tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

local-storage-initial-empty-document.tentative.https.window.js (2920B)

      1 // META: script=/common/get-host-info.sub.js
      2 // META: script=/common/utils.js
      3 // META: script=/common/dispatcher/dispatcher.js
      4 // META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js
      5 // META: script=./resources/common.js
      6 
      7 // This test verifies the behavior of the initial empty document nested inside
      8 // credentialless iframes.
      9 //
     10 // The following tree of frames and documents is used:
     11 //  A
     12 //  ├──B (credentialless)
     13 //  │  └──D (initial empty document)
     14 //  └──C (control)
     15 //     └──E (initial empty document)
     16 //
     17 // Storage used for D and E must be different.
     18 promise_test(async test => {
     19  const iframe_B = newIframeCredentialless(origin);
     20  const iframe_C = newIframe(origin);
     21 
     22  // Create iframe_D and store a value in localStorage.
     23  const key_D = token();
     24  const value_D = "value_D";
     25  const queue_B = token();
     26  send(iframe_B, `
     27    const iframe_D = document.createElement("iframe");
     28    document.body.appendChild(iframe_D);
     29    iframe_D.contentWindow.localStorage.setItem("${key_D}","${value_D}");
     30    send("${queue_B}", "Done");
     31  `);
     32 
     33  // Create iframe_E and store a value in localStorage.
     34  const key_E = token();
     35  const value_E = "value_E";
     36  const queue_C = token();
     37  send(iframe_C, `
     38    const iframe_E = document.createElement("iframe");
     39    document.body.appendChild(iframe_E);
     40    iframe_E.contentWindow.localStorage.setItem("${key_E}","${value_E}");
     41    send("${queue_C}", "Done");
     42  `);
     43 
     44  assert_equals(await receive(queue_B), "Done");
     45  assert_equals(await receive(queue_C), "Done");
     46 
     47  // Try to load both values from both contexts:
     48  send(iframe_B, `
     49    const iframe_D = document.querySelector("iframe");
     50    const value_D = iframe_D.contentWindow.localStorage.getItem("${key_D}");
     51    const value_E = iframe_D.contentWindow.localStorage.getItem("${key_E}");
     52    send("${queue_B}", value_D);
     53    send("${queue_B}", value_E);
     54  `);
     55  send(iframe_C, `
     56    const iframe_E = document.querySelector("iframe");
     57    const value_D = iframe_E.contentWindow.localStorage.getItem("${key_D}");
     58    const value_E = iframe_E.contentWindow.localStorage.getItem("${key_E}");
     59    send("${queue_C}", value_D);
     60    send("${queue_C}", value_E);
     61  `);
     62 
     63  // Verify the credentialless iframe and the normal one do not have access to
     64  // each other.
     65  assert_equals(await receive(queue_B), value_D, // key_D
     66    "Credentialless iframe can access credentialless context");
     67  assert_equals(await receive(queue_B), "",      // key_E
     68    "Credentialless iframe can't access credentialled context");
     69  assert_equals(await receive(queue_C), "",      // key_D
     70    "Credentialled iframe can't access credentialless context");
     71  assert_equals(await receive(queue_C), value_E, // key_E
     72    "Credentialled iframe can access credentialled context");
     73 }, "Local storage is correctly partitioned with regards to credentialless " +
     74   "iframe in initial empty documents.");