tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

can-load-api.https.html (3252B)

      1 <!DOCTYPE html>
      2 <title>Test canLoadOpaqueURL API</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/common/utils.js"></script>
      6 <script src="/common/dispatcher/dispatcher.js"></script>
      7 <script src="resources/utils.js"></script>
      8 
      9 <body>
     10 <script>
     11 async function runTest(expected_result, generator_api, attribute_list, header_list, use_fencedframe=false) {
     12  const frame = use_fencedframe ?
     13      await attachFencedFrameContext({generator_api: generator_api, attributes:attribute_list, headers:header_list}) :
     14      await attachIFrameContext({generator_api: generator_api, attributes:attribute_list, headers:header_list});
     15  await frame.execute(async (expected_result, attribute_list) => {
     16    assert_equals(navigator.canLoadAdAuctionFencedFrame(), expected_result,
     17    "A frame with attributes " + attribute_list + " should return " +
     18    expected_result + " for canLoadOpaqueURL.");
     19  }, [expected_result, attribute_list]);
     20 }
     21 
     22 promise_test(async(t) => {
     23  assert_true(navigator.canLoadAdAuctionFencedFrame());
     24 }, 'canLoadOpaqueURL called on a page that can load a FF should return true');
     25 
     26 promise_test(async(t) => {
     27  await runTest(true, "sharedstorage",
     28     [["width", "300"],
     29      ["height", "200"]],
     30      [], use_fencedframe=true);
     31 }, 'canLoadOpaqueURL returns true inside an opaque-ads fenced frame');
     32 
     33 promise_test(async(t) => {
     34  await runTest(false, "default", [], [], use_fencedframe=true);
     35 }, 'canLoadOpaqueURL returns false inside an default fenced frame');
     36 
     37 promise_test(async(t) => {
     38  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src *"]]);
     39  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src https:"]]);
     40  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src https://*:*"]]);
     41 }, 'canLoadOpaqueURL returns true for all 3 fenced-frame-src allowed values');
     42 
     43 promise_test(async(t) => {
     44  await runTest(true, "default", [], [["Content-Security-Policy", "fenced-frame-src *; frame-src 'self'"]]);
     45  await runTest(false, "default", [], [["Content-Security-Policy", "fenced-frame-src 'self'; frame-src *"]]);
     46  await runTest(true, "default", [], [["Content-Security-Policy", "child-src 'self'; fenced-frame-src https:"]]);
     47  await runTest(false, "default", [], [["Content-Security-Policy", "child-src *; fenced-frame-src 'self'"]]);
     48 }, 'canLoadOpaqueURL ignores fallback CSPs');
     49 
     50 promise_test(async(t) => {
     51  await runTest(true, "default", [], [["Content-Security-Policy", "img-src 'none';"]]);
     52  await runTest(true, "default", [], [["Content-Security-Policy", "font-src 'none';"]]);
     53 }, 'canLoadOpaqueURL ignores unrelated CSPs');
     54 
     55 promise_test(async(t) => {
     56  const iframe = attachIFrame("resources/dummy.html");
     57  const iframe_ff_class = iframe.contentWindow.HTMLFencedFrameElement;
     58 
     59  // Sanity check to make sure the function returns true as we expect it to
     60  // before we remove the frame.
     61  assert_true(iframe_ff_class.canLoadOpaqueURL());
     62 
     63  // The one variable we're changing is whether the frame is attached or not.
     64  iframe.remove();
     65  assert_false(iframe_ff_class.canLoadOpaqueURL());
     66 }, 'canLoadOpaqueURL returns false in a detached frame');
     67 </script>
     68 </body>