tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

helper.js (1546B)


      1 // Typical CSP hashes are:
      2 // 'sha256-N5bidCKdNO1nSPa1G7MdL6S7Y7MKZ7UMIS/40JBMSe4=' ==> javascript:opener.navigated();
      3 // 'sha256-l0Wxf12cHMZT6UQ2zsQ7AcFSb6Y198d37Ki8zWITecM=' ==> javascript:navigated();
      4 
      5 function runTest(navigationShouldAllowed, navigationMethod, description) {
      6  const t1 = async_test(
      7    'javascript: navigation using ' + navigationMethod + ' should be ' +
      8    (navigationShouldAllowed ? 'allowed' : 'refused') + description);
      9 
     10  if (navigationShouldAllowed) {
     11    window.navigated = () => t1.done();
     12    window.addEventListener('securitypolicyviolation',
     13        t1.unreached_func('Should have not raised any event'));
     14  } else {
     15    window.navigated =
     16        t1.unreached_func('Should not have run javascript: URL');
     17    window.addEventListener('securitypolicyviolation',
     18        t1.step_func_done(function(e) {
     19            assert_equals(e.violatedDirective, 'script-src-elem');
     20            assert_equals(e.blockedURI, 'inline');
     21        }));
     22  }
     23 
     24  if (navigationMethod === '<a href target=_blank>') {
     25    const a = document.createElement('a');
     26    a.setAttribute('target', '_blank');
     27    a.setAttribute('rel', 'opener');
     28    a.setAttribute('href', 'javascript:opener.navigated();');
     29    document.body.appendChild(a);
     30    a.click();
     31  }
     32  else if (navigationMethod === '<a href>') {
     33    const a = document.createElement('a');
     34    a.setAttribute('href', 'javascript:navigated();');
     35    document.body.appendChild(a);
     36    a.click();
     37  } else {
     38    t1.unreached_func('Invalid navigationMethod: ' + navigationMethod)();
     39  }
     40 }