tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sandbox-attribute.https.html (2505B)

      1 <!DOCTYPE html>
      2 <title>Test fenced frame sandbox attribute.</title>
      3 <meta name="timeout" content="long">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/common/utils.js"></script>
      7 <script src="/common/dispatcher/dispatcher.js"></script>
      8 <script src="resources/utils.js"></script>
      9 
     10 <body>
     11 <script>
     12 
     13 async function runTest(t, sandbox_flags, success) {
     14  const frame = await attachFencedFrameContext({
     15      generator_api: 'fledge', resolve_to_config: true,
     16      attributes: [['sandbox', sandbox_flags]]});
     17 
     18  assert_equals(frame.element.sandbox.value, sandbox_flags);
     19  if (sandbox_flags) {
     20    assert_equals(frame.element.sandbox.length, sandbox_flags.split(' ').length);
     21  } else {
     22    assert_equals(frame.element.sandbox.length, 0);
     23  }
     24 
     25  const result = await Promise.any([
     26    frame.execute(() => { return 'success';}),
     27    new Promise(resolve => t.step_timeout(() => resolve('failure'), 2000))]);
     28  if (success) {
     29    assert_equals(result, 'success');
     30  } else {
     31    assert_equals(result, 'failure');
     32  }
     33 }
     34 
     35 // We omit test cases that lack the sandbox attribute, because that's covered
     36 // by every other test that doesn't explicitly use the `sandbox` attribute.
     37 
     38 promise_test(async t => {
     39  return runTest(t, '', false);
     40 }, 'Navigation fails with no allowed features');
     41 
     42 promise_test(async t => {
     43  return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation', true);
     44 }, 'Navigation succeeds with exactly the required unsandboxed features');
     45 
     46 promise_test(async t => {
     47  return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-pointer-lock', true);
     48 }, 'Navigation succeeds with extra unsandboxed features');
     49 
     50 promise_test(async t => {
     51  return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox', false);
     52 }, 'Navigation fails with too few unsandboxed features');
     53 
     54 promise_test(async t => {
     55  return runTest(t, 'foo bar baz', false);
     56 }, 'Navigation fails with malformed sandbox flags');
     57 
     58 promise_test(async t => {
     59  return runTest(t, 'allow-same-origin allow-forms allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-foobarbaz', true);
     60 }, 'Navigation fails with the required unsandboxed features, plus some malformed ones');
     61 
     62 </script>
     63 </body>