summaryrefslogtreecommitdiffstats
path: root/src/tests/tests/firstparties.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests/tests/firstparties.js')
-rw-r--r--src/tests/tests/firstparties.js167
1 files changed, 167 insertions, 0 deletions
diff --git a/src/tests/tests/firstparties.js b/src/tests/tests/firstparties.js
new file mode 100644
index 0000000..3560e04
--- /dev/null
+++ b/src/tests/tests/firstparties.js
@@ -0,0 +1,167 @@
+(function () {
+
+let destination = 'https://the.beach/';
+let fb_wrap = 'https://facebook.com/l.php?u=' + destination;
+let fb_xss = 'https://facebook.com/l.php?u=javascript://bad.site/%250Aalert(1)';
+let g_wrap = 'https://www.google.com/url?q=' + destination;
+let g_ping = '/url?url=' + destination;
+
+function makeLink(href) {
+ let element = document.createElement('a');
+ element.href = href;
+ element.rel = '';
+ return element;
+}
+
+function stub(elts, selector) {
+ document.querySelectorAllBefore = document.querySelectorAll;
+ window.setIntervalBefore = window.setInterval;
+ chrome.runtime.sendMessageBefore = chrome.runtime.sendMessage;
+
+ // Stub querySelectorAll so that any selector that includes `selector` will
+ // match all the elements in `elts`.
+ document.querySelectorAll = function (query) {
+ if (query.includes(selector)) {
+ return elts;
+ } else {
+ return document.querySelectorAllBefore(query);
+ }
+ };
+
+ // Stub runtime.sendMessage so that it returns `true` in response to the
+ // `checkEnabled` query.
+ chrome.runtime.sendMessage = function (message, callback) {
+ if (message.type == "checkEnabled") {
+ callback(true);
+ } else {
+ chrome.runtime.sendMessageBefore(message, callback);
+ }
+ };
+ window.setInterval = function () {};
+
+}
+
+function unstub() {
+ document.querySelectorAll = document.querySelectorAllBefore;
+ window.setInterval = window.setIntervalBefore;
+ chrome.runtime.sendMessage = chrome.runtime.sendMessageBefore;
+}
+
+QUnit.module('First parties');
+
+QUnit.test('facebook script unwraps valid links', (assert) => {
+ const NUM_CHECKS = 4,
+ done = assert.async();
+ assert.expect(NUM_CHECKS);
+
+ let fixture = document.getElementById('qunit-fixture');
+ let good_link = makeLink(fb_wrap);
+ let bad_link = makeLink(fb_xss);
+
+ // create first-party utility script
+ let util_script = document.createElement('script');
+ util_script.src = '../js/firstparties/lib/utils.js';
+
+ // create the content script
+ let fb_script = document.createElement('script');
+ fb_script.src = '../js/firstparties/facebook.js';
+ fb_script.onload = function() {
+ assert.equal(good_link.href, destination, 'unwrapped good link');
+ assert.ok(good_link.rel.includes('noreferrer'),
+ 'added noreferrer to good link');
+
+ assert.equal(bad_link.href, fb_xss, 'did not unwrap the XSS link');
+ assert.notOk(bad_link.rel.includes('noreferrer'),
+ 'did not change rel of XSS link');
+
+ unstub();
+ done();
+ };
+
+ // after the utility script has finished loading, add the content script
+ util_script.onload = function() {
+ fixture.append(fb_script);
+ };
+
+ stub([good_link, bad_link], '/l.php?');
+ fixture.appendChild(good_link);
+ fixture.appendChild(bad_link);
+ fixture.appendChild(util_script);
+});
+
+
+QUnit.test('google shim link unwrapping', (assert) => {
+ const NUM_CHECKS = 2,
+ done = assert.async();
+ assert.expect(NUM_CHECKS);
+
+ let fixture = document.getElementById('qunit-fixture');
+ let shim_link = makeLink(g_wrap);
+
+ // create first-party utility script
+ let util_script = document.createElement('script');
+ util_script.src = '../js/firstparties/lib/utils.js';
+
+ // create the content script
+ let g_script = document.createElement('script');
+ g_script.src = '../js/firstparties/google-static.js';
+ g_script.onload = function() {
+ assert.equal(shim_link.href, destination, 'unwrapped shim link');
+ assert.ok(shim_link.rel.includes('noreferrer'),
+ 'added noreferrer to shim link');
+
+ unstub();
+ done();
+ };
+
+ // after the utility script has finished loading, add the content script
+ util_script.onload = function() {
+ fixture.append(g_script);
+ };
+
+ stub([shim_link], '/url?');
+ fixture.appendChild(shim_link);
+ fixture.appendChild(util_script);
+});
+
+
+QUnit.test('google search de-instrumentation', (assert) => {
+ const NUM_CHECKS = 3,
+ done = assert.async();
+ assert.expect(NUM_CHECKS);
+
+ let fixture = document.getElementById('qunit-fixture');
+ let ff_link = makeLink(destination);
+ ff_link.onmousedown = 'return rwt(this, foobar);';
+ let chrome_link = makeLink(destination);
+ chrome_link.ping = g_ping;
+
+ // create first-party utility script
+ let util_script = document.createElement('script');
+ util_script.src = '../js/firstparties/lib/utils.js';
+
+ // create the content script
+ let g_script = document.createElement('script');
+ g_script.src = '../js/firstparties/google-search.js';
+ g_script.onload = function() {
+ assert.notOk(ff_link.onmousedown, 'removed mouseDown event from ff link');
+ assert.ok(ff_link.rel.includes('noreferrer'), 'added noreferrer to link');
+
+ assert.notOk(chrome_link.ping, 'removed ping attr from chrome link');
+
+ unstub();
+ done();
+ };
+
+ // after the utility script has finished loading, add the content script
+ util_script.onload = function() {
+ fixture.append(g_script);
+ };
+
+ stub([ff_link, chrome_link], 'onmousedown^=');
+ fixture.appendChild(ff_link);
+ fixture.appendChild(chrome_link);
+ fixture.appendChild(util_script);
+});
+
+}());
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 07:13:11 +0000