tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_ping.html (2969B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Bug 1100181 - CSP: Enforce connect-src when submitting pings</title>
      5  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 <body>
     10 <iframe style="width:100%;" id="testframe"></iframe>
     11 
     12 <script class="testbody" type="text/javascript">
     13 
     14 /*
     15 * Description of the test:
     16 *   We load a page with a given CSP and verify that hyperlink auditing
     17 *   is correctly evaluated through the "connect-src" directive.
     18 */
     19 
     20 // Need to pref hyperlink auditing on since it's disabled by default.
     21 SpecialPowers.setBoolPref("browser.send_pings", true);
     22 
     23 SimpleTest.waitForExplicitFinish();
     24 
     25 var tests = [
     26  {
     27    result : "allowed",
     28    policy : "connect-src 'self'"
     29  },
     30  {
     31    result : "blocked",
     32    policy : "connect-src 'none'"
     33  }
     34 ];
     35 
     36 // initializing to -1 so we start at index 0 when we start the test
     37 var counter = -1;
     38 
     39 function checkResult(aResult) {
     40  is(aResult, tests[counter].result, "should be " + tests[counter].result + " in test " + counter + "!");
     41  loadNextTest();
     42 }
     43 
     44 // We use the examiner to identify requests that hit the wire and requests
     45 // that are blocked by CSP and bubble up the result to the including iframe
     46 // document (parent).
     47 function examiner() {
     48  SpecialPowers.addObserver(this, "csp-on-violate-policy");
     49  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
     50 }
     51 examiner.prototype  = {
     52  observe(subject, topic, data) {
     53   if (topic === "specialpowers-http-notify-request") {
     54      // making sure we do not bubble a result for something
     55      // other then the request in question.
     56      if (!data.includes("send-ping")) {
     57        return;
     58      }
     59      checkResult("allowed");
     60      return;
     61    }
     62 
     63    if (topic === "csp-on-violate-policy") {
     64      // making sure we do not bubble a result for something
     65      // other then the request in question.
     66      var asciiSpec = SpecialPowers.getPrivilegedProps(
     67        SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
     68      if (!asciiSpec.includes("send-ping")) {
     69        return;
     70      }
     71      checkResult("blocked");
     72    }
     73  },
     74  remove() {
     75    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
     76    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
     77  }
     78 }
     79 window.ConnectSrcExaminer = new examiner();
     80 
     81 function loadNextTest() {
     82  counter++;
     83  if (counter == tests.length) {
     84    window.ConnectSrcExaminer.remove();
     85    SimpleTest.finish();
     86    return;
     87  }
     88 
     89  var src = "file_testserver.sjs";
     90  // append the file that should be served
     91  src += "?file=" + escape("tests/dom/security/test/csp/file_ping.html");
     92  // append the CSP that should be used to serve the file
     93  src += "&csp=" + escape(tests[counter].policy);
     94 
     95  document.getElementById("testframe").src = src;
     96 }
     97 
     98 // start running the tests
     99 loadNextTest();
    100 
    101 </script>
    102 </body>
    103 </html>