[tor-bugs] #13053 [Quality Assurance and Testing]: Write regression tests for new NoScript options

Thu Sep 4 03:18:20 UTC 2014

#13053: Write regression tests for new NoScript options
-------------------------------------------+-----------------------
 Reporter:  mikeperry                      |          Owner:  boklm
     Type:  task                           |         Status:  new
 Priority:  normal                         |      Milestone:
Component:  Quality Assurance and Testing  |        Version:
 Keywords:  tbb-testcase                   |  Actual Points:
Parent ID:  #9387                          |         Points:
-------------------------------------------+-----------------------
 Giorgio recently introduced three NoScript options just for us:
 noscript.cascadePermissions, noscript.restrictSubdocScripting, and
 noscript.globalHttpsWhitelist.

 We intend to use these prefs to make it easier for people to use the
 security slider. The first two cause sub-scripts to be allowed on top-
 level sites for which the user allows scripts and blocked on top-level
 urls where scripting is blocked, and the third pref should allow HTTPS
 sub-scripts to run if and only if the url bar is also HTTPS.

 Because we're the only people widely using these prefs, we should write
 regression tests to ensure this functionality does not break in future
 NoScript releases.

 I am most concerned about the globalHTTPSWhitelist option, as I've already
 noticed some bugs. The cases we should test include:

 1. Do <script> elements that source https urls get blocked from http url
 bars, no matter what (even if those domains are in the NoScript whitelist)
 1. Does the same happen for iframes?
 1. Is the converse true? If we have an https:// url bar, do script
 elements to http:// urls for the same domain end up blocked?
 1. And for iframes as well?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13053>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online