tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

opaque-origin.https.window.js (3091B)

      1 'use strict';
      2 
      3 const kSandboxWindowUrl = 'resources/opaque-origin-sandbox.html';
      4 
      5 function add_iframe(test, src, sandbox) {
      6  const iframe = document.createElement('iframe');
      7  iframe.src = src;
      8  if (sandbox !== undefined) {
      9    iframe.sandbox = sandbox;
     10  }
     11  document.body.appendChild(iframe);
     12  test.add_cleanup(() => {
     13    iframe.remove();
     14  });
     15 }
     16 
     17 // Creates a data URI iframe that uses postMessage() to provide its parent
     18 // with the test result. The iframe checks for the existence of
     19 // |property_name| on the window.
     20 async function verify_does_not_exist_in_data_uri_iframe(
     21  test, property_name) {
     22  const iframe_content =
     23    '<script>' +
     24    '  const is_property_name_defined = ' +
     25    `    (self.${property_name} !== undefined);` +
     26    '  parent.postMessage({is_property_name_defined}, "*")' +
     27    '</script>';
     28 
     29  const data_uri = `data:text/html,${encodeURIComponent(iframe_content)}`;
     30  add_iframe(test, data_uri);
     31 
     32  const event_watcher = new EventWatcher(test, self, 'message');
     33  const message_event = await event_watcher.wait_for('message')
     34 
     35  assert_false(message_event.data.is_property_name_defined,
     36    `Data URI iframes must not define '${property_name}'.`);
     37 }
     38 
     39 // |kSandboxWindowUrl| sends two messages to this window. The first is the
     40 // result of showDirectoryPicker(). The second is the result of
     41 // navigator.storage.getDirectory(). For windows using sandbox='allow-scripts',
     42 // both results must produce rejected promises.
     43 async function verify_results_from_sandboxed_child_window(test) {
     44  const event_watcher = new EventWatcher(test, self, 'message');
     45 
     46  const first_message_event = await event_watcher.wait_for('message');
     47  assert_equals(
     48      first_message_event.data,
     49      'showDirectoryPicker(): REJECTED: SecurityError');
     50 
     51  const second_message_event = await event_watcher.wait_for('message');
     52  assert_equals(second_message_event.data,
     53    'navigator.storage.getDirectory(): REJECTED: SecurityError');
     54 }
     55 
     56 promise_test(async test => {
     57  await verify_does_not_exist_in_data_uri_iframe(test, 'showDirectoryPicker');
     58 }, 'showDirectoryPicker() must be undefined for data URI iframes.');
     59 
     60 promise_test(async test => {
     61  await verify_does_not_exist_in_data_uri_iframe(
     62    test, 'FileSystemDirectoryHandle');
     63 }, 'FileSystemDirectoryHandle must be undefined for data URI iframes.');
     64 
     65 promise_test(
     66    async test => {
     67      add_iframe(test, kSandboxWindowUrl, /*sandbox=*/ 'allow-scripts');
     68      await verify_results_from_sandboxed_child_window(test);
     69    },
     70    'navigator.storage.getDirectory() and ' +
     71        'showDirectoryPicker() must reject in a sandboxed iframe.');
     72 
     73 promise_test(
     74    async test => {
     75      const child_window_url = kSandboxWindowUrl +
     76          '?pipe=header(Content-Security-Policy, sandbox allow-scripts)';
     77 
     78      const child_window = window.open(child_window_url);
     79      test.add_cleanup(() => {
     80        child_window.close();
     81      });
     82 
     83      await verify_results_from_sandboxed_child_window(test);
     84    },
     85    'navigator.storage.getDirectory() and ' +
     86        'showDirectoryPicker() must reject in a sandboxed opened window.');