Commit 090091f8 authored by Arthur Edelstein's avatar Arthur Edelstein Committed by Georg Koppen
Browse files

Bug #15502, Part 2: Regression tests for blob URL isolation

parent 7a8d11b1

dom/base/test/bug15502_page_blobify.html

0 → 100644
+26 −0
Original line number Diff line number Diff line 
<!DOCTYPE HTML>

<html>

<!--

https://bugs.torproject.org/15502

-->

<head>

  <meta http-equiv="content-type" content="text/html; charset=utf-8">

  <title>Page blobifier for Tor Browser Bug 15502</title>

  <script type="text/javascript;version=1.7" src="bug15502_utils.js"></script>

</head>

<body>

<div id="display" style="white-space:pre; font-family:monospace; display:inline;"></div>



<script type="text/javascript;version=1.7">



Task.spawn(function* () {

  sendMessage(window.parent, "ready");

  let message = yield receiveMessage(window.parent),

      blobURL = stringToBlobURL(message);

  sendMessage(window.parent, blobURL);

  appendLine("display", message + " -> " + blobURL);

});



</script>

</body>

</html>

dom/base/test/bug15502_page_deblobify.html

0 → 100644
+31 −0
Original line number Diff line number Diff line 
<!DOCTYPE HTML>

<html>

<!--

https://bugs.torproject.org/15502

-->

<head>

  <meta http-equiv="content-type" content="text/html; charset=utf-8">

  <title>Page deblobifier for Tor Browser Bug 15502</title>

  <script type="text/javascript;version=1.7" src="bug15502_utils.js"></script>

</head>

<body>

<div id="display" style="white-space:pre; font-family:monospace; display:inline;"></div>



<script type="text/javascript;version=1.7">



Task.spawn(function* () {

  sendMessage(window.parent, "ready");

  let blobURL = yield receiveMessage(window.parent),

      string;

  try {

    string = yield blobURLtoString(blobURL);

  } catch (e) {

    string = e.message;

  }

  sendMessage(window.parent, string);

  appendLine("display", blobURL + " -> " + string);

});



</script>

</body>

</html>

dom/base/test/bug15502_tab.html

0 → 100644
+39 −0
Original line number Diff line number Diff line 
<!DOCTYPE HTML>

<html>

<!--

https://bugs.torproject.org/15502

-->

<head>

  <meta http-equiv="content-type" content="text/html; charset=utf-8">

  <title>Tab for Tor Browser Bug 15502</title>

  <script type="text/javascript;version=1.7" src="bug15502_utils.js"></script>

</head>

<body>



<div id="display"></div>

<iframe id="child" width="100%"></iframe>



<script type="text/javascript;version=1.7">



let iframe = document.getElementById("child");



let connect = function (sourceObject, destinationObject) {

  Task.spawn(function* () {

    for (;;) {

      let message = yield receiveMessage(sourceObject);

      sendMessage(destinationObject, message);

    }

  });

};



Task.spawn(function* () {

  sendMessage(window.opener, "ready");

  let firstParentMessage = yield receiveMessage(window.opener);

  iframe.src = firstParentMessage;

  connect(window.opener, iframe.contentWindow);

  connect(iframe.contentWindow, window.opener);

});

</script>



</body>

</html>

dom/base/test/bug15502_utils.js

0 → 100644
+104 −0
Original line number Diff line number Diff line 
// Import Task.jsm

let { Task } = SpecialPowers.Cu.import("resource://gre/modules/Task.jsm");



// __listen(target, eventType, timeoutMs, useCapture)__.

// Calls addEventListener on target, with the given eventType.

// Returns a Promise that resolves to an Event object, if the event fires.

// If a timeout occurs, then Promise is rejected with a "Timed out" error.

// For use with Task.jsm.

let listen = function (target, eventType, timeoutMs, useCapture) {

  return new Promise(function (resolve, reject) {

    let listenFunction = function (event) {

      target.removeEventListener(eventType, listenFunction, useCapture);

      resolve(event);

    };

    target.addEventListener(eventType, listenFunction, useCapture);

    setTimeout(() => reject(new Error("Timed out")), timeoutMs);

  });

};



// __receiveMessage(source)__.

// Returns an event object for the next message received from source.

// A Task.jsm coroutine.

let receiveMessage = function* (source) {

  let event;

  do {

    event = yield listen(self, "message", 5000, false);

  } while (event.source !== source);

  return event.data;

};



// __sendMessage(destination, message)__.

// Sends a message to destination.

let sendMessage = function (destination, message) {

  destination.postMessage(message, "*");

};



// __appendLine(id, lineString)__.

// Add a line of text to the innerHTML of element with id.

let appendLine = function (id, lineString) {

  document.getElementById(id).innerHTML += lineString + "\n";

};



// __xhr(method, url, responseType__.

// A simple async XMLHttpRequest call.

// Returns a promise with the response.

let xhr = function (method, url, responseType) {

  return new Promise(function (resolve, reject) {

    let xhr = new XMLHttpRequest();

    xhr.open(method, url, true);

    xhr.onload = function () {

      resolve(xhr.response);

    };

    xhr.responseType = responseType;

    xhr.send();

  });

};



// __blobURLtoBlob(blobURL)__.

// Asynchronously retrieves a blob object

// from a blob URL. Returns a promise.

let blobURLtoBlob = function (blobURL) {

  return xhr("GET", blobURL, "blob");

};



// __blobToString(blob)__.

// Asynchronously reads the contents

// of a blob object into a string. Returns a promise.

let blobToString = function (blob) {

  return new Promise(function (resolve, reject) {

    let fileReader = new FileReader();

    fileReader.onload = function () {

      resolve(fileReader.result);

    };

    fileReader.readAsText(blob);

  });

};



// __blobURLtoString(blobURL)__.

// Asynchronous coroutine that takes a blobURL

// and returns the contents in a string.

let blobURLtoString = function* (blobURL) {

  let blob = yield blobURLtoBlob(blobURL);

  return yield blobToString(blob);

};



// __stringToBlobURL(s)__.

// Converts string s into a blob, and returns

// a blob URL.

let stringToBlobURL = function (s) {

  let blob = new Blob([s]);

  return URL.createObjectURL(blob);

};



// __workerIO(scriptFile, inputString)__.

// Sends inputString for the worker, and waits

// for the worker to return an outputString.

// Task.jsm coroutine.

let workerIO = function* (scriptFile, inputString) {

  let worker = new Worker(scriptFile);

  worker.postMessage(inputString);

  let result = yield listen(worker, "message", 5000, false);

  worker.terminate();

  return result.data;

};

dom/base/test/bug15502_worker_blobify.html

0 → 100644
+28 −0
Original line number Diff line number Diff line 
<!DOCTYPE HTML>

<html>

<!--

https://bugs.torproject.org/15502

-->

<head>

  <meta http-equiv="content-type" content="text/html; charset=utf-8">

  <title>Worker blobifier for Tor Browser Bug 15502</title>

  <script type="text/javascript;version=1.7" src="bug15502_utils.js"></script>

</head>

<body>

<div id="display" style="white-space:pre; font-family:monospace; display:inline;"></div>



<pre id="test">

<script type="text/javascript;version=1.7">



Task.spawn(function* () {

  sendMessage(window.parent, "ready");

  let message = yield receiveMessage(window.parent),

      blobURL = yield workerIO("bug15502_worker_blobify.js", message);

  sendMessage(window.parent, blobURL);

  appendLine("display", message + " -> " + blobURL);

});



</script>

</pre>

</body>

</html>