tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

embedding-test.js (2563B)

      1 // One document embeds another in an iframe. Both are loaded from the network.
      2 // Check whether or not the child can load.
      3 
      4 // There are no interoperable ways to check an iframe failed to load. So a
      5 // timeout is being used. See https://github.com/whatwg/html/issues/125
      6 // Moreover, we want to track progress, managing timeout explicitly allows to
      7 // get a per-test results, even in case of failure of one.
      8 setup({ explicit_timeout: true });
      9 
     10 const EXPECT_LOAD = "load";
     11 const EXPECT_BLOCK = "block";
     12 
     13 // Load a credentialless iframe. Control both the parent and the child headers.
     14 // Check whether it loaded or not.
     15 const embeddingTest = (description, {
     16  parent_headers,
     17  child_headers,
     18  child_origin,
     19  expectation,
     20 }) => {
     21  // Default values:
     22  child_origin ||= globalThis.origin;
     23  parent_headers ||= "";
     24  child_headers||= "";
     25 
     26  const parent_origin = window.origin;
     27 
     28  promise_test_parallel(async test => {
     29    const parent_token = token();
     30    const parent_url = parent_origin + executor_path + parent_headers +
     31      `&uuid=${parent_token}`;
     32 
     33    const child_token = token();
     34    const child_url = child_origin + executor_path + child_headers +
     35      `&uuid=${child_token}`;
     36 
     37    // Create the parent:
     38    window.open(parent_url);
     39    add_completion_callback(() => send(parent_token, "close()"));
     40 
     41    // The parent creates its child:
     42    await send(parent_token, `
     43      const iframe = document.createElement("iframe");
     44      iframe.credentialless = true;
     45      iframe.src = "${child_url}";
     46      document.body.appendChild(iframe);
     47    `);
     48 
     49    // Ping the child to know whether it was allowed to load or not:
     50    const reply_token = token();
     51    await send(child_token, `
     52      send("${reply_token}", "load");
     53    `);
     54 
     55    // There are no interoperable ways to check an iframe failed to load. So a
     56    // timeout is being used.
     57    // See https://github.com/whatwg/html/issues/125
     58    // Use a shorter timeout when it is expected to be reached.
     59    // - The long delay reduces the false-positive rate. False-positive causes
     60    //   stability problems on bot, so a big delay is used to vanish them.
     61    //   https://crbug.com/1215956.
     62    // - The short delay avoids delaying too much the test(s) for nothing and
     63    //   timing out. False-negative are not a problem, they just need not to
     64    //   overwhelm the true-negative, which is trivial to get.
     65    step_timeout(() => send(reply_token, "block"), expectation == EXPECT_BLOCK
     66      ? 1500
     67      : 3500
     68    );
     69 
     70    assert_equals(await receive(reply_token), expectation);
     71  }, description);
     72 };