tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

dedicatedworker-script-src.html (2155B)

      1 <!DOCTYPE html>
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/testharnessreport.js"></script>
      4 <!-- Test the 'script-src' directive on dedicated workers -->
      5 <script nonce="a">
      6  let reportCookieName = location.pathname.split('/')[
      7    location.pathname.split('/').length - 1].split('.')[0];
      8  let reportID = document.cookie.split('; ')
      9      .find(cookie => cookie.startsWith(reportCookieName + '='))
     10      .split('=')[1].trim();
     11 
     12  promise_test(async t => {
     13    // Dedicated workers do not inherit CSP in general.
     14    await fetch_tests_from_worker(
     15      new Worker("./support/script-src-allow.sub.js"));
     16 
     17    // Dedicated workers honor CSP received in their response headers.
     18    await fetch_tests_from_worker(
     19      new Worker(
     20        `./support/script-src-self.sub.js?id=${reportID}` +
     21          `&test-name=script-src 'self'` +
     22          `&pipe=sub|header(Content-Security-Policy,` +
     23          `script-src 'self' ; report-uri ` +
     24          `/reporting/resources/report.py?op=put%26reportID=${reportID})`));
     25 
     26 
     27    let blob = await fetch(`./support/script-src-self.sub.js?id=${reportID}` +
     28                        `&test-name=script-src 'self'`)
     29        .then(r => r.blob());
     30 
     31    // 'blob:' URL workers inherit CSP.
     32    let blob_url = URL.createObjectURL(blob);
     33    await fetch_tests_from_worker(new Worker(blob_url));
     34 
     35    if (window.webkitRequestFileSystem) {
     36      // 'filesystem:' URL workers inherit CSP.
     37      let fs = await new Promise(resolve =>
     38        window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, resolve));
     39 
     40      let fs_entry = await new Promise(resolve =>
     41        fs.root.getFile('dedicated-script-src.js',
     42                        { create: true }, resolve));
     43 
     44      let writer = await new Promise(resolve => fs_entry.createWriter(resolve));
     45 
     46      writer.onerror = t.unreached_func("Could not write to filesystem entry");
     47 
     48      writer.write(blob);
     49      await new Promise(resolve => writer.onwriteend = resolve);
     50 
     51      let fs_url = fs_entry.toURL();
     52      await fetch_tests_from_worker(new Worker(fs_url));
     53 
     54      await new Promise(resolve => fs_entry.remove(resolve));
     55    }
     56  });
     57 </script>