tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

iframe-inheritance-history-about-srcdoc.html (2873B)

      1 <!doctype html>
      2 <title>Referrer Policy: navigating back to an about:srcdoc iframe reuses the original referrer policy</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/common/get-host-info.sub.js"></script>
      6 <script src="resources/make-html-script.js"></script>
      7 <meta name="referrer" content="no-referrer">
      8 <div id="log"></div>
      9 <script>
     10  let reportedReferrer = () => {
     11    return new Promise(resolve => {
     12      window.addEventListener("message", function listener(msg) {
     13        window.removeEventListener("message", listener, false);
     14        resolve(msg.data.referrer);
     15      });
     16    });
     17  };
     18 
     19  let iframeLoaded = iframe => {
     20    return new Promise(resolve => {
     21      iframe.onload = resolve;
     22    });
     23  };
     24 
     25  promise_test(async t => {
     26    // 1. Create an about:srcdoc iframe.
     27    const iframe = document.createElement("iframe");
     28    iframe.name = 'test_frame';
     29    let iframe_load_1 = iframeLoaded(iframe);
     30    let referrer_1 = reportedReferrer();
     31    iframe.srcdoc = createScriptString(get_host_info().REMOTE_ORIGIN,
     32                                       location.origin + "/custom");
     33    document.body.appendChild(iframe);
     34    await iframe_load_1;
     35    let referrer_1_result = await referrer_1;
     36 
     37    // 2. Change the referrer policy of the main document.
     38    document.getElementsByTagName('meta')[0].content = "unsafe-url";
     39 
     40    // 3. Navigate the iframe elsewhere.
     41    let iframe_load_2 = iframeLoaded(iframe);
     42    window.open('/referrer-policy', 'test_frame');
     43    await iframe_load_2;
     44 
     45    // 4. Navigate the iframe back.
     46    let iframe_load_3 = iframeLoaded(iframe);
     47    let referrer_2 = reportedReferrer();
     48    iframe.contentWindow.history.back();
     49    await iframe_load_3;
     50 
     51    // Despite the main document has changed its referrer policy in (2), the
     52    // reported referrer for the history navigation to about:srcdoc in (4) must
     53    // match with the one originally reported in (1).
     54    assert_equals(referrer_1_result, undefined,
     55                  "First navigation uses correct policy.");
     56    assert_equals(await referrer_2, undefined,
     57                  "History navigation reuses original policy.");
     58  }, "History navigation reuses original policy.");
     59 
     60  promise_test(async t => {
     61    // If we initiate a new about:srcdoc navigation, the new referrer policy
     62    // should apply.
     63    const new_iframe = document.createElement("iframe");
     64    let new_iframe_load = iframeLoaded(new_iframe);
     65    let new_iframe_referrer = reportedReferrer();
     66    new_iframe.srcdoc = createScriptString(get_host_info().REMOTE_ORIGIN,
     67                                           location.origin + "/custom");
     68    document.body.appendChild(new_iframe);
     69    await new_iframe_load;
     70 
     71    assert_equals(await new_iframe_referrer, self.origin + '/custom');
     72  }, "New srcdoc iframe uses new policy.");
     73 </script>