tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

regression-1399759.https.sub.html (4254B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4 <meta name="variant" content="?pipe=header(Origin-Agent-Cluster,%3F0)">
      5 <meta name="variant" content="?pipe=header(Origin-Agent-Cluster,%3F1)">
      6 <title>Origin-Isolation after navigating about:blank.</title>
      7 <script src="/resources/testharness.js"></script>
      8 <script src="/resources/testharnessreport.js"></script>
      9 <script src="/common/get-host-info.sub.js"></script>
     10 <script src="/common/utils.js"></script>
     11 <script src="/common/dispatcher/dispatcher.js"></script>
     12 </head>
     13 <body>
     14 </body>
     15 <script>
     16 // Regression test for crbug.com/1399759. This is mainly based on
     17 // external/wpt/html/infrastructure/urls/base-url/document-base-url-initiated-grand-parent.https.window.js
     18 // but restricts itself to the exact error condition.
     19 //
     20 // This test is run in two variants which differ in the Origin-Agent-Cluster
     21 // http header values, ?0 and ?1. The test should pass in either case, but the
     22 // regression we're testing for involves inconsistent clustering decisions,
     23 // which requires clustering to be enabled in the first place.
     24 promise_test(async test => {
     25  // Create a cross-origin iframe. Use the executor.html, so we can ask it
     26  // to execute scripts for us.
     27  const child_token = token();
     28  const iframe = document.createElement("iframe");
     29  iframe.src = get_host_info().HTTPS_REMOTE_ORIGIN +
     30    `/common/dispatcher/executor.html?uuid=${child_token}`;
     31  document.body.appendChild(iframe);
     32 
     33  // The child creates a grand child in an iframe.
     34  const reply_token = token();
     35  send(child_token, `
     36    const iframe = document.createElement("iframe");
     37    iframe.src = "/common/blank.html";
     38    iframe.onload = () => {
     39      send("${reply_token}", "grand child loaded");
     40    };
     41    document.body.appendChild(iframe);
     42  `);
     43  assert_equals(await receive(reply_token), "grand child loaded");
     44  const grandchild = iframe.contentWindow[0];
     45 
     46  // Navigate the grand-child toward about:blank.
     47  grandchild.location = "about:blank";
     48  assert_equals(await receive(reply_token), "grand child loaded");
     49 
     50  // This document and grandchild are same-origin, because about:blank
     51  // inherits its origin from the initiator of the navigation, which is us.
     52  // This access should not throw.
     53  grandchild.document;
     54 }, "Check the baseURL of an about:blank document cross-origin with its parent");
     55 
     56 promise_test(async test => {
     57  // This tests the same setup as above, but with about:srcdoc. Since one
     58  // cannot just navigate to about:srcdoc, we'll have to include an extra
     59  // step: Create an iframe with srcdoc attribute; navigate away; then
     60  // navigate to about:srcdoc.
     61  // srcdoc does not inherit the origin from the initiator - unlike
     62  // about:blank - and so in this case the grandchild.document access should
     63  // throw.
     64 
     65  // Create a cross-origin iframe. Use the executor.html, so we can ask it
     66  // to execute scripts for us.
     67  const child_token = token();
     68  const iframe = document.createElement("iframe");
     69  iframe.src = get_host_info().HTTPS_REMOTE_ORIGIN +
     70    `/common/dispatcher/executor.html?uuid=${child_token}`;
     71  document.body.appendChild(iframe);
     72 
     73  // The child creates a grand child in an iframe, using the srcdoc attribute.
     74  const reply_token = token();
     75  send(child_token, `
     76    const iframe = document.createElement("iframe");
     77    iframe.onload = () => {
     78      send("${reply_token}", "grand child loaded");
     79    };
     80    iframe.srcdoc = "nothing interesting";
     81    document.body.appendChild(iframe);
     82  `);
     83  assert_equals(await receive(reply_token), "grand child loaded");
     84  const grandchild = iframe.contentWindow[0];
     85 
     86  // Navigate the grand child toward a regular URL.
     87  grandchild.location = get_host_info().HTTPS_REMOTE_ORIGIN + "/common/blank.html";
     88  assert_equals(await receive(reply_token), "grand child loaded");
     89 
     90  // Navigate the grand-child back, to about:srcdoc.
     91  grandchild.location = "about:srcdoc";
     92  assert_equals(await receive(reply_token), "grand child loaded");
     93 
     94  // This document and grandchild are cross-origin. about:srcdoc does not
     95  // inherits its origin from the initiator of the navigation. This access
     96  // should throw:
     97  assert_throws_dom("SecurityError", () => { grandchild.document; });
     98 }, "Check that about:srcdoc navigation does not follow about:blank rules.");
     99 </script>
    100 </html>