tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sandboxed-iframe-navigator-serviceworker.https.html (4621B)

      1 <!DOCTYPE html>
      2 <title>Accessing navigator.serviceWorker in sandboxed iframe.</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="resources/test-helpers.sub.js"></script>
      6 <body>
      7 <script>
      8 var lastCallbackId = 0;
      9 var callbacks = {};
     10 function postMessageAndWaitResult(frame) {
     11  return new Promise(function(resolve, reject) {
     12    var id = ++lastCallbackId;
     13    callbacks[id] = resolve;
     14    frame.contentWindow.postMessage({id:id}, '*');
     15    const timeout = 1000;
     16    step_timeout(() => reject("no msg back after " + timeout + "ms"), timeout);
     17  });
     18 }
     19 
     20 window.onmessage = function(e) {
     21  message = e.data;
     22  var id = message['id'];
     23  var callback = callbacks[id];
     24  delete callbacks[id];
     25  callback(message.result);
     26 };
     27 
     28 promise_test(function(t) {
     29    var url = 'resources/sandboxed-iframe-navigator-serviceworker-iframe.html';
     30    var frame;
     31    return with_iframe(url)
     32      .then(function(f) {
     33          frame = f;
     34          add_result_callback(() => { frame.remove(); });
     35          return postMessageAndWaitResult(f);
     36        })
     37      .then(function(result) {
     38          assert_equals(result, 'ok');
     39        });
     40  }, 'Accessing navigator.serviceWorker in normal iframe should not throw.');
     41 
     42 promise_test(function(t) {
     43    var url = 'resources/sandboxed-iframe-navigator-serviceworker-iframe.html';
     44    var frame;
     45    return with_sandboxed_iframe(url, 'allow-scripts')
     46      .then(function(f) {
     47          frame = f;
     48          add_result_callback(() => { frame.remove(); });
     49          return postMessageAndWaitResult(f);
     50        })
     51      .then(function(result) {
     52          assert_equals(
     53              result,
     54              'navigator.serviceWorker failed: SecurityError');
     55        });
     56  }, 'Accessing navigator.serviceWorker in sandboxed iframe should throw.');
     57 
     58 promise_test(function(t) {
     59    var url = 'resources/sandboxed-iframe-navigator-serviceworker-iframe.html';
     60    var frame;
     61    return with_sandboxed_iframe(url, 'allow-scripts allow-same-origin')
     62      .then(function(f) {
     63          frame = f;
     64          add_result_callback(() => { frame.remove(); });
     65          return postMessageAndWaitResult(f);
     66        })
     67      .then(function(result) {
     68          assert_equals(result, 'ok');
     69        });
     70  },
     71  'Accessing navigator.serviceWorker in sandboxed iframe with ' +
     72  'allow-same-origin flag should not throw.');
     73 
     74 promise_test(function(t) {
     75    var url = 'resources/sandboxed-iframe-navigator-serviceworker-iframe.html';
     76    var frame;
     77    return new Promise(function(resolve) {
     78          frame = document.createElement('iframe');
     79          add_result_callback(() => { frame.remove(); });
     80          frame.sandbox = '';
     81          frame.src = url;
     82          frame.onload = resolve;
     83          document.body.appendChild(frame);
     84          // Switch the sandbox attribute while loading the iframe.
     85          frame.sandbox = 'allow-scripts allow-same-origin';
     86        })
     87      .then(function() {
     88          return postMessageAndWaitResult(frame)
     89        })
     90      .then(function(result) {
     91          // The HTML spec seems to say that changing the sandbox attribute
     92          // after the iframe is inserted into its parent document does not
     93          // affect the sandboxing. If that's true, the frame should still
     94          // act as if it still doesn't have
     95          // 'allow-scripts allow-same-origin' set and throw a SecurityError.
     96          //
     97          // 1) From Section 4.8.5 "The iframe element":
     98          // "When an iframe element is inserted into a document that has a
     99          // browsing context, the user agent must create a new browsing
    100          // context..."
    101          // 2) "Create a new browsing context" expands to Section 7.1
    102          // "Browsing contexts", which includes creating a Document and
    103          // "Implement the sandboxing for document."
    104          // 3) "Implement the sandboxing" expands to Section 7.6 "Sandboxing",
    105          // which includes "populate document's active sandboxing flag set".
    106          //
    107          // It's not clear whether navigation subsequently creates a new
    108          // Document, but I'm assuming it wouldn't.
    109          // https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-sandbox
    110          assert_true(
    111              false,
    112              'should NOT get message back from a sandboxed frame where scripts are not allowed to execute');
    113        })
    114      .catch(msg => {
    115        assert_true(msg.startsWith('no msg back'), 'expecting error message "no msg back"');
    116      });
    117  }, 'Switching iframe sandbox attribute while loading the iframe');
    118 
    119 </script>
    120 </body>