tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_punycode_host_src.html (2187B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Bug 1224225 - CSP source matching should work for punycoded domain names</title>
      6  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      7  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      8  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      9 </head>
     10 <body>
     11 <iframe style="width:100%;" id="testframe"></iframe>
     12 
     13 <script class="testbody" type="text/javascript">
     14 
     15 /* Description of the test:
     16 * We load scripts within an iframe and make sure that the
     17 * CSP matching is same for punycode domain names as well as IDNA.
     18 */
     19 
     20 SimpleTest.waitForExplicitFinish();
     21 
     22 
     23 var curTest;
     24 var counter = -1;
     25 
     26 const tests = [
     27  { // test 1
     28    description: "loads script as sub2.ält.example.org, but allowlist in CSP as sub2.xn--lt-uia.example.org",
     29    action: "script-unicode-csp-punycode",
     30    csp: "script-src http://sub2.xn--lt-uia.example.org;",
     31    expected: "script-allowed",
     32 
     33  },
     34  { // test 2
     35    description: "loads script as sub2.xn--lt-uia.example.org, and allowlist in CSP as sub2.xn--lt-uia.example.org",
     36    action: "script-punycode-csp-punycode",
     37    csp: "script-src http://sub2.xn--lt-uia.example.org;",
     38    expected: "script-allowed",
     39 
     40  },
     41    { // test 3
     42    description: "loads script as sub2.xn--lt-uia.example.org, and allowlist in CSP as sub2.xn--lt-uia.example.org",
     43    action: "script-punycode-csp-punycode",
     44    csp: "script-src *.xn--lt-uia.example.org;",
     45    expected: "script-allowed",
     46 
     47  },
     48 
     49 ];
     50 
     51 function finishTest() {
     52  window.removeEventListener("message", receiveMessage);
     53  SimpleTest.finish();
     54 }
     55 
     56 function checkResults(result) {
     57  is(result, curTest.expected, curTest.description);
     58  loadNextTest();
     59 }
     60 
     61 window.addEventListener("message", receiveMessage);
     62 function receiveMessage(event) {
     63  checkResults(event.data.result);
     64 }
     65 
     66 function loadNextTest() {
     67  counter++;
     68  if (counter == tests.length) {
     69    finishTest();
     70    return;
     71  }
     72  curTest = tests[counter];
     73  var testframe = document.getElementById("testframe");
     74  testframe.src = `file_punycode_host_src.sjs?action=${curTest.action}&csp=${curTest.csp}`;
     75 }
     76 
     77 loadNextTest();
     78 
     79 </script>
     80 </body>
     81 </html>