tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

iframe-srcdoc-history-inheritance.html (2335B)

      1 <!DOCTYPE html>
      2 <head>
      3  <script src="/resources/testharness.js"></script>
      4  <script src="/resources/testharnessreport.js"></script>
      5 </head>
      6 
      7 <body>
      8 <iframe></iframe>
      9 <script>
     10 promise_test(async t => {
     11  // Wait for the page to load + one task so that navigations from here on are
     12  // not done in "replace" mode.
     13  await new Promise(resolve => window.onload = () => t.step_timeout(resolve, 0));
     14  const iframe = document.querySelector('iframe');
     15 
     16  iframe.srcdoc = `
     17    <h1>This is a dummy page that should not store the inherited policy
     18    container in this history entry</h1>
     19  `;
     20 
     21  await new Promise(resolve => iframe.onload = () => t.step_timeout(resolve, 0));
     22 
     23  // Navigate the iframe away.
     24  iframe.contentWindow.location.href = "/common/blank.html";
     25  await new Promise(resolve => iframe.onload = resolve);
     26 
     27  // Tighten the outer page's security policy.
     28  const meta = document.createElement("meta");
     29  meta.setAttribute("http-equiv", "Content-Security-Policy");
     30  meta.setAttribute("content", "img-src 'none'");
     31  document.head.append(meta);
     32 
     33  // Navigate the iframe back to the `about:srcdoc` page (this should work
     34  // independent of whether the implementation stores the srcdoc contents in the
     35  // history entry or reclaims it from the attribute).
     36  iframe.contentWindow.history.back();
     37  await new Promise(resolve => iframe.onload = resolve);
     38 
     39  const img = iframe.contentDocument.createElement('img');
     40 
     41  const promise = new Promise((resolve, reject) => {
     42    img.onload = resolve;
     43    // If the img is blocked because of Content Security Policy, a violation
     44    // should be reported first, and the test will fail. If for some other
     45    // reason the error event is fired without the violation being reported,
     46    // something else went wrong, hence the test should fail.
     47    img.error = e => {
     48      reject(new Error("The srcdoc iframe's img failed to load but not due to " +
     49                       "a CSP violation"));
     50    };
     51    iframe.contentDocument.onsecuritypolicyviolation = e => {
     52      reject(new Error("The srcdoc iframe's img has been blocked by the " +
     53        "new CSP. It means it was different and wasn't restored from history"));
     54    };
     55  });
     56  // The srcdoc iframe tries to load an image, which should succeed.
     57  img.src = "/common/square.png";
     58 
     59  return promise;
     60 });
     61 </script>
     62 </body>
     63 </html>