tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

subsumption_algorithm-host_sources-paths.html (2816B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4 <title>Embedded Enforcement: Subsumption Algorithm - Path parts in host source expressions.</title>
      5  <script src="/resources/testharness.js"></script>
      6  <script src="/resources/testharnessreport.js"></script>
      7  <script src="support/testharness-helper.sub.js"></script>
      8 </head>
      9 <body>
     10  <script>
     11    var tests = [
     12      { "name": "Returned CSP must specify a path.",
     13        "required_csp": "img-src http://c.com:* http://b.com/example.html",
     14        "returned_csp": "img-src http://b.com",
     15        "expected": IframeLoad.EXPECT_BLOCK },
     16      { "name": "Returned CSP has a more specific path.",
     17        "required_csp": "img-src http://c.com:* http://b.com",
     18        "returned_csp": "img-src http://b.com/example.html",
     19        "expected": IframeLoad.EXPECT_LOAD },
     20      { "name": "Matching paths.",
     21        "required_csp": "img-src http://c.com:* http://b.com/example.html",
     22        "returned_csp": "img-src http://b.com/example.html",
     23        "expected": IframeLoad.EXPECT_LOAD },
     24      { "name": "Empty path is not subsumed by specified paths.",
     25        "required_csp": "img-src http://b.com/page1.html http://b.com/page2.html http://b.com/page3.html",
     26        "returned_csp": "img-src http://b.com/",
     27        "expected": IframeLoad.EXPECT_BLOCK },
     28      { "name": "All specific paths match except the order.",
     29        "required_csp": "img-src http://b.com/page1.html http://b.com/page2.html http://b.com/page3.html",
     30        "returned_csp": "img-src http://b.com/page2.html http://b.com/page3.html http://b.com/page1.html",
     31        "expected": IframeLoad.EXPECT_LOAD },
     32      { "name": "Returned CSP allows only one path.",
     33        "required_csp": "img-src http://b.com/page1.html http://b.com/page2.html http://b.com/page3.html",
     34        "returned_csp": "img-src http://b.com/page2.html",
     35        "expected": IframeLoad.EXPECT_LOAD },
     36      { "name": "`/` path should be subsumed by an empty path.",
     37        "required_csp": "img-src http://b.com",
     38        "returned_csp": "img-src http://b.com/",
     39        "expected": IframeLoad.EXPECT_LOAD },
     40      { "name": "Unspecified path should be subsumed by `/`.",
     41        "required_csp": "img-src http://b.com/",
     42        "returned_csp": "img-src http://b.com",
     43        "expected": IframeLoad.EXPECT_LOAD },
     44      { "name": "That should not be true when required csp specifies a specific page.",
     45        "required_csp": "img-src http://b.com/path.html",
     46        "returned_csp": "img-src http://b.com",
     47        "expected": IframeLoad.EXPECT_BLOCK },
     48    ];
     49 
     50    tests.forEach(test => {
     51      async_test(t =>  {
     52        var url = generateUrlWithPolicies(Host.CROSS_ORIGIN, test.returned_csp);
     53        assert_iframe_with_csp(t, url, test.required_csp, test.expected, test.name, null);
     54      }, test.name);
     55    });
     56  </script>
     57 </body>
     58 </html>