tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

feature-policy-frame-policy-timing.https.sub.html (3090B)

      1 <!doctype html>
      2 <html>
      3  <header>
      4    <title>allow/sandbox attr changed after document creation, before response</title>
      5    <script src=/resources/testharness.js></script>
      6    <script src=/resources/testharnessreport.js></script>
      7    <script>
      8        let lastCallbackId = 0;
      9        const callbacks = {};
     10 
     11        function postMessageToFrame(frame, cb, id) {
     12          callbacks[id] = cb;
     13          frame.contentWindow.postMessage('test', '*');
     14          step_timeout(() => {
     15            if (id in callbacks) {
     16              callbacks[id]('timeout');
     17              delete callbacks[id];
     18            }
     19          }, 1000);
     20        }
     21 
     22        window.onmessage = function(e) {
     23          const message = e.data;
     24          const id = message['id'];
     25          const callback = callbacks[id];
     26          delete callbacks[id];
     27          callback(message.result);
     28        };
     29        // @param {string} url
     30        // @param {Function} iframe_pre_nav_callback - a callback with signature (iframe) => () which gets
     31        //                                            triggered before setting src attribute.
     32        // @param {Function} iframe_post_nav_callback - a callback with signature (iframe) => () which gets
     33        //                                             triggered after setting src attribute but before commit
     34        //                                             of navigation.
     35        // @param {Function} result_handler - a callback that handles the result posted back from iframe.
     36        // @param {string} test_name
     37        function timing_test(url,
     38          iframe_pre_nav_callback,
     39          iframe_post_nav_callback,
     40          result_handler, test_name) {
     41          async_test((t) => {
     42            var id = ++lastCallbackId;
     43            const iframe = document.createElement('iframe');
     44            document.body.appendChild(iframe);
     45            callbacks[id] = t.step_func((result) => {
     46              assert_equals(result, 'ready');
     47              iframe_post_nav_callback(iframe);
     48              postMessageToFrame(iframe, t.step_func_done(result_handler), id);
     49            });
     50            iframe_pre_nav_callback(iframe);
     51            iframe.src = url + '?id=' + id;
     52          }, test_name);
     53        }
     54 
     55        const path = location.pathname.substring(0, location.pathname.lastIndexOf('/') + 1);
     56        const same_origin = path;
     57        const cross_origin = "https://{{domains[www1]}}:{{ports[https][0]}}" + path;
     58 
     59        const cameraUrl = 'feature-policy-frame-policy-timing-iframe-camera.https.sub.html';
     60        function disallowCamera(iframe) { iframe.allow = "camera 'none'"; }
     61        function allowCamera(iframe) { iframe.allow = 'camera *'; }
     62        function verifyCamera(result) { assert_equals(result, 'NotAllowedError'); }
     63        timing_test(same_origin + cameraUrl, disallowCamera, allowCamera, verifyCamera, 'allow attr timing test same origin');
     64        timing_test(cross_origin + cameraUrl, disallowCamera, allowCamera, verifyCamera, 'allow attr timing test diff origin');
     65        </script>
     66  </header>
     67  <body>
     68    <div id="log"></div>
     69  </body>
     70 </html>