tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

disallowed-navigations-dangling-markup-urn.https.html (2457B)

      1 <!DOCTYPE html>
      2 <title>Fenced frame disallowed navigations with potentially-dangling markup</title>
      3 <meta name="timeout" content="long">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/dispatcher/dispatcher.js"></script>
      7 <script src="/common/get-host-info.sub.js"></script>
      8 <script src="/common/utils.js"></script>
      9 <script src="resources/utils.js"></script>
     10 <script src="/fetch/local-network-access/resources/support.sub.js"></script>
     11 <script src="resources/dangling-markup-helper.js"></script>
     12 
     13 <body>
     14 
     15 <script>
     16 // These tests assert that fenced frames cannot be navigated to a urn:uuid URL
     17 // that represents an HTTPS URLs with dangling markup.
     18 for (const substring of kDanglingMarkupSubstrings) {
     19  promise_test(async t => {
     20    const key = token();
     21 
     22    // Copied from from `generateURNFromFlege()`, since we have to modify the
     23    // final URL that goes into `interestGroup.ads[0].renderURL` for
     24    // `navigator.joinAdInterestGroup()`.
     25    const bidding_token = token();
     26    const seller_token = token();
     27 
     28    let url_string = generateURL("resources/report-url.html?blocked",
     29                                 [key]).toString();
     30    url_string = url_string.replace("blocked", substring);
     31 
     32    const interestGroup = {
     33      name: 'testAd1',
     34      owner: location.origin,
     35      biddingLogicURL: new URL(FLEDGE_BIDDING_URL, location.origin),
     36      ads: [{renderURL: url_string, bid: 1}],
     37      userBiddingSignals: {biddingToken: bidding_token},
     38      trustedBiddingSignalsKeys: ['key1'],
     39      adComponents: [],
     40    };
     41 
     42    // Pick an arbitrarily high duration to guarantee that we never leave the
     43    // ad interest group while the test runs.
     44    navigator.joinAdInterestGroup(interestGroup, /*durationSeconds=*/3000000);
     45 
     46    const auctionConfig = {
     47      seller: location.origin,
     48      interestGroupBuyers: [location.origin],
     49      decisionLogicURL: new URL(FLEDGE_DECISION_URL, location.origin),
     50      auctionSignals: {biddingToken: bidding_token, sellerToken: seller_token},
     51    };
     52 
     53    const urn = await navigator.runAdAuction(auctionConfig);
     54 
     55    const fencedframe = attachFencedFrame(urn);
     56    const loaded_promise = nextValueFromServer(key);
     57    const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
     58    assert_equals(result, "NOT LOADED");
     59  }, `fenced frame opaque URN => https: URL with dangling markup '${substring}'`);
     60 }
     61 
     62 </script>
     63 
     64 </body>