tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

opaque-origin.https.window.js (2966B)

      1 // META: title=StorageManager API and opaque origins
      2 // META: script=/resources/testdriver.js
      3 // META: script=/resources/testdriver-vendor.js
      4 // META: script=resources/helpers.js
      5 
      6 function load_iframe(src, sandbox) {
      7  return new Promise(resolve => {
      8    const iframe = document.createElement('iframe');
      9    iframe.onload = () => { resolve(iframe); };
     10    if (sandbox)
     11      iframe.sandbox = sandbox;
     12    iframe.srcdoc = src;
     13    iframe.style.display = 'none';
     14    document.documentElement.appendChild(iframe);
     15  });
     16 }
     17 
     18 function wait_for_message(iframe) {
     19  return new Promise(resolve => {
     20    self.addEventListener('message', function listener(e) {
     21      if (e.source === iframe.contentWindow && "result" in e.data) {
     22        resolve(e.data);
     23        self.removeEventListener('message', listener);
     24      }
     25    });
     26  });
     27 }
     28 
     29 function make_script(snippet) {
     30  return '<script src="/resources/testharness.js"></script>' +
     31         '<script>' +
     32         '  window.onmessage = () => {' +
     33         '    try {' +
     34         '      (' + snippet + ')' +
     35         '        .then(' +
     36         '          result => {' +
     37         '            window.parent.postMessage({result: "no rejection"}, "*");' +
     38         '          }, ' +
     39         '          error => {' +
     40         '            try {' +
     41         '              assert_throws_js(TypeError, () => { throw error; });' +
     42         '              window.parent.postMessage({result: "correct rejection"}, "*");' +
     43         '            } catch (e) {' +
     44         '              window.parent.postMessage({result: "incorrect rejection"}, "*");' +
     45         '            }' +
     46         '          });' +
     47         '    } catch (ex) {' +
     48         // Report if not implemented/exposed, rather than time out.
     49         '      window.parent.postMessage({result: "API access threw"}, "*");' +
     50         '    }' +
     51         '  };' +
     52         '<\/script>';
     53 }
     54 
     55 promise_setup(async () => {
     56  await tryDenyingPermission();
     57 });
     58 
     59 ['navigator.storage.persisted()',
     60 'navigator.storage.estimate()',
     61 // persist() can prompt, so make sure we test that last
     62 'navigator.storage.persist()',
     63 ].forEach(snippet => {
     64  promise_test(t => {
     65    return load_iframe(make_script(snippet))
     66      .then(iframe => {
     67        iframe.contentWindow.postMessage({}, '*');
     68        return wait_for_message(iframe);
     69      })
     70      .then(message => {
     71        assert_equals(message.result, 'no rejection',
     72                      `${snippet} should not reject`);
     73      });
     74  }, `${snippet} in non-sandboxed iframe should not reject`);
     75 
     76  promise_test(t => {
     77    return load_iframe(make_script(snippet), 'allow-scripts')
     78      .then(iframe => {
     79        iframe.contentWindow.postMessage({}, '*');
     80        return wait_for_message(iframe);
     81      })
     82      .then(message => {
     83        assert_equals(message.result, 'correct rejection',
     84                      `${snippet} should reject with TypeError`);
     85      });
     86  }, `${snippet} in sandboxed iframe should reject with TypeError`);
     87 });