[tor-commits] [tor-browser] 19/73: Bug 1772290 - tests, r=smaug a=test-only

Wed Sep 21 20:17:12 UTC 2022

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch geckoview-102.3.0esr-12.0-1
in repository tor-browser.

commit 302870fce229a5556c0f8f94b424bd79761233c4
Author: Paul Zuehlcke <pbz at mozilla.com>
AuthorDate: Mon Aug 15 11:45:20 2022 +0000

    Bug 1772290 - tests, r=smaug a=test-only
    
    Depends on D146914
    
    Differential Revision: https://phabricator.services.mozilla.com/D146915
---
 docshell/test/browser/browser.ini                  |  4 ++
 .../browser_csp_sandbox_no_script_js_uri.js        | 55 ++++++++++++++++++++++
 .../browser/file_csp_sandbox_no_script_js_uri.html | 11 +++++
 ...file_csp_sandbox_no_script_js_uri.html^headers^ |  1 +
 4 files changed, 71 insertions(+)

diff --git a/docshell/test/browser/browser.ini b/docshell/test/browser/browser.ini
index cbedf66c17f71..6f38846db04fd 100644
--- a/docshell/test/browser/browser.ini
+++ b/docshell/test/browser/browser.ini
@@ -141,6 +141,10 @@ skip-if = verify
 [browser_bug852909.js]
 skip-if = (verify && debug && (os == 'win'))
 [browser_bug92473.js]
+[browser_csp_sandbox_no_script_js_uri.js]
+support-files =
+  file_csp_sandbox_no_script_js_uri.html
+  file_csp_sandbox_no_script_js_uri.html^headers^
 [browser_data_load_inherit_csp.js]
 [browser_dataURI_unique_opaque_origin.js]
 [browser_fission_maxOrigins.js]
diff --git a/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js b/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js
new file mode 100644
index 0000000000000..d0b92084ec4c3
--- /dev/null
+++ b/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js
@@ -0,0 +1,55 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const TEST_PATH = getRootDirectory(gTestPath).replace(
+  "chrome://mochitests/content",
+  "https://example.com"
+);
+
+/**
+ * Test that javascript URIs in CSP-sandboxed contexts can't be used to bypass
+ * script restrictions.
+ */
+add_task(async function test_csp_sandbox_no_script_js_uri() {
+  await BrowserTestUtils.withNewTab(
+    TEST_PATH + "dummy_page.html",
+    async browser => {
+      info("Register observer and wait for javascript-uri-blocked message.");
+      let observerPromise = SpecialPowers.spawn(browser, [], () => {
+        return new Promise(resolve => {
+          SpecialPowers.addObserver(function obs(subject) {
+            ok(
+              subject == content,
+              "Should block script spawned via javascript uri"
+            );
+            SpecialPowers.removeObserver(
+              obs,
+              "javascript-uri-blocked-by-sandbox"
+            );
+            resolve();
+          }, "javascript-uri-blocked-by-sandbox");
+        });
+      });
+
+      info("Spawn csp-sandboxed iframe with javascript URI");
+      let frameBC = await SpecialPowers.spawn(
+        browser,
+        [TEST_PATH + "file_csp_sandbox_no_script_js_uri.html"],
+        async url => {
+          let frame = content.document.createElement("iframe");
+          let loadPromise = ContentTaskUtils.waitForEvent(frame, "load", true);
+          frame.src = url;
+          content.document.body.appendChild(frame);
+          await loadPromise;
+          return frame.browsingContext;
+        }
+      );
+
+      info("Click javascript URI link in iframe");
+      BrowserTestUtils.synthesizeMouseAtCenter("a", {}, frameBC);
+      await observerPromise;
+    }
+  );
+});
diff --git a/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html
new file mode 100644
index 0000000000000..49341f7481f57
--- /dev/null
+++ b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html
@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta charset="utf-8">
+<title>Test Javascript URI with no script</title>
+</head>
+<body>
+<noscript>no scripts allowed here</noscript>
+<a href="javascript:alert(`origin=${origin} location=${location}`)" target="_parent">click me</a>
+</body>
+</html>
diff --git a/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html^headers^ b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html^headers^
new file mode 100644
index 0000000000000..461f7f99ce2c4
--- /dev/null
+++ b/docshell/test/browser/file_csp_sandbox_no_script_js_uri.html^headers^
@@ -0,0 +1 @@
+Content-Security-Policy: sandbox allow-same-origin allow-top-navigation;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
