tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_frameNavigation_secure.html (2785B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 Tests for Mixed Content Blocker related to navigating children, grandchildren, etc
      5 https://bugzilla.mozilla.org/show_bug.cgi?id=840388
      6 -->
      7 <head>
      8  <meta charset="utf-8">
      9  <title>Tests for Mixed Content Frame Navigation</title>
     10 </head>
     11 <body>
     12 <div id="testContent"></div>
     13 
     14 <script>
     15  var baseUrl = "https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html";
     16 
     17  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
     18  var MAX_COUNT = 50;
     19  var TIMEOUT_INTERVAL = 100;
     20 
     21  var testContent = document.getElementById("testContent");
     22 
     23  // Test 1: Navigate secure iframe to insecure iframe on a secure page
     24  var iframe_test1 = document.createElement("iframe");
     25  var counter_test1 = 0;
     26  iframe_test1.setAttribute("id", "test1");
     27  iframe_test1.src = baseUrl + "?securePage_navigate_child";
     28  iframe_test1.onerror = function() {
     29    parent.postMessage({"test": "securePage_navigate_child", "msg": "navigating to insecure iframe blocked on secure page"}, "http://mochi.test:8888");
     30  };
     31  testContent.appendChild(iframe_test1);
     32 
     33  function navigationStatus(iframe_test1)
     34  {
     35    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
     36    // Catch that specific exception and return
     37    try {
     38      var loc = document.getElementById("test1").contentDocument.location;
     39    } catch(e) {
     40      if (e.name === "SecurityError") {
     41        // We received an exception we didn't expect.
     42        throw e;
     43      }
     44      counter_test1++;
     45      return;
     46    }
     47    if (loc == "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_child_response") {
     48      return;
     49    }
     50    if (counter_test1 < MAX_COUNT) {
     51      counter_test1++;
     52      setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
     53    }
     54    else {
     55      // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
     56      parent.postMessage({"test": "securePage_navigate_child", "msg": "navigating to insecure iframe blocked on secure page"}, "http://mochi.test:8888");
     57    }
     58  }
     59 
     60  setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
     61 
     62  // Test 2: Open an http page in a new tab from a link click with target=_blank.
     63  var iframe_test3 = document.createElement("iframe");
     64  iframe_test3.src = "https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_blankTarget.html";
     65  iframe_test3.onerror = function() {
     66    parent.postMessage({"test": "blankTarget", "msg": "got an onerror event when loading or navigating testing iframe"}, "http://mochi.test:8888");
     67  };
     68  testContent.appendChild(iframe_test3);
     69 
     70 </script>
     71 </body>
     72 </html>