tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

data-url-shared.html (3276B)

      1 <!DOCTYPE html>
      2 <title>data URL shared workers</title>
      3 <script src="/common/get-host-info.sub.js"></script>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script>
      7 
      8 function assert_worker_sends_pass(test_desc, mime_type, worker_code) {
      9  async_test(function(t) {
     10    var w = new SharedWorker(`data:${mime_type},onconnect = function(e) { port = e.ports[0]; ${worker_code}}`);
     11    w.port.onmessage = t.step_func_done(function(e) {
     12      assert_equals(e.data, 'PASS');
     13    });
     14    w.port.postMessage('SEND_PASS');
     15  }, test_desc);
     16 }
     17 
     18 function assert_worker_throws(test_desc, worker_code) {
     19  assert_worker_sends_pass(test_desc, '', `try { ${worker_code}; port.postMessage("FAIL"); } catch (e) { port.postMessage("PASS"); }`);
     20 }
     21 
     22 // Any MIME type allowed
     23 assert_worker_sends_pass('application/javascript MIME allowed', 'application/javascript', 'port.postMessage("PASS")');
     24 assert_worker_sends_pass('text/plain MIME allowed', 'text/plain', 'port.postMessage("PASS")');
     25 assert_worker_sends_pass('empty MIME allowed', '', 'port.postMessage("PASS")');
     26 
     27 // Communications goes both ways
     28 assert_worker_sends_pass('communication goes both ways', 'application/javascript', 'port.onmessage = function(e) { port.postMessage("PASS"); }');
     29 
     30 // test access to storage APIs
     31 
     32 // https://w3c.github.io/IndexedDB/#dom-idbfactory-open
     33 assert_worker_sends_pass('indexedDB is present', '', 'port.postMessage("indexedDB" in self ? "PASS" : "FAIL")');
     34 assert_worker_throws('indexedDB is inaccessible', 'self.indexedDB.open("someDBName")');
     35 // Other standardized storage APIs are either not exposed to workers
     36 // (e.g. window.localStorage, window.sessionStorage), or are [SecureContext]
     37 // (e.g. self.caches).
     38 
     39 // 'data:' workers are cross-origin
     40 assert_worker_sends_pass('cross-origin worker', '', 'fetch("/").then(() => port.postMessage("FAIL"), () => port.postMessage("PASS"))');
     41 
     42 // 'data:' workers have opaque origin
     43 assert_worker_sends_pass('worker has opaque origin', 'application/javascript', 'port.postMessage(self.location.origin == "null" ?  "PASS" : "FAIL")');
     44 
     45 function openWindow(url) {
     46  return new Promise(resolve => {
     47    const win = window.open(url, '_blank');
     48    add_completion_callback(() => win.close());
     49    window.onmessage = e => {
     50      assert_equals(e.data, 'LOADED');
     51      resolve(win);
     52    };
     53  });
     54 }
     55 
     56 promise_test(() => {
     57  const kWindowURL = 'data-url-shared-window.html';
     58  const kRemoteWindowURL = get_host_info().HTTP_REMOTE_ORIGIN +
     59                           '/workers/data-url-shared-window.html';
     60  return openWindow(kWindowURL)
     61    .then(win => {
     62        const channel = new MessageChannel;
     63        win.postMessage(channel.port1, '*', [channel.port1]);
     64        return new Promise(resolve => channel.port2.onmessage = resolve);
     65      })
     66    .then(msg_event => {
     67        assert_equals(msg_event.data, 1);
     68        return openWindow(kRemoteWindowURL);
     69      })
     70    .then(win => {
     71        const channel = new MessageChannel;
     72        win.postMessage(channel.port1, '*', [channel.port1]);
     73        return new Promise(resolve => channel.port2.onmessage = resolve);
     74      })
     75    .then(msg_event => assert_equals(msg_event.data, 1));
     76 }, 'A data: URL shared worker should not be shared among origins.');
     77 
     78 </script>