[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor-browser] 19/73: Bug 1772290 - tests, r=smaug a=test-only
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch geckoview-102.3.0esr-12.0-1
in repository tor-browser.
commit 302870fce229a5556c0f8f94b424bd79761233c4
Author: Paul Zuehlcke <pbz@xxxxxxxxxxx>
AuthorDate: Mon Aug 15 11:45:20 2022 +0000
Bug 1772290 - tests, r=smaug a=test-only
Depends on D146914
Differential Revision: https://phabricator.services.mozilla.com/D146915
---
docshell/test/browser/browser.ini | 4 ++
.../browser_csp_sandbox_no_script_js_uri.js | 55 ++++++++++++++++++++++
.../browser/file_csp_sandbox_no_script_js_uri.html | 11 +++++
...file_csp_sandbox_no_script_js_uri.html^headers^ | 1 +
4 files changed, 71 insertions(+)
diff --git a/docshell/test/browser/browser.ini b/docshell/test/browser/browser.ini
index cbedf66c17f71..6f38846db04fd 100644
--- a/docshell/test/browser/browser.ini
+++ b/docshell/test/browser/browser.ini
@@ -141,6 +141,10 @@ skip-if = verify
[browser_bug852909.js]
skip-if = (verify && debug && (os == 'win'))
[browser_bug92473.js]
+[browser_csp_sandbox_no_script_js_uri.js]
+support-files =
+ file_csp_sandbox_no_script_js_uri.html
+ file_csp_sandbox_no_script_js_uri.html^headers^
[browser_data_load_inherit_csp.js]
[browser_dataURI_unique_opaque_origin.js]
[browser_fission_maxOrigins.js]
diff --git a/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js b/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js
new file mode 100644
index 0000000000000..d0b92084ec4c3
--- /dev/null
+++ b/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js
@@ -0,0 +1,55 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const TEST_PATH = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "https://example.com"
+);
+
+/**
+ * Test that javascript URIs in CSP-sandboxed contexts can't be used to bypass
+ * script restrictions.
+ */
+add_task(async function test_csp_sandbox_no_script_js_uri() {
+ await BrowserTestUtils.withNewTab(
+ TEST_PATH + "dummy_page.html",
+ async browser => {
+ info("Register observer and wait for javascript-uri-blocked message.");
+ let observerPromise = SpecialPowers.spawn(browser, [], () => {
+ return new Promise(resolve => {
+ SpecialPowers.addObserver(function obs(subject) {
+ ok(
+ subject == content,
+ "Should block script spawned via javascript uri"
+ );
+ SpecialPowers.removeObserver(
+ obs,
+ "javascript-uri-blocked-by-sandbox"
+ );
+ resolve();
+ }, "javascript-uri-blocked-by-sandbox");
+ });
+ });
+
+ info("Spawn csp-sandboxed iframe with javascript URI");
+ let frameBC = await SpecialPowers.spawn(
+ browser,
+ [TEST_PATH + "file_csp_sandbox_no_script_js_uri.html"],
+ async url => {
+ let frame = content.document.createElement("iframe");
+ let loadPromise = ContentTaskUtils.waitForEvent(frame, "load", true);
+ frame.src = url;
+ content.document.body.appendChild(frame);
+ await loadPromise;
+ return frame.browsingContext;
+ }
+ );
+
+ info("Click javascript URI link in iframe");
+ BrowserTestUtils.synthesizeMouseAtCenter("a", {}, frameBC);
+ await observerPromise;
+ }
+ );
+});
diff --git a/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html
new file mode 100644
index 0000000000000..49341f7481f57
--- /dev/null
+++ b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html
@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta charset="utf-8">
+<title>Test Javascript URI with no script</title>
+</head>
+<body>
+<noscript>no scripts allowed here</noscript>
+<a href="javascript:alert(`origin=${origin} location=${location}`)" target="_parent">click me</a>
+</body>
+</html>
diff --git a/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html^headers^ b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html^headers^
new file mode 100644
index 0000000000000..461f7f99ce2c4
--- /dev/null
+++ b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html^headers^
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-same-origin allow-top-navigation;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits