tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

location-hash.sub.html (2511B)

      1 <!doctype html>
      2 <meta charset=utf-8>
      3 <title></title>
      4 <script src=/resources/testharness.js></script>
      5 <script src=/resources/testharnessreport.js></script>
      6 <script>
      7 
      8 setup({ single_test: true });
      9 
     10 let CROSS_ORIGIN_HOST = "{{hosts[alt][]}}";
     11 let sameOriginLocation1;
     12 let crossOriginLocation;
     13 let sameOriginLocation2;
     14 
     15 // Load first a same origin page to an iframe and store its location, then
     16 // do the same for a cross origin page and then again for a same origin page.
     17 // Check whether accessing .hash works and what the value is.
     18 // Then remove the iframe and check .hash accesses again.
     19 
     20 function runTest() {
     21  let ifr = document.createElement("iframe");
     22  ifr.src = "resources/blank.html";
     23  ifr.onload = function() {
     24    sameOriginLocation1 = ifr.contentWindow.location;
     25    let initialHref = sameOriginLocation1.href;
     26    assert_equals(sameOriginLocation1.hash, "");
     27    sameOriginLocation1.hash = "1";
     28    assert_equals(sameOriginLocation1.hash, "#1");
     29    let exceptionConstructor = ifr.contentWindow.DOMException;
     30    ifr.onload = function() {
     31      crossOriginLocation = ifr.contentWindow.location;
     32      assert_throws_dom("SecurityError", () => crossOriginLocation.hash,
     33                        "Accessing cross origin location.hash should throw");
     34      assert_throws_dom("SecurityError", exceptionConstructor, () => sameOriginLocation1.hash,
     35                        "Accessing cross origin location.hash should throw");
     36 
     37      crossOriginLocation.href = initialHref;
     38      ifr.onload = function() {
     39        sameOriginLocation2 = ifr.contentWindow.location;
     40        assert_not_equals(sameOriginLocation1, sameOriginLocation2);
     41        assert_equals(sameOriginLocation1.hash, "");
     42        assert_equals(sameOriginLocation2.hash, "");
     43        assert_throws_dom("SecurityError", () => crossOriginLocation.hash,
     44                          "Accessing cross origin location.hash should throw");
     45        sameOriginLocation2.hash = "2";
     46        assert_equals(sameOriginLocation2.hash, "#2");
     47        assert_equals(sameOriginLocation1.hash, "#2");
     48 
     49        ifr.remove();
     50        assert_throws_dom("SecurityError", () => crossOriginLocation.hash,
     51                  "Accessing cross origin location.hash should throw");
     52        assert_equals(sameOriginLocation2.hash, "");
     53        assert_equals(sameOriginLocation1.hash, "");
     54        done();
     55      }
     56    }
     57    sameOriginLocation1.host = CROSS_ORIGIN_HOST;
     58  }
     59  document.body.appendChild(ifr);
     60 }
     61 
     62 window.onload = function() {
     63  setTimeout(runTest);
     64 }
     65 
     66 </script>