tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

report-original-url.sub.html (2423B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4  <script src="/resources/testharness.js"></script>
      5  <script src="/resources/testharnessreport.js"></script>
      6  <!-- CSP headers
      7       Content-Security-Policy: img-src {{location[scheme]}}://{{domains[www1]}}:{{ports[http][0]}}; script-src 'unsafe-inline' 'self'; report-uri /reporting/resources/report.py?op=put&reportID=$id
      8       -->
      9 </head>
     10 <body>
     11 <script>
     12 function createListener(expectedURL, test) {
     13    var listener = test.step_func(e => {
     14        if (e.blockedURI == expectedURL) {
     15            document.removeEventListener('securitypolicyviolation', listener);
     16            test.done();
     17        }
     18    });
     19    document.addEventListener('securitypolicyviolation', listener);
     20 }
     21 
     22 async_test(t => {
     23    var i = document.createElement('img');
     24    createListener("{{location[scheme]}}://{{location[host]}}/content-security-policy/support/fail.png?t=1", t);
     25    i.src = "{{location[scheme]}}://{{location[host]}}/content-security-policy/support/fail.png?t=1";
     26 }, "Direct block, same-origin = full URL in report");
     27 
     28 async_test(t => {
     29    var i = document.createElement('img');
     30    createListener("{{location[scheme]}}://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/fail.png?t=2", t);
     31    i.src = "{{location[scheme]}}://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/fail.png?t=2";
     32 }, "Direct block, cross-origin = full URL in report");
     33 
     34 async_test(t => {
     35    var i = document.createElement('img');
     36    var url = "{{location[scheme]}}://{{domains[www1]}}:{{ports[http][0]}}/common/redirect.py?location=" + encodeURIComponent("{{location[scheme]}}://{{location[host]}}/content-security-policy/support/fail.png?t=3");
     37    createListener(url, t);
     38    i.src = url;
     39 }, "Block after redirect, same-origin = original URL in report");
     40 
     41 async_test(t => {
     42    var i = document.createElement('img');
     43    var url = "{{location[scheme]}}://{{domains[www1]}}:{{ports[http][0]}}/common/redirect.py?location=" + encodeURIComponent("{{location[scheme]}}://{{domains[www2]}}:{{ports[http][0]}}/content-security-policy/support/fail.png?t=4");
     44    createListener(url, t);
     45    i.src = url;
     46 }, "Block after redirect, cross-origin = original URL in report");
     47 </script>
     48 
     49 <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=img-src {{location[scheme]}}%3A%2F%2F{{domains[www1]}}%3A{{ports[http][0]}}'></script>
     50 </body>
     51 </html>