tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

trust-token-parameter-validation.tentative.https.html (2262B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <title>JavaScript: the Private Token API Fetch method correctly validates its parameters</title>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script>
      7  'use strict';
      8 
      9  test(() => {
     10    assert_throws_js(TypeError, () => {
     11      new Request('https://example.com', {
     12        privateToken: {
     13          version: 1,
     14          operation: "token-request",
     15          refreshPolicy: "not a member of the refreshPolicy enum",
     16        }
     17      });
     18    });
     19  }, 'Private Token fetches require valid `refreshPolicy:` values, if provided.');
     20 
     21  test(() => {
     22    assert_throws_js(TypeError, () => {
     23      new Request('https://example.com', {
     24        privateToken: {
     25          version: 1,
     26          operation: "send-redemption-record",
     27          issuers: []
     28        }
     29      });
     30    });
     31  }, 'Private Token signing operations require at least one issuer URL');
     32 
     33  test(() => {
     34    assert_throws_js(TypeError, () => {
     35      new Request('https://example.com', {
     36        privateToken: {
     37          version: 1,
     38          operation: "send-redemption-record",
     39          issuers: [3]
     40        }
     41      });
     42    });
     43  }, 'Private Token signing operations require string issuer URLs, if provided.');
     44 
     45  test(() => {
     46    assert_throws_js(TypeError, () => {
     47      new Request('https://example.com', {
     48        privateToken: {
     49          version: 1,
     50          operation: "send-redemption-record",
     51          issuers: ["not a valid URL"]
     52        }
     53      });
     54    });
     55  }, 'Private Token signing operations require valid issuer URLs, if provided.');
     56 
     57  test(() => {
     58    assert_throws_js(TypeError, () => {
     59      new Request('https://example.com', {
     60        privateToken: {
     61          version: 1,
     62          operation: "send-redemption-record",
     63          issuers: ["http://not-secure.com"]
     64        }
     65      });
     66    });
     67  }, 'Private Token fetches require secure issuer URLs, if provided.');
     68 
     69  test(() => {
     70    new Request('https://example.com', {
     71      privateToken: {
     72        version: 1,
     73        operation: "send-redemption-record",
     74        issuers: ["http://localhost"]
     75      }
     76    });
     77  }, 'Since localhost URLs are potentially trustworthy, setting an issuer to localhost should succeed.');
     78 </script>