tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_block_subresource_redir_to_data.html (2149B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Bug 1428793: Block insecure redirects to data: URIs</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      7 </head>
      8 <body>
      9 
     10 <script id="testScriptRedirectToData"></script>
     11 <script id="testModuleScriptRedirectToData" type="module"></script>
     12 
     13 <script class="testbody" type="text/javascript">
     14 
     15 SimpleTest.waitForExplicitFinish();
     16 const NUM_TESTS = 3;
     17 
     18 var testCounter = 0;
     19 function checkFinish() {
     20  testCounter++;
     21  if (testCounter === NUM_TESTS) {
     22    SimpleTest.finish();
     23  }
     24 }
     25 
     26 // --- test regular scripts
     27 let testScriptRedirectToData = document.getElementById("testScriptRedirectToData");
     28 testScriptRedirectToData.onerror = function() {
     29  ok(true, "script that redirects to data: URI should not load");
     30  checkFinish();
     31 }
     32 testScriptRedirectToData.onload = function() {
     33  ok(false, "script that redirects to data: URI should not load");
     34  checkFinish();
     35 }
     36 testScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?script";
     37 
     38 // --- test workers
     39 let worker = new Worker("file_block_subresource_redir_to_data.sjs?worker");
     40 worker.onerror = function() {
     41  // please note that workers need to be same origin, hence the data: URI
     42  // redirect is blocked by worker code and not the content security manager!
     43  ok(true, "worker script that redirects to data: URI should not load");
     44  checkFinish();
     45 }
     46 worker.onmessage = function() {
     47  ok(false, "worker script that redirects to data: URI should not load");
     48  checkFinish();
     49 };
     50 worker.postMessage("dummy");
     51 
     52 // --- test script modules
     53  let testModuleScriptRedirectToData = document.getElementById("testModuleScriptRedirectToData");
     54  testModuleScriptRedirectToData.onerror = function() {
     55    ok(true, "module script that redirects to data: URI should not load");
     56    checkFinish();
     57  }
     58  testModuleScriptRedirectToData.onload = function() {
     59    ok(false, "module script that redirects to data: URI should not load");
     60    checkFinish();
     61  }
     62  testModuleScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?modulescript";
     63 
     64 </script>
     65 </body>
     66 </html>