tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

testharness-helper.js (4887B)

      1 function assert_no_csp_event_for_url(test, url) {
      2  self.addEventListener("securitypolicyviolation", test.step_func(e => {
      3    if (e.blockedURI !== url)
      4      return;
      5    assert_unreached("SecurityPolicyViolation event fired for " + url);
      6  }));
      7 }
      8 
      9 function assert_no_event(test, obj, name) {
     10  obj.addEventListener(name, test.unreached_func("The '" + name + "' event should not have fired."));
     11 }
     12 
     13 function waitUntilCSPEventForURLOrLine(test, url, line) {
     14  return new Promise((resolve, reject) => {
     15    self.addEventListener("securitypolicyviolation", test.step_func(e => {
     16      if (e.blockedURI == url && (!line || line == e.lineNumber))
     17        resolve(e);
     18    }));
     19  });
     20 }
     21 
     22 function waitUntilCSPEventForURL(test, url) {
     23  return waitUntilCSPEventForURLOrLine(test, url);
     24 }
     25 
     26 function waitUntilCSPEventForEval(test, line) {
     27  return waitUntilCSPEventForURLOrLine(test, "eval", line);
     28 }
     29 
     30 function waitUntilCSPEventForTrustedTypes(test) {
     31  return waitUntilCSPEventForURLOrLine(test, "trusted-types-sink");
     32 }
     33 
     34 function waitUntilEvent(obj, name) {
     35  return new Promise((resolve, reject) => {
     36    obj.addEventListener(name, resolve);
     37  });
     38 }
     39 
     40 // Given the URL of a worker that pings its opener upon load, this
     41 // function builds a test that asserts that the ping is received,
     42 // and that no CSP event fires.
     43 function assert_worker_is_loaded(url, description, expected_message = "ping") {
     44  async_test(t => {
     45    assert_no_csp_event_for_url(t, url);
     46    var w = new Worker(url);
     47    assert_no_event(t, w, "error");
     48    waitUntilEvent(w, "message")
     49      .then(t.step_func_done(e => {
     50        assert_equals(e.data, expected_message);
     51      }));
     52  }, description);
     53 }
     54 
     55 function assert_shared_worker_is_loaded(url, description, expected_message = "ping") {
     56  async_test(t => {
     57    assert_no_csp_event_for_url(t, url);
     58    var w = new SharedWorker(url);
     59    assert_no_event(t, w, "error");
     60    waitUntilEvent(w.port, "message")
     61      .then(t.step_func_done(e => {
     62        assert_equals(e.data, expected_message);
     63      }));
     64    w.port.start();
     65  }, description);
     66 }
     67 
     68 function assert_service_worker_is_loaded(url, description) {
     69  promise_test(t => {
     70    assert_no_csp_event_for_url(t, url);
     71    return Promise.all([
     72      waitUntilEvent(navigator.serviceWorker, "message")
     73        .then(e => {
     74          assert_equals(e.data, "ping");
     75        }),
     76      navigator.serviceWorker.register(url, { scope: url })
     77        .then(r => {
     78          var sw = r.active || r.installing || r.waiting;
     79          t.add_cleanup(_ => r.unregister());
     80          sw.postMessage("pong?");
     81        })
     82    ]);
     83  }, description);
     84 }
     85 
     86 // Given the URL of a worker that pings its opener upon load, this
     87 // function builds a test that asserts that the an error event is
     88 // fired on the worker, and that a CSP event fires.
     89 function assert_worker_is_blocked(url, description) {
     90  async_test(t => {
     91    var w = new Worker(url);
     92    w.onmessage = t.unreached_func("Ping should not be sent.");
     93    // If |url| is a blob, it will be stripped down to "blob" for reporting.
     94    var reportedURL = new URL(url).protocol == "blob:" ? "blob" : url;
     95    Promise.all([
     96      waitUntilCSPEventForURL(t, reportedURL)
     97        .then(t.step_func(e => {
     98          assert_equals(e.blockedURI, reportedURL);
     99          assert_equals(e.violatedDirective, "worker-src");
    100          assert_equals(e.effectiveDirective, "worker-src");
    101        })),
    102      waitUntilEvent(w, "error")
    103    ]).then(t.step_func_done());
    104  }, description);
    105 }
    106 
    107 function assert_shared_worker_is_blocked(url, description) {
    108  async_test(t => {
    109    var w = new SharedWorker(url);
    110    w.onmessage = t.unreached_func("Ping should not be sent.");
    111    // If |url| is a blob, it will be stripped down to "blob" for reporting.
    112    var reportedURL = new URL(url).protocol == "blob:" ? "blob" : url;
    113    Promise.all([
    114      waitUntilCSPEventForURL(t, reportedURL)
    115        .then(t.step_func(e => {
    116          assert_equals(e.blockedURI, reportedURL);
    117          assert_equals(e.violatedDirective, "worker-src");
    118          assert_equals(e.effectiveDirective, "worker-src");
    119        })),
    120      waitUntilEvent(w, "error")
    121    ]).then(t.step_func_done());
    122  }, description);
    123 }
    124 
    125 function assert_service_worker_is_blocked(url, description) {
    126  promise_test(t => {
    127    assert_no_event(t, navigator.serviceWorker, "message");
    128    // If |url| is a blob, it will be stripped down to "blob" for reporting.
    129    var reportedURL = new URL(url).protocol == "blob:" ? "blob" : url;
    130    return Promise.all([
    131      waitUntilCSPEventForURL(t, reportedURL)
    132        .then(t.step_func_done(e => {
    133          assert_equals(e.blockedURI, reportedURL);
    134          assert_equals(e.violatedDirective, "worker-src");
    135          assert_equals(e.effectiveDirective, "worker-src");
    136        })),
    137      promise_rejects_dom(t, "SecurityError", navigator.serviceWorker.register(url, { scope: url }))
    138    ]);
    139  }, description);
    140 }