tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

ccd.sjs (3009B)

      1 const DEBUG_all_valid = false;
      2 const DEBUG_all_stub = false;
      3 
      4 function handleRequest(request, response) {
      5   // Decode the query string to know what test we're doing.
      6 
      7   // character 1: 'I' = text/css response, 'J' = text/html response
      8   let responseCSS = request.queryString[0] == "I";
      9 
     10   // character 2: redirection type - we only care about whether we're
     11   // ultimately same-origin with the requesting document ('A', 'D') or
     12   // not ('B', 'C').
     13   let sameOrigin =
     14     request.queryString[1] == "A" || request.queryString[1] == "D";
     15 
     16   // character 3: '1' = syntactically valid, '2' = invalid, '3' = http error
     17   let malformed = request.queryString[2] == "2";
     18   let httpError = request.queryString[2] == "3";
     19 
     20   // character 4: loaded with <link> or @import (no action required)
     21 
     22   // character 5: loading document mode: 'q' = quirks, 's' = standards
     23   let quirksMode = request.queryString[4] == "q";
     24 
     25   // Our response contains a CSS rule that selects an element whose
     26   // ID is the first four characters of the query string.
     27   let selector = "#" + request.queryString.substring(0, 4);
     28 
     29   // "Malformed" responses wrap the CSS rule in the construct
     30   //     <html>{} ... </html>
     31   // This mimics what the CSS parser might see if an actual HTML
     32   // document were fed to it.  Because CSS parsers recover from
     33   // errors by skipping tokens until they find something
     34   // recognizable, a style rule appearing where I wrote '...' above
     35   // will be honored!
     36   let leader = malformed ? "<html>{}" : "";
     37   let trailer = malformed ? "</html>" : "";
     38 
     39   // Standards mode documents will ignore the style sheet if it is being
     40   // served as text/html (regardless of its contents).  Quirks mode
     41   // documents will ignore the style sheet if it is being served as
     42   // text/html _and_ it is not same-origin.  Regardless, style sheets
     43   // are ignored if they come as the body of an HTTP error response.
     44   //
     45   // Style sheets that should be ignored paint the element red; those
     46   // that should be honored paint it lime.
     47   let color =
     48     (responseCSS || (quirksMode && sameOrigin)) && !httpError ? "lime" : "red";
     49 
     50   // For debugging the test itself, we have the capacity to make every style
     51   // sheet well-formed, or every style sheet do nothing.
     52   if (DEBUG_all_valid) {
     53     // In this mode, every test chip should turn blue.
     54     response.setHeader("Content-Type", "text/css");
     55     response.write(selector + "{background-color:blue}\n");
     56   } else if (DEBUG_all_stub) {
     57     // In this mode, every test chip for a case where the true test
     58     // sheet would be honored, should turn red.
     59     response.setHeader("Content-Type", "text/css");
     60     response.write(selector + "{}\n");
     61   } else {
     62     // Normal operation.
     63     if (httpError) {
     64       response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
     65     }
     66     response.setHeader("Content-Type", responseCSS ? "text/css" : "text/html");
     67     response.write(
     68       leader + selector + "{background-color:" + color + "}" + trailer + "\n"
     69     );
     70   }
     71 }