diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /toolkit/components/antitracking/test/browser/browser_partitionkey_bloburl.js | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'toolkit/components/antitracking/test/browser/browser_partitionkey_bloburl.js')
-rw-r--r-- | toolkit/components/antitracking/test/browser/browser_partitionkey_bloburl.js | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/toolkit/components/antitracking/test/browser/browser_partitionkey_bloburl.js b/toolkit/components/antitracking/test/browser/browser_partitionkey_bloburl.js new file mode 100644 index 0000000000..3dc3f36742 --- /dev/null +++ b/toolkit/components/antitracking/test/browser/browser_partitionkey_bloburl.js @@ -0,0 +1,193 @@ +const BASE_URI = + "https://example.net/browser/toolkit/components/antitracking/test/browser/blobPartitionPage.html"; +const EMPTY_URI = + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + "https://example.com/browser/toolkit/components/antitracking/test/browser/empty.html"; + +add_setup(async function () { + await SpecialPowers.pushPrefEnv({ + set: [["privacy.partition.bloburl_per_partition_key", true]], + }); +}); + +// Ensuring Blob URL cannot be resolved under a different +// top-level domain other than its original creation top-level domain +add_task(async function test_different_tld_with_iframe() { + let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI); + let browser1 = gBrowser.getBrowserForTab(tab1); + let blobURL = await SpecialPowers.spawn(browser1, [], function () { + return content.URL.createObjectURL(new content.Blob(["hello world!"])); + }); + + let tab2 = await BrowserTestUtils.openNewForegroundTab(gBrowser, EMPTY_URI); + let browser2 = gBrowser.getBrowserForTab(tab2); + + await SpecialPowers.spawn( + browser2, + [ + { + page: BASE_URI, + blob: blobURL, + }, + ], + async obj => { + let ifr = content.document.createElement("iframe"); + ifr.setAttribute("id", "ifr"); + ifr.setAttribute("src", obj.page); + + info("Iframe loading..."); + await new content.Promise(resolve => { + ifr.onload = resolve; + content.document.body.appendChild(ifr); + }); + + let value = await new content.Promise(resolve => { + content.addEventListener( + "message", + e => { + resolve(e.data == "error"); + }, + { once: true } + ); + ifr.contentWindow.postMessage(obj.blob, "*"); + }); + + ok(value, "Blob URL was unable to be resolved"); + } + ); + + BrowserTestUtils.removeTab(tab1); + BrowserTestUtils.removeTab(tab2); +}); + +// Ensuring if Blob URL can be resolved if a domain1 creates a blob URL +// and domain1 trys to resolve blob URL within an iframe of itself +add_task(async function test_same_tld_with_iframe() { + let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI); + let browser1 = gBrowser.getBrowserForTab(tab1); + let blobURL = await SpecialPowers.spawn(browser1, [], function () { + return content.URL.createObjectURL(new content.Blob(["hello world!"])); + }); + + let tab2 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI); + let browser2 = gBrowser.getBrowserForTab(tab2); + + await SpecialPowers.spawn( + browser2, + [ + { + page: BASE_URI, + blob: blobURL, + }, + ], + async obj => { + let ifr = content.document.createElement("iframe"); + ifr.setAttribute("id", "ifr"); + ifr.setAttribute("src", obj.page); + + info("Iframe loading..."); + await new content.Promise(resolve => { + ifr.onload = resolve; + content.document.body.appendChild(ifr); + }); + + let value = await new content.Promise(resolve => { + content.addEventListener( + "message", + e => { + resolve(e.data == "hello world!"); + }, + { once: true } + ); + ifr.contentWindow.postMessage(obj.blob, "*"); + }); + + ok(value, "Blob URL was able to be resolved"); + } + ); + + BrowserTestUtils.removeTab(tab1); + BrowserTestUtils.removeTab(tab2); +}); + +// Ensuring Blob URL can be resolved in an iframe +// under the same top-level domain where it creates. +add_task(async function test_no_iframes_same_tld() { + let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI); + let browser1 = gBrowser.getBrowserForTab(tab1); + + let blobURL = await SpecialPowers.spawn(browser1, [], function () { + return content.URL.createObjectURL(new content.Blob(["hello world!"])); + }); + + let tab2 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI); + let browser2 = gBrowser.getBrowserForTab(tab2); + + let status = await SpecialPowers.spawn( + browser2, + [blobURL], + function (blobURL) { + return new content.Promise(resolve => { + var xhr = new content.XMLHttpRequest(); + xhr.open("GET", blobURL); + xhr.onloadend = function () { + resolve(xhr.response == "hello world!"); + }; + + xhr.send(); + }); + } + ); + + ok(status, "Blob URL was able to be resolved"); + + BrowserTestUtils.removeTab(tab1); + BrowserTestUtils.removeTab(tab2); +}); + +// Ensuring Blob URL can be resolved in a sandboxed +// iframe under the top-level domain where it creates. +add_task(async function test_same_tld_with_iframe() { + let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI); + let browser1 = gBrowser.getBrowserForTab(tab1); + let blobURL = await SpecialPowers.spawn(browser1, [], function () { + return content.URL.createObjectURL(new content.Blob(["hello world!"])); + }); + + await SpecialPowers.spawn( + browser1, + [ + { + page: BASE_URI, + blob: blobURL, + }, + ], + async obj => { + let ifr = content.document.createElement("iframe"); + ifr.setAttribute("id", "ifr"); + ifr.setAttribute("sandbox", "allow-scripts allow-same-origin"); + ifr.setAttribute("src", obj.page); + + info("Iframe loading..."); + await new content.Promise(resolve => { + ifr.onload = resolve; + content.document.body.appendChild(ifr); + }); + + let value = await new content.Promise(resolve => { + content.addEventListener( + "message", + e => { + resolve(e.data == "hello world!"); + }, + { once: true } + ); + ifr.contentWindow.postMessage(obj.blob, "*"); + }); + + ok(value, "Blob URL was able to be resolved"); + } + ); + + BrowserTestUtils.removeTab(tab1); +}); |