tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

select-url-permissions-policy-none.tentative.https.sub.html (2231B)

      1 <!doctype html>
      2 <body>
      3  <script src=/resources/testharness.js></script>
      4  <script src=/resources/testharnessreport.js></script>
      5  <script src=/permissions-policy/resources/permissions-policy.js></script>
      6  <script src="/shared-storage/resources/util.js"></script>
      7  <script>
      8    'use strict';
      9    const same_origin_src = '/shared-storage/resources/select-url-permissions-policy-helper.html';
     10    const same_origin_script = '/shared-storage/resources/simple-module.js';
     11    const cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
     12    const cross_origin_src = cross_origin + same_origin_src;
     13    const cross_origin_script = cross_origin + same_origin_script;
     14    const header = 'permissions policy header shared-storage-select-url=()';
     15 
     16    promise_test(async t => {
     17      await sharedStorage.worklet.addModule('/shared-storage/resources/simple-module.js');
     18      const allowed = await IsSharedStorageSelectUrlAllowed();
     19      assert_false(allowed);
     20    }, header + ' disallows sharedStorage.selectURL() in the current page.');
     21 
     22    promise_test(async t => {
     23      const worklet = await sharedStorage.createWorklet(
     24        same_origin_script,
     25        { credentials: "omit" });
     26 
     27      return promise_rejects_dom(t, "InvalidAccessError",
     28        worklet.selectURL("operation", [{url: "1.html"}]));
     29    }, header + ' disallows selectURL() on a same-origin worklet');
     30 
     31    promise_test(async t => {
     32      const worklet = await sharedStorage.createWorklet(
     33        cross_origin_script,
     34        { credentials: "omit", dataOrigin: "script-origin" });
     35 
     36      return promise_rejects_dom(t, "InvalidAccessError",
     37        worklet.selectURL("operation", [{url: "1.html"}]));
     38    }, header + ' disallows selectURL() on a cross-origin worklet');
     39 
     40    async_test(t => {
     41      test_feature_availability('shared-storage-select-url', t, same_origin_src,
     42          expect_feature_unavailable_default);
     43    }, header + ' disallows sharedStorage.selectURL() in same-origin iframes.');
     44 
     45    async_test(t => {
     46      test_feature_availability('shared-storage-select-url', t, cross_origin_src,
     47          expect_feature_unavailable_default);
     48    }, header + ' disallows sharedStorage.selectURL() in cross-origin iframes.');
     49  </script>
     50 </body>