tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

requestStorageAccessFor-insecure.sub.window.js (3067B)

      1 // META: script=/storage-access-api/helpers.js
      2 // META: script=/resources/testdriver.js
      3 // META: script=/resources/testdriver-vendor.js
      4 'use strict';
      5 
      6 promise_test(async () => {
      7  assert_not_equals(document.requestStorageAccessFor, undefined);
      8 }, '[top-level-context] document.requestStorageAccessFor() should be supported on the document interface');
      9 
     10 promise_test(
     11    t => {
     12      return promise_rejects_dom(t, 'NotAllowedError',
     13        document.requestStorageAccessFor('https://test.com'),
     14        'document.requestStorageAccessFor() call without user gesture');
     15    },
     16    '[top-level-context] document.requestStorageAccessFor() should be rejected by default with no user gesture');
     17 
     18 promise_test(async t => {
     19  const description =
     20      'document.requestStorageAccessFor() call in a detached frame';
     21  // Can't use promise_rejects_dom here because the exception is from the wrong global.
     22  return CreateDetachedFrame().requestStorageAccessFor('https://foo.com')
     23      .then(t.unreached_func('Should have rejected: ' + description))
     24      .catch((e) => {
     25        assert_equals(e.name, 'InvalidStateError', description);
     26      });
     27 }, '[non-fully-active] document.requestStorageAccessFor() should not resolve when run in a detached frame');
     28 
     29 promise_test(async t => {
     30  const description =
     31      'document.requestStorageAccessFor() in a detached DOMParser result';
     32  return CreateDocumentViaDOMParser().requestStorageAccessFor('https://foo.com')
     33      .then(t.unreached_func('Should have rejected: ' + description))
     34      .catch((e) => {
     35        assert_equals(e.name, 'InvalidStateError', description);
     36      });
     37 }, '[non-fully-active] document.requestStorageAccessFor() should not resolve when run in a detached DOMParser document');
     38 
     39 promise_test(
     40  async () => {
     41    const frame = await CreateFrame(
     42      '../storage-access-api/resources/script-with-cookie-header.py?script=embedded_responder.js');
     43    assert_not_equals(frame.contentWindow.document.requestStorageAccessFor, undefined);
     44  },
     45  '[frame-on-insecure-page] document.requestStorageAccessFor() should be supported on the document interface in embedded iframes');
     46 
     47 promise_test(async (t) => {
     48  const frame = await CreateFrame(
     49    '../storage-access-api/resources/script-with-cookie-header.py?script=embedded_responder.js');
     50 
     51  await RunCallbackWithGesture(() =>
     52      promise_rejects_dom(t, 'NotAllowedError', frame.contentWindow.DOMException,
     53        frame.contentWindow.document.requestStorageAccessFor(document.location.origin),
     54         'document.requestStorageAccessFor() call in a non-top-level context'));
     55 }, '[frame-on-insecure-page] document.requestStorageAccessFor() should be rejected when called in an iframe');
     56 
     57 promise_test(
     58    async t => {
     59      await RunCallbackWithGesture(
     60        () => promise_rejects_dom(t, 'NotAllowedError', document.requestStorageAccessFor(document.location.origin), 'document.requestStorageAccessFor() call in insecure context'));
     61    },
     62    '[top-level-context] document.requestStorageAccessFor() should be rejected when called in an insecure context');