tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

iframe_style_crossdomain.html (4891B)

      1 <!DOCTYPE HTML>
      2 <!-- Any copyright is dedicated to the Public Domain.
      3     http://creativecommons.org/publicdomain/zero/1.0/ -->
      4 <html>
      5 <head>
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
      8  <script type="application/javascript">
      9    function check_styles() {
     10      var redText = document.getElementById('red-text');
     11      var greenText = document.getElementById('green-text');
     12      var blueText = document.getElementById('blue-text');
     13      var redTextColor = window.getComputedStyle(redText).getPropertyValue('color');
     14      var greenTextColor = window.getComputedStyle(greenText).getPropertyValue('color');
     15      var blueTextColor = window.getComputedStyle(blueText).getPropertyValue('color');
     16      ok(redTextColor == 'rgb(255, 0, 0)', "The first part should be red.");
     17      ok(greenTextColor == 'rgb(0, 255, 0)', "The second part should be green.");
     18      ok(blueTextColor == 'rgb(0, 0, 255)', "The third part should be blue.");
     19    }
     20 
     21    SimpleTest.waitForExplicitFinish();
     22    window.onload = function() {
     23      check_styles();
     24      SimpleTest.finish();
     25    }
     26  </script>
     27  <script>
     28    function good_correctHashCORSLoaded() {
     29      ok(true, "A CORS cross-domain stylesheet with correct hash was correctly loaded.");
     30    }
     31    function bad_correctHashCORSBlocked() {
     32      ok(false, "We should load CORS cross-domain stylesheets with hashes that match!");
     33    }
     34    function good_correctHashBlocked() {
     35      ok(true, "A non-CORS cross-domain stylesheet with correct hash was correctly blocked.");
     36    }
     37    function bad_correctHashLoaded() {
     38      ok(false, "We should block non-CORS cross-domain stylesheets with hashes that match!");
     39    }
     40 
     41    function good_incorrectHashBlocked() {
     42      ok(true, "A non-CORS cross-domain stylesheet with incorrect hash was correctly blocked.");
     43    }
     44    function bad_incorrectHashLoaded() {
     45      ok(false, "We should load non-CORS cross-domain stylesheets with incorrect hashes!");
     46    }
     47 
     48    function bad_correctDataBlocked() {
     49      ok(false, "We should not block non-CORS cross-domain stylesheets in data: URI!");
     50    }
     51    function good_correctDataLoaded() {
     52      ok(true, "A non-CORS cross-domain stylesheet with data: URI was correctly loaded.");
     53    }
     54    function bad_correctDataCORSBlocked() {
     55      ok(false, "We should not block CORS stylesheets in data: URI!");
     56    }
     57    function good_correctDataCORSLoaded() {
     58      ok(true, "A CORS stylesheet with data: URI was correctly loaded.");
     59    }
     60 
     61    function good_correctHashOpaqueBlocked() {
     62      ok(true, "A non-CORS(Opaque) cross-domain stylesheet with correct hash was correctly blocked.");
     63    }
     64    function bad_correctHashOpaqueLoaded() {
     65      ok(false, "We should not load non-CORS(Opaque) cross-domain stylesheets with correct hashes!");
     66    }
     67  </script>
     68 
     69  <!-- valid CORS sha256 hash -->
     70  <link rel="stylesheet" href="http://example.com/tests/dom/security/test/sri/style1.css"
     71        crossorigin="anonymous"
     72        integrity="sha256-qs8lnkunWoVldk5d5E+652yth4VTSHohlBKQvvgGwa8="
     73        onerror="bad_correctHashCORSBlocked()"
     74        onload="good_correctHashCORSLoaded()">
     75 
     76  <!-- valid non-CORS sha256 hash -->
     77  <link rel="stylesheet" href="style_301.css"
     78        integrity="sha256-qs8lnkunWoVldk5d5E+652yth4VTSHohlBKQvvgGwa8="
     79        onerror="good_correctHashBlocked()"
     80        onload="bad_correctHashLoaded()">
     81 
     82  <!-- invalid non-CORS sha256 hash -->
     83  <link rel="stylesheet" href="style_301.css?again"
     84        integrity="sha256-bogus"
     85        onerror="good_incorrectHashBlocked()"
     86        onload="bad_incorrectHashLoaded()">
     87 
     88  <!-- valid non-CORS sha256 hash in a data: URL -->
     89  <link rel="stylesheet" href="data:text/css,.green-text{color:rgb(0, 255, 0)}"
     90        integrity="sha256-EhVtGGyovvffvYdhyqJxUJ/ekam7zlxxo46iM13cwP0="
     91        onerror="bad_correctDataBlocked()"
     92        onload="good_correctDataLoaded()">
     93 
     94  <!-- valid CORS sha256 hash in a data: URL -->
     95  <link rel="stylesheet" href="data:text/css,.blue-text{color:rgb(0, 0, 255)}"
     96        crossorigin="anonymous"
     97        integrity="sha256-m0Fs2hNSyPOn1030Dp+c8pJFHNmwpeTbB+8J/DcqLss="
     98        onerror="bad_correctDataCORSBlocked()"
     99        onload="good_correctDataCORSLoaded()">
    100 
    101  <!-- valid non-CORS sha256 hash -->
    102  <link rel="stylesheet" href="http://example.com/tests/dom/security/test/sri/style1.css"
    103        integrity="sha256-qs8lnkunWoVldk5d5E+652yth4VTSHohlBKQvvgGwa8="
    104        onerror="good_correctHashOpaqueBlocked()"
    105        onload="bad_correctHashOpaqueLoaded()">
    106 </head>
    107 <body>
    108 <p><span id="red-text">This should be red</span> but
    109  <span id="green-text" class="green-text">this should be green</span> and
    110  <span id="blue-text" class="blue-text">this should be blue</span></p>
    111 <p id="display"></p>
    112 <div id="content" style="display: none">
    113 </div>
    114 <pre id="test">
    115 </pre>
    116 </body>
    117 </html>