tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

source-file.html (3040B)

      1 <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';" />
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/testharnessreport.js"></script>
      4 <script>
      5 
      6 const policy = trustedTypes.createPolicy("sample", {createScript: x => x});
      7 
      8 // Check CSP violated by a script originating from |input| returns a CSP
      9 // violation whose sourceFile is |output|.
     10 const testSourceFile = (description, input, output) => {
     11  promise_test(async test => {
     12    // Listen for TrustedType violation.
     13    const violation = new Promise(resolve => {
     14      document.addEventListener("securitypolicyviolation", e => {
     15        resolve(e);
     16      }, {once: true});
     17    });
     18 
     19    // A trusted script using a customized sourceURL. The script's execution
     20    // itself will trigger a TrustedType violation.
     21    const trusted_script = policy.createScript(`
     22      eval('');
     23      //# sourceURL=${input}
     24    `)
     25    assert_throws_js(EvalError, _ => eval(trusted_script));
     26    assert_equals((await violation).sourceFile, output);
     27  }, description);
     28 };
     29 
     30 testSourceFile("Basic HTTPS URL",
     31               "http://dummy.test/script1.js",
     32               "http://dummy.test/script1.js");
     33 
     34 testSourceFile("Basic HTTP URL",
     35               "https://dummy.test/script1.js",
     36               "https://dummy.test/script1.js");
     37 
     38 testSourceFile("Basic WSS URL",
     39               "wss://dummy.test/script1.js",
     40               "wss://dummy.test/script1.js");
     41 
     42 testSourceFile("Basic WS URL",
     43               "ws://dummy.test/script1.js",
     44               "ws://dummy.test/script1.js");
     45 
     46 testSourceFile("Fragment",
     47               "https://dummy.test/script1.js#frag",
     48               "https://dummy.test/script1.js");
     49 
     50 testSourceFile("Query",
     51               "https://dummy.test/script1.js?query",
     52               "https://dummy.test/script1.js");
     53 
     54 testSourceFile("Port",
     55               "https://dummy.test:8080/script1.js",
     56               "https://dummy.test:8080/script1.js");
     57 
     58 testSourceFile("User:password",
     59               "https://user:password@dummy.test/script1.js",
     60               "https://dummy.test/script1.js");
     61 
     62 testSourceFile("User",
     63               "https://user@dummy.test/script1.js",
     64               "https://dummy.test/script1.js");
     65 
     66 testSourceFile("Invalid URL",
     67               "script2.js",
     68               "");
     69 
     70 testSourceFile("file:",
     71               "file:///temp/script3.js",
     72               "file");
     73 
     74 testSourceFile("Custom protocol",
     75               "webpack://node_modules/sample/script4.js",
     76               "webpack");
     77 
     78 testSourceFile("about:blank",
     79               "about:blank",
     80               "about");
     81 
     82 testSourceFile("about:custom",
     83               "about:custom",
     84               "about");
     85 
     86 testSourceFile("data:",
     87               "data:text/html;charset=utf8,<html></html>",
     88               "data");
     89 
     90 testSourceFile("blob:",
     91               "blob:http://test.test/012345-6789-abcd-efab-0123456789",
     92               "blob");
     93 
     94 testSourceFile("javascript:",
     95               "javascript:void(0)",
     96               "javascript");
     97 
     98 </script>