tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_img_referrer.html (8547B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Test img policy attribute for Bug 1166910</title>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
      8 
      9 <!--
     10 Testing that img referrer attribute is honoured correctly
     11 * Speculative parser loads (generate-img-policy-test)
     12 * regular loads (generate-img-policy-test2)
     13 * loading a single image multiple times with different policies (generate-img-policy-test3)
     14 * testing setAttribute and .referrer (generate-setAttribute-test)
     15 * regression tests that meta referrer is still working even if attribute referrers are enabled
     16 https://bugzilla.mozilla.org/show_bug.cgi?id=1166910
     17 -->
     18 
     19 <script type="application/javascript">
     20 
     21 SimpleTest.waitForExplicitFinish();
     22 var advance = function() { tests.next(); };
     23 
     24 /**
     25 * Listen for notifications from the child.
     26 * These are sent in case of error, or when the loads we await have completed.
     27 */
     28 window.addEventListener("message", function(event) {
     29  if (event.data == "childLoadComplete" ||
     30      event.data.contains("childLoadComplete")) {
     31    advance();
     32  }
     33 });
     34 
     35 /**
     36 * helper to perform an XHR.
     37 */
     38 function doXHR(aUrl, onSuccess, onFail) {
     39  var xhr = new XMLHttpRequest();
     40  xhr.responseType = "json";
     41  xhr.onload = function () {
     42    onSuccess(xhr);
     43  };
     44  xhr.onerror = function () {
     45    onFail(xhr);
     46  };
     47  xhr.open('GET', aUrl, true);
     48  xhr.send(null);
     49 }
     50 
     51 /**
     52 * Grabs the results via XHR and passes to checker.
     53 */
     54 function checkIndividualResults(aTestname, aExpectedImg, aName) {
     55  doXHR('/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=get-test-results',
     56        function(xhr) {
     57          var results = xhr.response;
     58          info(JSON.stringify(xhr.response));
     59 
     60          for (let i in aName) {
     61            ok(aName[i] in results.tests, aName[i] + " tests have to be performed.");
     62            is(results.tests[aName[i]].policy, aExpectedImg[i], aTestname + ' --- ' + results.tests[aName[i]].policy + ' (' + results.tests[aName[i]].referrer + ')');
     63          }
     64 
     65          advance();
     66        },
     67        function() {
     68          ok(false, "Can't get results from the counter server.");
     69          SimpleTest.finish();
     70        });
     71 }
     72 
     73 function resetState() {
     74  doXHR('/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=resetState',
     75    advance,
     76    function() {
     77      ok(false, "error in reset state");
     78      SimpleTest.finish();
     79    });
     80 }
     81 
     82 /**
     83 * testing if img referrer attribute is honoured (1165501)
     84 */
     85 var tests = (function*() {
     86 
     87  yield SpecialPowers.pushPrefEnv(
     88    { set: [["network.http.referer.disallowCrossSiteRelaxingDefault", false]] },
     89    advance
     90  );
     91 
     92  var iframe = document.getElementById("testframe");
     93  var sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test";
     94 
     95  // setting img unsafe-url and meta origin - unsafe-url shall prevail (should use speculative load)
     96  yield resetState();
     97  var name = 'unsaf-url-with-meta-in-origin';
     98  yield iframe.src = sjs + "&imgPolicy=" + escape('unsafe-url') + "&name=" + name + "&policy=" + escape('origin');
     99  yield checkIndividualResults("unsafe-url (img) with origin in meta", ["full"], [name]);
    100 
    101  // setting img no-referrer and meta default - no-referrer shall prevail (should use speculative load)
    102  yield resetState();
    103  name = 'no-referrer-with-meta-in-origin';
    104  yield iframe.src = sjs + "&imgPolicy=" + escape('no-referrer')+ "&name=" + name +  "&policy=" + escape('origin');
    105  yield checkIndividualResults("no-referrer (img) with default in meta", ["none"], [name]);
    106 
    107  // test referrer policy in regular load
    108  yield resetState();
    109  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test2";
    110  name = 'regular-load-unsafe-url';
    111  yield iframe.src = sjs + "&imgPolicy=" + escape('unsafe-url') + "&name=" + name;
    112  yield checkIndividualResults("unsafe-url in img", ["full"], [name]);
    113 
    114  // test referrer policy in regular load with multiple images
    115  var policies = ['unsafe-url', 'origin', 'no-referrer'];
    116  var expected = ["full", "origin", "none"];
    117  yield resetState();
    118  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test3";
    119  name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2];
    120  yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name;
    121  yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]);
    122 
    123  policies = ['origin', 'no-referrer', 'unsafe-url'];
    124  expected = ["origin", "none", "full"];
    125  yield resetState();
    126  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test3";
    127  name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2];
    128  yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name;
    129  yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]);
    130 
    131  policies = ['no-referrer', 'origin', 'unsafe-url'];
    132  expected = ["none", "origin", "full"];
    133  yield resetState();
    134  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test3";
    135  name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2];
    136  yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name;
    137  yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]);
    138 
    139  // regression tests that meta referrer is still working even if attribute referrers are enabled
    140  yield resetState();
    141  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test4";
    142  name = 'regular-load-no-referrer-meta';
    143  yield iframe.src = sjs + "&policy=" + escape('no-referrer') + "&name=" + name;
    144  yield checkIndividualResults("no-referrer in meta (no img referrer policy), speculative load", ["none"], [name]);
    145 
    146  yield resetState();
    147  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test5";
    148  name = 'regular-load-no-referrer-meta';
    149  yield iframe.src = sjs + "&policy=" + escape('no-referrer') + "&name=" + name;
    150  yield checkIndividualResults("no-referrer in meta (no img referrer policy), regular load", ["none"], [name]);
    151 
    152  //test setAttribute
    153  yield resetState();
    154  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test1";
    155  name = 'set-referrer-policy-attribute-before-src';
    156  yield iframe.src = sjs + "&imgPolicy=" + escape('no-referrer') + "&policy=" + escape('unsafe-url') + "&name=" + name;
    157  yield checkIndividualResults("no-referrer in img", ["none"], [name]);
    158 
    159  yield resetState();
    160  sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test2";
    161  name = 'set-referrer-policy-attribute-after-src';
    162  yield iframe.src = sjs + "&imgPolicy=" + escape('no-referrer') + "&policy=" + escape('unsafe-url') + "&name=" + name;
    163  yield checkIndividualResults("no-referrer in img", ["none"], [name]);
    164 
    165  yield resetState();
    166  sjs =
    167    "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test2";
    168  name = 'set-invalid-referrer-policy-attribute-before-src-invalid';
    169  yield iframe.src = sjs + "&imgPolicy=" + escape('invalid') + "&policy=" + escape('unsafe-url') + "&name=" + name;
    170  yield checkIndividualResults("unsafe-url in meta, invalid in img", ["full"], [name]);
    171 
    172  yield resetState();
    173  sjs =
    174    "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test2";
    175  name = 'set-invalid-referrer-policy-attribute-before-src-invalid';
    176  yield iframe.src = sjs + "&imgPolicy=" + escape('default') + "&policy=" + escape('unsafe-url') + "&name=" + name;
    177  yield checkIndividualResults("unsafe-url in meta, default in img", ["full"], [name]);
    178 
    179  // complete.
    180  SimpleTest.finish();
    181 })();
    182 
    183 </script>
    184 </head>
    185 
    186 <body onload="tests.next();">
    187  <iframe id="testframe"></iframe>
    188 
    189 </body>
    190 </html>