tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

csp-script-src.js (2463B)

      1 const params = new URLSearchParams(location.search);
      2 
      3 // Take a key used for storing a test result in the server.
      4 const key = params.get('key');
      5 
      6 // Take a target hint to decide a target context for prerendering.
      7 const rule_extras = {'target_hint': getTargetHint()};
      8 
      9 // Speculation rules injection is blocked in the csp-script-src 'self' test.
     10 const block = location.pathname.endsWith('csp-script-src-self.html');
     11 
     12 // The main test page (csp-script-src-*.html) in the parent directory) will load
     13 // this page only with the "key" parameter. This page will then try prerendering
     14 // itself with the "run-test" parameter. When "run-test" is in the URL we'll
     15 // actually start the test process and record the results to send back to the
     16 // main test page. We do this because the main test page cannot navigate itself
     17 // but it also cannot open a popup to a prerendered browsing context so the
     18 // prerender triggering and activation must both happen in this popup.
     19 const run_test = params.has('run-test');
     20 if (!run_test) {
     21  // Generate a new stash key so we can communicate with the prerendered page
     22  // about when to close the popup.
     23  const done_key = token();
     24  const url = new URL(document.URL);
     25  url.searchParams.append('run-test', '');
     26  url.searchParams.append('done-key', done_key);
     27 
     28  if (block) {
     29    // Observe `securitypolicyviolation` event that will be triggered by
     30    // startPrerendering().
     31    document.addEventListener('securitypolicyviolation', e => {
     32      if (e.effectiveDirective != 'script-src' &&
     33          e.effectiveDirective != 'script-src-elem') {
     34        const message = 'unexpected effective directive: ' + e.effectiveDirective;
     35        writeValueToServer(key, message).then(() => { window.close(); });
     36      } else {
     37        const message = 'blocked by ' + e.effectiveDirective;
     38        writeValueToServer(key, message).then(() => { window.close(); });
     39      }
     40    });
     41  }
     42 
     43  startPrerendering(url.toString(), rule_extras);
     44 
     45  // Wait until the prerendered page signals us it's ready to close.
     46  nextValueFromServer(done_key).then(() => {
     47    window.close();
     48  });
     49 } else {
     50  if (block) {
     51    writeValueToServer(key, 'unexpected prerendering');
     52  } else {
     53    // Tell the harness the initial document.prerendering value.
     54    writeValueToServer(key, document.prerendering);
     55 
     56    // Tell the prerendering initiating page test being finished.
     57    const done_key = params.get('done-key');
     58    writeValueToServer(done_key, "done");
     59  }
     60 }