tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_restrict_privileged_about_script.js (2429B)

      1 "use strict";
      2 
      3 const kChildPage = getRootDirectory(gTestPath) + "file_about_child.html";
      4 
      5 const kAboutPagesRegistered = BrowserTestUtils.registerAboutPage(
      6  registerCleanupFunction,
      7  "test-about-privileged-with-scripts",
      8  kChildPage,
      9  Ci.nsIAboutModule.ALLOW_SCRIPT |
     10    Ci.nsIAboutModule.URI_MUST_LOAD_IN_CHILD |
     11    Ci.nsIAboutModule.URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
     12    Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT |
     13    Ci.nsIAboutModule.IS_SECURE_CHROME_UI
     14 );
     15 
     16 add_task(async function test_principal_click() {
     17  await kAboutPagesRegistered;
     18  await SpecialPowers.pushPrefEnv({
     19    set: [
     20      ["dom.security.skip_about_page_has_csp_assert", true],
     21      ["security.disallow_privilegedabout_remote_script_loads", true],
     22    ],
     23  });
     24  await BrowserTestUtils.withNewTab(
     25    {
     26      gBrowser,
     27      url: "about:test-about-privileged-with-scripts",
     28      waitForLoad: true,
     29    },
     30    async function (browser) {
     31      // Wait for page to fully load
     32      info("Waiting for tab to be loaded..");
     33      // let's look into the fully loaded about page
     34      await SpecialPowers.spawn(browser, [], async function () {
     35        let channel = content.docShell.currentDocumentChannel;
     36        is(
     37          channel.originalURI.asciiSpec,
     38          "about:test-about-privileged-with-scripts",
     39          "sanity check - make sure we test the principal for the correct URI"
     40        );
     41 
     42        let triggeringPrincipal = channel.loadInfo.triggeringPrincipal;
     43        ok(
     44          triggeringPrincipal.isSystemPrincipal,
     45          "loading about: from privileged page must have a triggering of System"
     46        );
     47 
     48        let contentPolicyType = channel.loadInfo.externalContentPolicyType;
     49        is(
     50          contentPolicyType,
     51          Ci.nsIContentPolicy.TYPE_DOCUMENT,
     52          "sanity check - loading a top level document"
     53        );
     54 
     55        let loadingPrincipal = channel.loadInfo.loadingPrincipal;
     56        is(
     57          loadingPrincipal,
     58          null,
     59          "sanity check - load of TYPE_DOCUMENT must have a null loadingPrincipal"
     60        );
     61        ok(
     62          !content.document.nodePrincipal.isSystemPrincipal,
     63          "sanity check - loaded about page does not have the system principal"
     64        );
     65 
     66        is(
     67          content.wrappedJSObject.ran,
     68          "inline1inline2",
     69          "The script from https://example.com shouldn't work in an about: page."
     70        );
     71      });
     72    }
     73  );
     74 });