tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

opaque-script.https.html (2988B)

      1 <!doctype html>
      2 <title>Cache Storage: verify scripts loaded from cache_storage are marked opaque</title>
      3 <link rel="help" href="https://w3c.github.io/ServiceWorker/#cache-interface">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="resources/testharness-helpers.js"></script>
      7 <script src="resources/test-helpers.sub.js"></script>
      8 <script src="/common/get-host-info.sub.js"></script>
      9 <script>
     10 'use strict';
     11 
     12 const SW_URL = 'resources/opaque-script-sw.js';
     13 const BASE_SCOPE = './resources/opaque-script-frame.html';
     14 const SAME_ORIGIN_BASE = new URL('./resources/', self.location.href).href;
     15 const CROSS_ORIGIN_BASE = new URL('./resources/',
     16    get_host_info().HTTPS_REMOTE_ORIGIN + base_path()).href;
     17 
     18 function wait_for_error() {
     19  return new Promise(resolve => {
     20    self.addEventListener('message', function messageHandler(evt) {
     21      if (evt.data.type !== 'ErrorEvent')
     22        return;
     23      self.removeEventListener('message', messageHandler);
     24      resolve(evt.data.msg);
     25    });
     26  });
     27 }
     28 
     29 // Load an iframe that dynamically adds a script tag that is
     30 // same/cross origin and large/small.  It then calls a function
     31 // defined in that loaded script that throws an unhandled error.
     32 // The resulting message exposed in the global onerror handler
     33 // is reported back from this function.  Opaque cross origin
     34 // scripts should not expose the details of the uncaught exception.
     35 async function get_error_message(t, mode, size) {
     36  const script_base = mode === 'same-origin' ? SAME_ORIGIN_BASE
     37                                             : CROSS_ORIGIN_BASE;
     38  const script = script_base + `opaque-script-${size}.js`;
     39  const scope = BASE_SCOPE + `?script=${script}`;
     40  const reg = await service_worker_unregister_and_register(t, SW_URL, scope);
     41  t.add_cleanup(_ => reg.unregister());
     42  assert_true(!!reg.installing);
     43  await wait_for_state(t, reg.installing, 'activated');
     44  const error_promise = wait_for_error();
     45  const f = await with_iframe(scope);
     46  t.add_cleanup(_ => f.remove());
     47  const error = await error_promise;
     48  return error;
     49 }
     50 
     51 promise_test(async t => {
     52  const error = await get_error_message(t, 'same-origin', 'small');
     53  assert_true(error.includes('Intentional error'));
     54 }, 'Verify small same-origin cache_storage scripts are not opaque.');
     55 
     56 promise_test(async t => {
     57  const error = await get_error_message(t, 'same-origin', 'large');
     58  assert_true(error.includes('Intentional error'));
     59 }, 'Verify large same-origin cache_storage scripts are not opaque.');
     60 
     61 promise_test(async t => {
     62  const error = await get_error_message(t, 'cross-origin', 'small');
     63  assert_false(error.includes('Intentional error'));
     64 }, 'Verify small cross-origin cache_storage scripts are opaque.');
     65 
     66 promise_test(async t => {
     67  const error = await get_error_message(t, 'cross-origin', 'large');
     68  assert_false(error.includes('Intentional error'));
     69 }, 'Verify large cross-origin cache_storage scripts are opaque.');
     70 
     71 </script>