tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_meta_whitespace_skipping.html (2656B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Bug 1261634 - Update whitespace skipping for meta csp</title>
      6  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      7  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      8  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      9 </head>
     10 <body>
     11 <iframe style="width:100%;" id="testframe" src="file_meta_whitespace_skipping.html"></iframe>
     12 
     13 <script class="testbody" type="text/javascript">
     14 
     15 /* Description of the test:
     16 * We load a site using meta CSP into an iframe. We make sure that all directives
     17 * are parsed correclty by the CSP parser even though the directives are separated
     18 * not only by whitespace but also by line breaks
     19 */
     20 
     21 SimpleTest.waitForExplicitFinish();
     22 const EXPECTED_DIRS = [
     23  "img-src", "script-src", "style-src", "child-src", "font-src"];
     24 
     25 function finishTest() {
     26  window.removeEventListener("message", receiveMessage);
     27  SimpleTest.finish();
     28 }
     29 
     30 function checkResults(result) {
     31  // sanity check that the site was loaded and the meta csp was parsed.
     32  is(result, "meta-csp-parsed", "loading images should be blocked by meta csp");
     33 
     34  try {
     35    // get the csp in JSON notation from the principal
     36    var frame = document.getElementById("testframe");
     37    var contentDoc = SpecialPowers.wrap(frame.contentDocument);
     38    var cspJSON = contentDoc.cspJSON;
     39    ok(cspJSON, "CSP applied through meta element");
     40 
     41    // parse the cspJSON in a csp-object
     42    var cspOBJ = JSON.parse(cspJSON);
     43    ok(cspOBJ, "was able to parse the JSON");
     44 
     45    // make sure we only got one policy
     46    var policies = cspOBJ["csp-policies"];
     47    is(policies.length, 1, "there should be one policy applied");
     48 
     49    // iterate the policy and make sure to only encounter
     50    // expected directives.
     51    var policy = policies[0];
     52    for (var dir in policy) {
     53      // special case handling for report-only which is not a directive
     54      // but present in the JSON notation of the CSP.
     55      if (dir === "report-only") {
     56        continue;
     57      }
     58      var index = EXPECTED_DIRS.indexOf(dir);
     59      isnot(index, -1, "meta csp contains directive: " + dir + "!");
     60 
     61      // take the element out of the array so we can make sure
     62      // that we have seen all the expected values in the end.
     63      EXPECTED_DIRS.splice(index, 1);
     64    }
     65    is(EXPECTED_DIRS.length, 0, "have seen all the expected values");
     66  }
     67  catch (e) {
     68    ok(false, "uuh, something went wrong within meta csp test");
     69  }
     70 
     71  finishTest();
     72 }
     73 
     74 window.addEventListener("message", receiveMessage);
     75 function receiveMessage(event) {
     76  checkResults(event.data.result);
     77 }
     78 
     79 </script>
     80 </body>
     81 </html>