tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

iframe-inheritance-history-about-blank.html (2770B)

      1 <!doctype html>
      2 <title>Referrer Policy: navigating back to an about:blank iframe reuses the original referrer policy</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <meta name="referrer" content="no-referrer">
      6 <div id="log"></div>
      7 <script>
      8  let checkReferrer = document => {
      9    let script = document.createElement('script');
     10    script.innerText = `
     11      fetch("${origin}/common/security-features/subresource/xhr.py",
     12            {referrer: "${location.origin}/custom"})
     13        .then(r => r.json())
     14        .then(j => {
     15          top.postMessage({referrer: j.headers.referer}, "*")
     16        }).catch(e => {
     17          top.postMessage({referrer: "FAILURE"}, "*");
     18        });
     19    `
     20 
     21    let referrer = new Promise(resolve => {
     22      window.addEventListener("message", function listener(msg) {
     23        window.removeEventListener("message", listener, false);
     24        resolve(msg.data.referrer);
     25      });
     26    });
     27 
     28    document.body.appendChild(script);
     29 
     30    return referrer;
     31  };
     32 
     33  let iframeLoaded = iframe => {
     34    return new Promise(resolve => {
     35      iframe.onload = resolve;
     36    });
     37  };
     38 
     39  promise_test(async t => {
     40    // 1. Create an iframe and navigate it to about:blank.
     41    // (We cannot just create an empty iframe since the initial empty
     42    // document will get its history entry replaced, so we cannot
     43    // navigate back to it.)
     44    const iframe = document.createElement("iframe");
     45    iframe.name = 'test_frame';
     46    iframe.src = "/referrer-policy";
     47    document.body.appendChild(iframe);
     48    await iframeLoaded(iframe);
     49 
     50    window.open('about:blank', 'test_frame');
     51    await iframeLoaded(iframe);
     52    let referrer_1 = await checkReferrer(iframe.contentDocument);
     53    assert_equals(referrer_1, undefined,
     54                  "First navigation uses correct policy.");
     55 
     56    // 2. Change the referrer policy of the iframe.
     57    let meta = iframe.contentDocument.createElement('meta');
     58    meta.name = 'referrer';
     59    meta.content = "unsafe-url";
     60    iframe.contentDocument.head.appendChild(meta);
     61 
     62    let referrer_2 = await checkReferrer(iframe.contentDocument);
     63    assert_equals(referrer_2, location.origin + '/custom',
     64                  "Referrer policy correctly changed.");
     65 
     66    // 3. Navigate the iframe elsewhere.
     67    window.open('/referrer-policy', 'test_frame');
     68    await iframeLoaded(iframe);
     69 
     70    // 4. Navigate the iframe back.
     71    iframe.contentWindow.history.back();
     72    await iframeLoaded(iframe);
     73 
     74    let referrer_3 = await checkReferrer(iframe.contentDocument);
     75    assert_equals(referrer_3, undefined,
     76                  "History navigation reuses original policy.");
     77    document.body.removeChild(iframe);
     78  }, "History navigation reuses original policy.");
     79 
     80 </script>