File: disallowed-navigations-dangling-markup-urn.https.html

package info (click to toggle)
firefox-esr 115.15.0esr-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 3,659,216 kB
  • sloc: cpp: 6,676,686; javascript: 5,690,965; ansic: 3,328,546; python: 1,120,594; asm: 397,163; xml: 180,531; java: 178,838; sh: 68,930; makefile: 20,999; perl: 12,595; objc: 12,561; yacc: 4,583; cs: 3,846; pascal: 2,840; lex: 1,720; ruby: 1,079; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (64 lines) | stat: -rw-r--r-- 2,457 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
<!DOCTYPE html>
<title>Fenced frame disallowed navigations with potentially-dangling markup</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="resources/utils.js"></script>
<script src="/fetch/local-network-access/resources/support.sub.js"></script>
<script src="resources/dangling-markup-helper.js"></script>

<body>

<script>
// These tests assert that fenced frames cannot be navigated to a urn:uuid URL
// that represents an HTTPS URLs with dangling markup.
for (const substring of kDanglingMarkupSubstrings) {
  promise_test(async t => {
    const key = token();

    // Copied from from `generateURNFromFlege()`, since we have to modify the
    // final URL that goes into `interestGroup.ads[0].renderUrl` for
    // `navigator.joinAdInterestGroup()`.
    const bidding_token = token();
    const seller_token = token();

    let url_string = generateURL("resources/report-url.html?blocked",
                                 [key]).toString();
    url_string = url_string.replace("blocked", substring);

    const interestGroup = {
      name: 'testAd1',
      owner: location.origin,
      biddingLogicUrl: new URL(FLEDGE_BIDDING_URL, location.origin),
      ads: [{renderUrl: url_string, bid: 1}],
      userBiddingSignals: {biddingToken: bidding_token},
      trustedBiddingSignalsKeys: ['key1'],
      adComponents: [],
    };

    // Pick an arbitrarily high duration to guarantee that we never leave the
    // ad interest group while the test runs.
    navigator.joinAdInterestGroup(interestGroup, /*durationSeconds=*/3000000);

    const auctionConfig = {
      seller: location.origin,
      interestGroupBuyers: [location.origin],
      decisionLogicUrl: new URL(FLEDGE_DECISION_URL, location.origin),
      auctionSignals: {biddingToken: bidding_token, sellerToken: seller_token},
    };

    const urn = await navigator.runAdAuction(auctionConfig);

    const fencedframe = attachFencedFrame(urn);
    const loaded_promise = nextValueFromServer(key);
    const result = await Promise.any([loaded_promise, getTimeoutPromise(t)]);
    assert_equals(result, "NOT LOADED");
  }, `fenced frame opaque URN => https: URL with dangling markup '${substring}'`);
}

</script>

</body>