[ tor-browser ].git.dasho

header-parsing.https.html (2678B)
      1 <!DOCTYPE html>
      2 <html>
      3  <meta charset="utf-8">
      4  <meta name="timeout" content="long">
      5  <script src="/resources/testharness.js"></script>
      6  <script src="/resources/testharnessreport.js"></script>
      7 <body>
      8 <script>
      9 'use strict';
     10 function createIframe(t, values) {
     11  const parent = document.createElement('iframe');
     12  const child = document.createElement('iframe');
     13  const params = values.map((value) => {
     14    const percentEncodedValue = typeof value === "object" ? value.percentEncoded : encodeURIComponent(value);
     15    return `value=${percentEncodedValue}`;
     16  });
     17  parent.setAttribute('src', `resources/empty-coep.py?${params.join("&")}`);
     18  document.body.appendChild(parent);
     19  t.add_cleanup(() => parent.remove());
     20 
     21  return new Promise((resolve, reject) => {
     22      parent.onload = resolve;
     23      parent.onerror = () =>
     24        reject(new Error(`failed to load from ${parent.src}`));
     25    })
     26    .then(() => {
     27        child.setAttribute('src', '/common/blank.html');
     28        parent.contentDocument.body.appendChild(child);
     29        return new Promise((resolve) => {
     30            child.onload = resolve;
     31            child.onerror = () =>
     32              reject(new Error(`failed to load from ${child.src}`));
     33          });
     34      })
     35    .then(() => child);
     36 }
     37 
     38 [
     39  [],
     40  [''],
     41  ['jibberish'],
     42  [{ percentEncoded: 'require%FFcorp' }], // non-ASCII byte
     43  ['require-corp;'],
     44  ['\u000brequire-corp\u000b'], // vertical tab
     45  ['\u000crequire-corp\u000c'], // form feed
     46  ['\u000drequire-corp\u000d'], // carriage return
     47  ['Require-corp'],
     48  ['"require-corp"'], // HTTP structured header "string" item
     49  [':cmVxdWlyZS1jb3Jw:'], // HTTP structured header "byte sequence" item
     50  ['require-corp;\tfoo=bar'],
     51  ['require-corp require-corp'],
     52  ['require-corp,require-corp'],
     53  ['require-corp', 'require-corp'],
     54  ['', 'require-corp'],
     55  ['require-corp', ''],
     56 ].forEach((values) => {
     57  promise_test((t) => {
     58    return createIframe(t, values)
     59      .then((child) => {
     60          assert_not_equals(child.contentDocument, null);
     61        });
     62  }, 'navigation allowed for ' + JSON.stringify(values));
     63 });
     64 
     65 [
     66  ['require-corp'],
     67  [' require-corp '],
     68  ['\trequire-corp\t'], // leading and trailing OWS is not part of the field-value per HTTP
     69  [' \trequire-corp'],
     70  ['require-corp\t '],
     71  ['require-corp; foo=bar'],
     72  ['require-corp;require-corp'],
     73  ['require-corp; report-to="data:', '"'], // `require-corp; report-to="data:, "`
     74 
     75 ].forEach((values) => {
     76  promise_test((t) => {
     77    return createIframe(t, values)
     78      .then((child) => {
     79          assert_equals(child.contentDocument, null);
     80        });
     81  }, 'navigation blocked for ' + JSON.stringify(values));
     82 });
     83 </script>
     84 </body>
     85 </html>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE