tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

opaque-origin.https.window.js (2553B)

      1 'use strict';
      2 
      3 const kSandboxWindowUrl = 'resources/opaque-origin-sandbox.html';
      4 
      5 function add_iframe(test, src, sandbox) {
      6  const iframe = document.createElement('iframe');
      7  iframe.src = src;
      8  if (sandbox !== undefined) {
      9    iframe.sandbox = sandbox;
     10  }
     11  document.body.appendChild(iframe);
     12  test.add_cleanup(() => {
     13    iframe.remove();
     14  });
     15 }
     16 
     17 // Creates a data URI iframe that uses postMessage() to provide its parent
     18 // with the test result. The iframe checks for the existence of
     19 // |property_name| on the window.
     20 async function verify_does_exist_in_data_uri_iframe(
     21  test, property_name) {
     22  const iframe_content =
     23    '<script>' +
     24    '  const is_property_name_defined = ' +
     25    `    (self.${property_name} !== undefined);` +
     26    '  parent.postMessage({is_property_name_defined}, "*")' +
     27    '</script>';
     28 
     29  const data_uri = `data:text/html,${encodeURIComponent(iframe_content)}`;
     30  add_iframe(test, data_uri);
     31 
     32  const event_watcher = new EventWatcher(test, self, 'message');
     33  const message_event = await event_watcher.wait_for('message')
     34 
     35  assert_true(message_event.data.is_property_name_defined,
     36    `Data URI iframes must define '${property_name}'.`);
     37 }
     38 
     39 // |kSandboxWindowUrl| sends the result of navigator.storage.getDirectory() to
     40 // this window. For windows using sandbox='allow-scripts', this must produce a
     41 // rejected promise.
     42 async function verify_results_from_sandboxed_child_window(test) {
     43  const event_watcher = new EventWatcher(test, self, 'message');
     44 
     45  const message_event = await event_watcher.wait_for('message');
     46  assert_equals(message_event.data,
     47    'navigator.storage.getDirectory(): REJECTED: SecurityError');
     48 }
     49 
     50 promise_test(async test => {
     51  await verify_does_exist_in_data_uri_iframe(
     52    test, 'FileSystemDirectoryHandle');
     53 }, 'FileSystemDirectoryHandle must be defined for data URI iframes.');
     54 
     55 promise_test(
     56    async test => {
     57      add_iframe(test, kSandboxWindowUrl, /*sandbox=*/ 'allow-scripts');
     58      await verify_results_from_sandboxed_child_window(test);
     59    },
     60    'navigator.storage.getDirectory() must reject in a sandboxed iframe.');
     61 
     62 promise_test(
     63    async test => {
     64      const child_window_url = kSandboxWindowUrl +
     65          '?pipe=header(Content-Security-Policy, sandbox allow-scripts)';
     66 
     67      const child_window = window.open(child_window_url);
     68      test.add_cleanup(() => {
     69        child_window.close();
     70      });
     71 
     72      await verify_results_from_sandboxed_child_window(test);
     73    },
     74    'navigator.storage.getDirectory() ' +
     75        'must reject in a sandboxed opened window.');