tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_csp.js (1292B)

      1 /**
      2 * Any copyright is dedicated to the Public Domain.
      3 * http://creativecommons.org/publicdomain/zero/1.0/
      4 */
      5 var tests = 3;
      6 
      7 SimpleTest.waitForExplicitFinish();
      8 
      9 testDone = function (event) {
     10  if (!--tests) {
     11    SimpleTest.finish();
     12  }
     13 };
     14 
     15 // Workers don't inherit CSP
     16 worker = new Worker("csp_worker.js");
     17 worker.postMessage({ do: "eval" });
     18 worker.onmessage = function (event) {
     19  is(event.data, 42, "Eval succeeded!");
     20  testDone();
     21 };
     22 
     23 // blob: workers *do* inherit CSP
     24 xhr = new XMLHttpRequest();
     25 xhr.open("GET", "csp_worker.js");
     26 xhr.responseType = "blob";
     27 xhr.send();
     28 xhr.onload = e => {
     29  uri = URL.createObjectURL(e.target.response);
     30  worker = new Worker(uri);
     31  worker.postMessage({ do: "eval" });
     32  worker.onmessage = function (event) {
     33    is(event.data, "EvalError: call to eval() blocked by CSP", "Eval threw");
     34    testDone();
     35  };
     36 };
     37 
     38 xhr = new XMLHttpRequest();
     39 xhr.open("GET", "csp_worker.js");
     40 xhr.responseType = "blob";
     41 xhr.send();
     42 xhr.onload = e => {
     43  uri = URL.createObjectURL(e.target.response);
     44  worker = new Worker(uri);
     45  worker.postMessage({ do: "nest", uri, level: 3 });
     46  worker.onmessage = function (event) {
     47    is(
     48      event.data,
     49      "EvalError: call to eval() blocked by CSP",
     50      "Eval threw in nested worker"
     51    );
     52    testDone();
     53  };
     54 };