== b_sorted[i]) {
     43      return false;
     44    }
     45  }
     46  return true;
     47 }
     48 
     49 // Get the sandbox flags of document doc.
     50 // If the flag is not set sandboxFlagsAsString returns null,
     51 // this function also returns null.
     52 // If the flag is set it may have some flags; in this case
     53 // this function returns the (potentially empty) list of flags.
     54 function getSandboxFlags(doc) {
     55  var flags = doc.sandboxFlagsAsString;
     56  if (flags === null) { return null; }
     57  return flags? flags.split(" "):[];
     58 }
     59 
     60 function checkFlags(expected) {
     61  try {
     62    var flags = getSandboxFlags(SpecialPowers.wrap(document));
     63    ok(eqFlags(flags, expected), name + ' expected: "' + expected + '", got: "' + flags + '"');
     64  } catch (e) {
     65    ok(false, name + ' expected "' + expected + ', but failed with ' + e);
     66  }
     67  SimpleTest.finish();
     68 }
     69 
     70 </script>
     71 
     72 <body onLoad='checkFlags(["allow-forms", "allow-scripts", "allow-same-origin"]);'>
     73 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=671389">Mozilla Bug 671389</a> - Implement CSP sandbox directive
     74 <p id="display"></p>
     75 <div id="content">
     76  I am a top-level page sandboxed with "allow-scripts allow-forms
     77  allow-same-origin".
     78 </div>
     79 </body>
     80 </html>