tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

document-write-iframe.html (2858B)

      1 <!DOCTYPE html>
      2 <head>
      3  <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
      4  <script src="/resources/testharness.js"></script>
      5  <script src="/resources/testharnessreport.js"></script>
      6  <title>document.open() does not change Content Security Policies</title>
      7 </head>
      8 <body>
      9  <script>
     10    let message_from = (w) => {
     11      return new Promise(resolve => {
     12        let listener = msg => {
     13          if (msg.source != w)
     14            return;
     15          window.removeEventListener('message', listener);
     16          resolve(msg.data);
     17        };
     18        window.addEventListener('message', listener);
     19      });
     20    };
     21 
     22    var documentBody = function(should_load) {
     23      let image = should_load ? "pass.png" : "fail.png";
     24      return `
     25      <script>
     26        function loaded() {
     27          window.top.postMessage("loaded", '*');
     28        };
     29        window.addEventListener('securitypolicyviolation', function(e) {
     30          window.top.postMessage("blocked", '*');
     31        });
     32      </scr`+`ipt>
     33      <img src='/content-security-policy/support/${image}' onload='loaded()'>`;
     34    };
     35 
     36    promise_test(async () => {
     37      let iframe = document.createElement('iframe');
     38      let loaded = new Promise(resolve => iframe.onload = resolve);
     39      document.body.appendChild(iframe);
     40      await loaded;
     41 
     42      let msg = message_from(iframe.contentWindow);
     43      let doc = iframe.contentWindow.document;
     44      doc.open();
     45      doc.write("<html><body>" + documentBody(false) + "</body></html>");
     46      doc.close();
     47      assert_equals(await msg, "blocked");
     48    }, "document.open() keeps inherited CSPs on initial about:blank.");
     49 
     50    promise_test(async () => {
     51      let iframe = document.createElement('iframe');
     52      let loaded = new Promise(resolve => iframe.onload = resolve);
     53      iframe.src = "/common/blank.html";
     54      document.body.appendChild(iframe);
     55      await loaded;
     56 
     57      let msg = message_from(iframe.contentWindow);
     58      let doc = iframe.contentWindow.document;
     59      doc.open();
     60      doc.write("<html><body>" + documentBody(true) + "</body></html>");
     61      doc.close();
     62      assert_equals(await msg, "loaded");
     63    }, "document.open() does not change delivered CSPs.");
     64 
     65    promise_test(async () => {
     66      let iframe = document.createElement('iframe');
     67      iframe.src = "/common/blank.html";
     68      let loaded = false;
     69      iframe.onload = () => loaded = true;
     70      document.body.appendChild(iframe);
     71      assert_false(loaded, "iframe document should be transient");
     72 
     73      let msg = message_from(iframe.contentWindow);
     74      let doc = iframe.contentWindow.document;
     75      doc.open();
     76      doc.write("<html><body>" + documentBody(false) + "</body></html>");
     77      doc.close();
     78      assert_equals(await msg, "blocked");
     79    }, "document.open() keeps inherited CSPs on transient about:blank.");
     80 
     81  </script>
     82 </body>
     83 </html>