tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

echo-eval-with-policy.py (732B)


      1 def main(request, response):
      2    policy = request.GET.first(b"policy")
      3    return [(b"Content-Type", b"text/html"), (b"Content-Security-Policy", policy)], b"""
      4 <!DOCTYPE html>
      5 <html>
      6 <script>
      7 function check_eval(context) {
      8  context.eval_check_variable = 0;
      9  try {
     10    id = context.eval("eval_check_variable + 1");
     11  } catch (e) {
     12    if (e instanceof EvalError) {
     13      if (context.eval_check_variable === 0)
     14        return "blocked";
     15      else
     16        return "EvalError exception, but eval was executed";
     17    } else {
     18      return "Unexpected exception: " + e.message;
     19    }
     20  }
     21  return "allowed";
     22 }
     23 
     24 window.parent.postMessage({
     25  evalInIframe: check_eval(window),
     26  evalInParent: check_eval(parent),
     27 });
     28 </script>
     29 </html>
     30 """