tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

cross-partition-self-fetch.https.html (3016B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <meta name="timeout" content="long">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/get-host-info.sub.js"></script>
      7 <script src="/common/utils.js"></script>
      8 <script src="/common/dispatcher/dispatcher.js"></script>
      9 <!-- Pull in executor_path needed by newPopup / newIframe -->
     10 <script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"></script>
     11 <!-- Pull in importScript / newPopup / newIframe -->
     12 <script src="/html/anonymous-iframe/resources/common.js"></script>
     13 <script src="resources/common.js"></script>
     14 <body>
     15 <script>
     16 
     17 // Creates a Blob URL for an HTML document that fetches itself and sends the result to the
     18 // specified response queue UUID. This is somewhat contrived but aims to test a more common
     19 // scenario where a Blob URL with a video/audio mime type is navigated to and has an HTML document
     20 // created for to allow media controls to be present. In that scenario the Blob URL will be used
     21 // via a "src" attribute, resulting in a first-party resource load.
     22 const create_blob_url_and_send_js = (fetch_response_uuid, iframe_response_uuid) => `
     23  const blob_url_iframe_html = \`
     24    <!doctype html>
     25    <base href="\${window.location.href}">
     26    <script src="/html/cross-origin-embedder-policy/credentialless/resources/common.js"><\/script>
     27    <script src="/html/anonymous-iframe/resources/common.js"><\/script>
     28    <script src="/common/utils.js"><\/script>
     29    <script src="/common/dispatcher/dispatcher.js"><\/script>
     30    <script>
     31      (async () => {
     32        try {
     33          const response = await fetch(window.location.href);
     34          await response.text();
     35          send("${fetch_response_uuid}", "success");
     36        } catch (e) {
     37          send("${fetch_response_uuid}", "failure");
     38        }
     39      })();
     40    <\/script>
     41  \`;
     42  const blob = new Blob([blob_url_iframe_html], {type: 'text/html'});
     43  const blob_url = URL.createObjectURL(blob);
     44  send("${iframe_response_uuid}", blob_url);
     45 `;
     46 
     47 promise_test(t => {
     48  return new Promise(async (resolve, reject) => {
     49    try {
     50      const iframe_response_uuid = token();
     51      const fetch_response_uuid = token();
     52      const response_queue_uuid = token();
     53 
     54      const [cross_site_iframe_uuid, same_site_iframe_uuid] =
     55            await create_test_iframes(t, response_queue_uuid);
     56 
     57      await send(cross_site_iframe_uuid,
     58                 create_blob_url_and_send_js(fetch_response_uuid, iframe_response_uuid));
     59 
     60      const blob_url = await receive(iframe_response_uuid);
     61 
     62      window.open(blob_url);
     63 
     64      const fetch_result = await receive(fetch_response_uuid);
     65 
     66      assert_equals(fetch_result, "success", "Blob URL created in a cross-partition context should be able to fetch itself in a same-partition context.");
     67 
     68      resolve();
     69    } catch (e) {
     70      reject(e);
     71    }
     72  });
     73 }, "Blob URL created in a cross-partition context can fetch itself in a same-partition context.");
     74 
     75 </script>
     76 </body>