The Tor Browser / file revision

browser/components/sessionstore/test/browser_911547.js@6474c204b198

browser/components/sessionstore/test/browser_911547.js

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 /* Any copyright is dedicated to the Public Domain.

     2    http://creativecommons.org/publicdomain/zero/1.0/ */

     3 

     4 // This tests that session restore component does restore the right content

     5 // security policy with the document.

     6 // The policy being tested disallows inline scripts

     7 

     8 function test() {

     9   TestRunner.run();

    10 }

    11 

    12 function runTests() {

    13   // create a tab that has a CSP

    14   let testURL = "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html";

    15   let tab = gBrowser.selectedTab = gBrowser.addTab(testURL);

    16   gBrowser.selectedTab = tab;

    17 

    18   let browser = tab.linkedBrowser;

    19   yield waitForLoad(browser);

    20 

    21   // this is a baseline to ensure CSP is active

    22   // attempt to inject and run a script via inline (pre-restore, allowed)

    23   injectInlineScript(browser,'document.getElementById("test_id").value = "fail";');

    24   is(browser.contentDocument.getElementById("test_id").value, "ok",

    25      "CSP should block the inline script that modifies test_id");

    26 

    27   // attempt to click a link to a data: URI (will inherit the CSP of the

    28   // origin document) and navigate to the data URI in the link.

    29   browser.contentDocument.getElementById("test_data_link").click();

    30   yield waitForLoad(browser);

    31 

    32   is(browser.contentDocument.getElementById("test_id2").value, "ok",

    33      "CSP should block the script loaded by the clicked data URI");

    34 

    35   // close the tab

    36   gBrowser.removeTab(tab);

    37 

    38   // open new tab and recover the state

    39   tab = ss.undoCloseTab(window, 0);

    40   yield waitForTabRestored(tab);

    41   browser = tab.linkedBrowser;

    42 

    43   is(browser.contentDocument.getElementById("test_id2").value, "ok",

    44      "CSP should block the script loaded by the clicked data URI after restore");

    45 

    46   // clean up

    47   gBrowser.removeTab(tab);

    48 }

    49 

    50 function waitForLoad(aElement) {

    51   aElement.addEventListener("load", function onLoad() {

    52     aElement.removeEventListener("load", onLoad, true);

    53     executeSoon(next);

    54   }, true);

    55 }

    56 

    57 function waitForTabRestored(aElement) {

    58   aElement.addEventListener("SSTabRestored", function tabRestored(e) {

    59     aElement.removeEventListener("SSTabRestored", tabRestored, true);

    60     executeSoon(next);

    61   }, true);

    62 }

    63 

    64 // injects an inline script element (with a text body)

    65 function injectInlineScript(browser, scriptText) {

    66   let scriptElt = browser.contentDocument.createElement("script");

    67   scriptElt.type = 'text/javascript';

    68   scriptElt.text = scriptText;

    69   browser.contentDocument.body.appendChild(scriptElt);

    70 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial