[ tor-browser ].git.dasho

dangling-html-or-body.html (1150B)

      1 <!DOCTYPE html>
      2 <script src="/resources/testharness.js" nonce="secret"></script>
      3 <script src="/resources/testharnessreport.js" nonce="secret"></script>
      4 
      5 <!-- `Content-Security-Policy: script-src 'nonce-secret'` delivered via headers -->
      6 
      7 <body>
      8  <style>body[nonce*=secret]{background:url(/security/resources/abe.png);}</style>
      9  <body
     10  <script nonce="secret" src="https://example.com/good.js"></script>
     11  <script nonce="secret">
     12    test(t => {
     13      const body = document.querySelector('body');
     14      var style = getComputedStyle(body);
     15      assert_equals(style['background-image'], 'none');
     16    }, "Nonces don't leak via CSS side-channels when a dangling body is injected.");
     17  </script>
     18 
     19  <style>html[nonce*=secret]{background:url(/security/resources/abe.png);}</style>
     20  <html
     21  <script nonce="secret" src="https://example.com/good.js"></script>
     22  <script nonce="secret">
     23    test(t => {
     24      const html = document.querySelector('html');
     25      var style = getComputedStyle(html);
     26      assert_equals(style['background-image'], 'none');
     27    }, "Nonces don't leak via CSS side-channels when a dangling html is injected.");
     28  </script>
     29 </body>

	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE