tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_block_toplevel_data_img_navigation.html (2112B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Bug 1396798: Do not block toplevel data: navigation to image (except svgs)</title>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 <body>
     10 <script class="testbody" type="text/javascript">
     11 SpecialPowers.setBoolPref("security.data_uri.block_toplevel_data_uri_navigations", true);
     12 SimpleTest.registerCleanupFunction(() => {
     13  SpecialPowers.clearUserPref("security.data_uri.block_toplevel_data_uri_navigations");
     14 });
     15 
     16 SimpleTest.waitForExplicitFinish();
     17 SimpleTest.requestFlakyTimeout("have to test that top level data:image loading is blocked/allowed");
     18 
     19 function test_toplevel_data_image() {
     20  const DATA_PNG =
     21    "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==";
     22  let win1 = window.open(DATA_PNG);
     23  let wrappedWin1 = SpecialPowers.wrap(win1);
     24  setTimeout(function () {
     25    let images = wrappedWin1.document.getElementsByTagName('img'); 
     26    is(images.length, 1, "Loading data:image/png should be allowed");
     27    is(images[0].src, DATA_PNG, "Sanity: img src matches");
     28    wrappedWin1.close();
     29    test_toplevel_data_image_svg();
     30  }, 1000);
     31 }
     32 
     33 function test_toplevel_data_image_svg() {
     34  const DATA_SVG =
     35    "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgdmlld0JveD0iMCAwIDE2IDE2Ij4KICA8cGF0aCBkPSJNOCwxMkwzLDcsNCw2bDQsNCw0LTQsMSwxWiIgZmlsbD0iIzZBNkE2QSIgLz4KPC9zdmc+Cg==";
     36  let win2 = window.open(DATA_SVG);
     37  // Unfortunately we can't detect whether the window was closed using some event,
     38  // hence we are constantly polling till we see that win == null.
     39  // Test times out on failure.
     40  var win2Closed = setInterval(function() {
     41    if (win2 == null || win2.closed) {
     42      clearInterval(win2Closed);
     43      ok(true, "Loading data:image/svg+xml should be blocked");
     44      SimpleTest.finish();
     45    }
     46  }, 200);
     47 }
     48 // fire up the tests
     49 test_toplevel_data_image();
     50 
     51 </script>
     52 </body>
     53 </html>