helper.js (1546B)
1 // Typical CSP hashes are: 2 // 'sha256-N5bidCKdNO1nSPa1G7MdL6S7Y7MKZ7UMIS/40JBMSe4=' ==> javascript:opener.navigated(); 3 // 'sha256-l0Wxf12cHMZT6UQ2zsQ7AcFSb6Y198d37Ki8zWITecM=' ==> javascript:navigated(); 4 5 function runTest(navigationShouldAllowed, navigationMethod, description) { 6 const t1 = async_test( 7 'javascript: navigation using ' + navigationMethod + ' should be ' + 8 (navigationShouldAllowed ? 'allowed' : 'refused') + description); 9 10 if (navigationShouldAllowed) { 11 window.navigated = () => t1.done(); 12 window.addEventListener('securitypolicyviolation', 13 t1.unreached_func('Should have not raised any event')); 14 } else { 15 window.navigated = 16 t1.unreached_func('Should not have run javascript: URL'); 17 window.addEventListener('securitypolicyviolation', 18 t1.step_func_done(function(e) { 19 assert_equals(e.violatedDirective, 'script-src-elem'); 20 assert_equals(e.blockedURI, 'inline'); 21 })); 22 } 23 24 if (navigationMethod === '<a href target=_blank>') { 25 const a = document.createElement('a'); 26 a.setAttribute('target', '_blank'); 27 a.setAttribute('rel', 'opener'); 28 a.setAttribute('href', 'javascript:opener.navigated();'); 29 document.body.appendChild(a); 30 a.click(); 31 } 32 else if (navigationMethod === '<a href>') { 33 const a = document.createElement('a'); 34 a.setAttribute('href', 'javascript:navigated();'); 35 document.body.appendChild(a); 36 a.click(); 37 } else { 38 t1.unreached_func('Invalid navigationMethod: ' + navigationMethod)(); 39 } 40 }