tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sandboxed-features.js (4146B)

      1 const run_in_fenced_frame = (func_name, description, is_nested) => {
      2  promise_test(async test => {
      3    const key = token();
      4    const url = is_nested ?
      5                'resources/sandboxed-features-looser-restriction.sub.html?' :
      6                'resources/sandboxed-features-inner.sub.html?';
      7    let params = new URLSearchParams();
      8    params.set('key', key);
      9    params.set('test_func', func_name);
     10    const frame = document.createElement('fencedframe');
     11    const frame_url = 'resources/sandboxed-features-inner.sub.html?' +
     12    params.toString();
     13    const config = new FencedFrameConfig(generateURL(frame_url, []));
     14    frame.config = config;
     15    test.add_cleanup(() => {
     16      frame.remove();
     17    });
     18    document.body.appendChild(frame);
     19    // The test_pointer_lock() function expects the frame to be user activated.
     20    // This is done at this point because headless mode WPTs do not support
     21    // testdriver functions from within fenced frames.
     22    if (func_name == "test_pointer_lock") {
     23      await multiClick(10, 10, document.body);
     24    }
     25    assert_equals(await nextValueFromServer(key), 'done');
     26  }, description);
     27 };
     28 
     29 const run_sanboxed_feature_test = (func_name, description) => {
     30  run_in_fenced_frame(func_name, description, false);
     31  run_in_fenced_frame(func_name, description + '[looser sandboxed]', true);
     32 };
     33 
     34 async function test_prompt() {
     35  assert_equals(
     36    window.prompt('Test prompt'),
     37    null,
     38    'window.prompt() must synchronously return null in a fenced frame without' +
     39    ' blocking on user input.');
     40 }
     41 
     42 async function test_alert() {
     43  assert_equals(
     44    window.alert('Test alert'),
     45    undefined,
     46    'window.alert() must synchronously return undefined in a fenced frame' +
     47    '  without blocking on user input.');
     48 }
     49 
     50 async function test_confirm() {
     51  assert_equals(
     52    window.confirm('Test confirm'),
     53    false,
     54    'window.confirm() must synchronously return false in a fenced frame' +
     55    ' without blocking on user input.');
     56 }
     57 
     58 async function test_print() {
     59  assert_equals(
     60    window.print(),
     61    undefined,
     62    'window.print() must synchronously return undefined in a fenced frame' +
     63    ' without blocking on user input.');
     64 
     65  assert_equals(
     66    document.execCommand('print', false, null),
     67    false,
     68    'execCommand(\'print\') must synchronously return false in a fenced frame' +
     69    ' without blocking on user input.');
     70 }
     71 
     72 async function test_document_domain() {
     73  assert_throws_dom('SecurityError', () => {
     74    document.domain = 'example.test';
     75  });
     76  assert_throws_dom('SecurityError', () => {
     77    document.domain = document.domain;
     78  });
     79  assert_throws_dom('SecurityError', () => {
     80    (new Document).domain = document.domain;
     81  });
     82  assert_throws_dom('SecurityError', () => {
     83    document.implementation.createHTMLDocument().domain = document.domain;
     84  });
     85  assert_throws_dom('SecurityError', () => {
     86    document.implementation.createDocument(null, '').domain = document.domain;
     87  });
     88  assert_throws_dom('SecurityError', () => {
     89    document.createElement('template').content.ownerDocument.domain =
     90        document.domain;
     91  });
     92 }
     93 
     94 async function test_presentation_request() {
     95  assert_throws_dom('SecurityError', () => {
     96    new PresentationRequest([location.href]);
     97  });
     98 }
     99 
    100 async function test_screen_orientation_lock() {
    101  try {
    102    await screen.orientation.lock('portrait');
    103  } catch (e) {
    104    assert_equals(
    105      e.name,
    106      'SecurityError',
    107      'orientation.lock() must throw a SecurityError in a fenced frame.');
    108    return;
    109  }
    110  assert_unreached('orientation.lock() must throw an error');
    111 }
    112 
    113 async function test_pointer_lock() {
    114  const canvas = document.createElement('canvas');
    115  document.body.appendChild(canvas);
    116  const pointerlockerror_promise = new Promise(resolve => {
    117    document.addEventListener('pointerlockerror', resolve);
    118  });
    119  try {
    120    await canvas.requestPointerLock();
    121  } catch (e) {
    122    assert_equals(
    123      e.name,
    124      'SecurityError',
    125      'orientation.lock() must throws a SecurityError in a fenced frame.');
    126    await pointerlockerror_promise;
    127    return;
    128  }
    129  assert_unreached('requestPointerLock() must fail in a fenced frame');
    130 }