[ tor-browser ].git.dasho

generic-sensor-feature-policy-test.sub.js (5977B)
      1 const feature_policies = {
      2  "AmbientLightSensor" : ["ambient-light-sensor"],
      3  "Accelerometer" : ["accelerometer"],
      4  "LinearAccelerationSensor" : ["accelerometer"],
      5  "GravitySensor" : ["accelerometer"],
      6  "Gyroscope" : ["gyroscope"],
      7  "GeolocationSensor" : ["geolocation"],
      8  "Magnetometer" : ["magnetometer"],
      9  "UncalibratedMagnetometer" : ["magnetometer"],
     10  "AbsoluteOrientationSensor" : ["accelerometer", "gyroscope", "magnetometer"],
     11  "RelativeOrientationSensor" : ["accelerometer", "gyroscope"]
     12 };
     13 
     14 const same_origin_src =
     15  "/feature-policy/resources/feature-policy-generic-sensor.html#";
     16 const cross_origin_src =
     17  "https://{{domains[www]}}:{{ports[https][0]}}" + same_origin_src;
     18 const base_src = "/feature-policy/resources/redirect-on-load.html#";
     19 
     20 function get_feature_policies_for_sensor(sensorType) {
     21  return feature_policies[sensorType];
     22 }
     23 
     24 function run_fp_tests_disabled(sensorName) {
     25  const sensorType = self[sensorName];
     26  const featureNameList = feature_policies[sensorName];
     27  const header = "Feature-Policy header " + featureNameList.join(" 'none';") + " 'none'";
     28  const desc = "'new " + sensorName + "()'";
     29 
     30  test(() => {
     31    assert_implements(sensorName in self, `${sensorName} is not supported.`);
     32    assert_throws_dom("SecurityError", () => {new sensorType()});
     33  }, `${sensorName}: ${header} disallows the top-level document.`);
     34 
     35  async_test(t => {
     36    assert_implements(sensorName in self, `${sensorName} is not supported.`);
     37    test_feature_availability(
     38      desc,
     39      t,
     40      same_origin_src + sensorName,
     41      expect_feature_unavailable_default
     42    );
     43  }, `${sensorName}: ${header} disallows same-origin iframes.`);
     44 
     45  async_test(t => {
     46    assert_implements(sensorName in self, `${sensorName} is not supported.`);
     47    test_feature_availability(
     48      desc,
     49      t,
     50      cross_origin_src + sensorName,
     51      expect_feature_unavailable_default
     52    );
     53  }, `${sensorName}: ${header} disallows cross-origin iframes.`);
     54 }
     55 
     56 function run_fp_tests_enabled(sensorName) {
     57  const featureNameList = feature_policies[sensorName];
     58  const header = "Feature-Policy header " + featureNameList.join(" *;") + " *";
     59  const desc = "'new " + sensorName + "()'";
     60 
     61  test(() => {
     62    assert_implements(sensorName in self, `${sensorName} is not supported.`);
     63  }, `${sensorName}: ${header} allows the top-level document.`);
     64 
     65  async_test(t => {
     66    assert_implements(sensorName in self, `${sensorName} is not supported.`);
     67    test_feature_availability(
     68      desc,
     69      t,
     70      same_origin_src + sensorName,
     71      expect_feature_available_default
     72    );
     73  }, `${sensorName}: ${header} allows same-origin iframes.`);
     74 
     75  // Set allow="feature;feature;..." on iframe element to delegate features
     76  // under test to cross origin subframe.
     77  async_test(t => {
     78    assert_implements(sensorName in self, `${sensorName} is not supported.`);
     79    test_feature_availability(
     80      desc,
     81      t,
     82      cross_origin_src + sensorName,
     83      expect_feature_available_default,
     84      feature_policies[sensorName].join(";")
     85    );
     86  }, `${sensorName}: ${header} allows cross-origin iframes.`);
     87 }
     88 
     89 function run_fp_tests_enabled_by_attribute(sensorName) {
     90  const featureNameList = feature_policies[sensorName];
     91  const header = "Feature-Policy allow='" + featureNameList.join(" ") + "' attribute";
     92  const desc = "'new " + sensorName + "()'";
     93 
     94  async_test(t => {
     95    assert_implements(sensorName in self, `${sensorName} is not supported.`);
     96    test_feature_availability(
     97      desc,
     98      t,
     99      same_origin_src + sensorName,
    100      expect_feature_available_default,
    101      featureNameList.join(";")
    102    );
    103  }, `${sensorName}: ${header} allows same-origin iframe`);
    104 
    105  async_test(t => {
    106    assert_implements(sensorName in self, `${sensorName} is not supported.`);
    107    test_feature_availability(
    108      desc,
    109      t,
    110      cross_origin_src + sensorName,
    111      expect_feature_available_default,
    112      featureNameList.join(";")
    113    );
    114  }, `${sensorName}: ${header} allows cross-origin iframe`);
    115 }
    116 
    117 function run_fp_tests_enabled_by_attribute_redirect_on_load(sensorName) {
    118  const featureNameList = feature_policies[sensorName];
    119  const header = "Feature-Policy allow='" + featureNameList.join(" ") + "' attribute";
    120  const desc = "'new " + sensorName + "()'";
    121 
    122  async_test(t => {
    123    assert_implements(sensorName in self, `${sensorName} is not supported.`);
    124    test_feature_availability(
    125      desc,
    126      t,
    127      base_src + same_origin_src + sensorName,
    128      expect_feature_available_default,
    129      featureNameList.join(";")
    130    );
    131  }, `${sensorName}: ${header} allows same-origin relocation`);
    132 
    133  async_test(t => {
    134    assert_implements(sensorName in self, `${sensorName} is not supported.`);
    135    test_feature_availability(
    136      desc,
    137      t,
    138      base_src + cross_origin_src + sensorName,
    139      expect_feature_unavailable_default,
    140      featureNameList.join(";")
    141    );
    142  }, `${sensorName}: ${header} disallows cross-origin relocation`);
    143 }
    144 
    145 function run_fp_tests_enabled_on_self_origin(sensorName) {
    146  const featureNameList = feature_policies[sensorName];
    147  const header = "Feature-Policy header " + featureNameList.join(" 'self';") + " 'self'";
    148  const desc = "'new " + sensorName + "()'";
    149 
    150  test(() => {
    151    assert_implements(sensorName in self, `${sensorName} is not supported.`);
    152  }, `${sensorName}: ${header} allows the top-level document.`);
    153 
    154  async_test(t => {
    155    assert_implements(sensorName in self, `${sensorName} is not supported.`);
    156    test_feature_availability(
    157      desc,
    158      t,
    159      same_origin_src + sensorName,
    160      expect_feature_available_default
    161    );
    162  }, `${sensorName}: ${header} allows same-origin iframes.`);
    163 
    164  async_test(t => {
    165    assert_implements(sensorName in self, `${sensorName} is not supported.`);
    166    test_feature_availability(
    167      desc,
    168      t,
    169      cross_origin_src + sensorName,
    170      expect_feature_unavailable_default
    171    );
    172  }, `${sensorName}: ${header} disallows cross-origin iframes.`);
    173 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE