tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

coop-sandbox.https.html (2456B)

      1 <!doctype html>
      2 <title>Sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title>
      3 <script src=/resources/testharness.js></script>
      4 <script src=/resources/testharnessreport.js></script>
      5 <script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
      6 <div id=log>
      7 <script>
      8 [
      9  "allow-popups allow-scripts allow-same-origin",
     10  "allow-popups allow-scripts",
     11 ].forEach(sandboxValue => {
     12  async_test(t => {
     13    const frame = document.createElement("iframe");
     14    const channel = new BroadcastChannel(token());
     15    channel.onmessage = t.unreached_func("A COOP popup was created from a sandboxed frame");
     16    t.add_cleanup(() => frame.remove());
     17    frame.sandbox = sandboxValue;
     18    frame.srcdoc = `<script>
     19  const popup = window.open("resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}");
     20  <\/script>`;
     21    document.body.append(frame);
     22    addEventListener('load', t.step_func(() => {
     23      // This uses a timeout to give some time for incorrect implementations to broadcast. A
     24      // theoretical testdriver.js API for browsing contexts could be used to speed this up.
     25      t.step_timeout(() => {
     26        t.done()
     27      }, 1500);
     28    }));
     29  }, `<iframe sandbox="${sandboxValue}"> ${document.title}`);
     30 });
     31 
     32 // Verify that the popup does not have sandboxing flags set
     33 async_test(t => {
     34  const frame = document.createElement("iframe");
     35  const channel = new BroadcastChannel(token());
     36  channel.onmessage = t.step_func_done();
     37  t.add_cleanup(() => frame.remove());
     38  frame.sandbox = "allow-popups allow-scripts allow-popups-to-escape-sandbox";
     39  frame.srcdoc = `<script>
     40 window.open("resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}");
     41 <\/script>`;
     42  document.body.append(frame);
     43 }, `<iframe sandbox="allow-popups allow-scripts allow-popups-to-escape-sandbox"> ${document.title}`);
     44 
     45 async_test(t => {
     46  const frame = document.createElement("iframe");
     47  const channel = new BroadcastChannel(token());
     48  frame.sandbox = "allow-scripts allow-same-origin";
     49  frame.name = `iframe-${channel.name}`;
     50  frame.src = `resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
     51  channel.onmessage = t.step_func( event => {
     52    const payload = event.data;
     53    assert_equals(payload.name, frame.name, "name");
     54    t.done();
     55  });
     56  t.add_cleanup(() => frame.remove());
     57  document.body.append(frame);
     58 }, `Iframe with sandbox and COOP must load.`);
     59 </script>