File: iframe-failed-commit.html

package info (click to toggle)
firefox 145.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,653,344 kB
  • sloc: cpp: 7,594,932; javascript: 6,459,612; ansic: 3,752,905; python: 1,403,433; xml: 629,811; asm: 438,677; java: 186,421; sh: 67,287; makefile: 19,169; objc: 13,086; perl: 12,982; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (114 lines) | stat: -rw-r--r-- 4,822 bytes parent folder | download | duplicates (14) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Resource Timing - test that unsuccessful iframes create entries</title>
<meta name="timeout" content="long">
<link rel="author" title="Google" href="http://www.google.com/" />
<link rel="help" href=
  "https://www.w3.org/TR/resource-timing-2/#resources-included-in-the-performanceresourcetiming-interface"/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/entry-invariants.js"></script>
<script src="resources/resource-loaders.js"></script>
<body>
<script>

// Like load.iframe but fetches the iframe under a "default-src 'none'"
// Content-Security-Policy.
const load_iframe_with_csp = async path => {
  return load.iframe_with_attrs(path, {"csp": "default-src 'none'"});
};

const load_iframe_with_csp_no_navigation = async path => {
  return load.iframe_with_attrs(path, {"csp": "default-src 'none'"}, () => {}, true);
}

// Runs a test (labeled by the given label) to verify that loading an iframe
// with the given URL generates a PerformanceResourceTiming entry and that the
// entry does not expose sensitive timing attributes.
const masked_entry_test = (url, label) => {
  return attribute_test(load.iframe, url,
    invariants.assert_tao_failure_resource, label);
};

// Runs a test (labeled by the given label) to verify that loading an iframe
// with the given URL generates a PerformanceResourceTiming entry and that the
// entry does expose sensitive timing attributes.
const unmasked_entry_with_csp_test = (url, label) => {
  return attribute_test(load_iframe_with_csp, url,
    invariants.assert_tao_pass_no_redirect_http, label);
};

// Runs a test (labeled by the given label) to verify that loading an iframe
// with the given URL under a "default-src 'none' Content-Security-Policy
// generates a PerformanceResourceTiming entry and that the entry does not
// expose sensitive timing attributes.
const masked_entry_with_csp_test = (url, label) => {
  return attribute_test(load_iframe_with_csp, url,
    invariants.assert_tao_failure_resource, label);
};

// Runs a test (labeled by the given label) to verify that loading an iframe
// with the given URL under a "default-src 'none' Content-Security-Policy
// generates a PerformanceResourceTiming entry and that the entry does not
// expose sensitive timing attributes.
const non_navigating_masked_entry_with_csp_test = (url, label) => {
  return attribute_test(load_iframe_with_csp_no_navigation, url,
    invariants.assert_tao_failure_resource, label);
};

const {REMOTE_ORIGIN, ORIGINAL_HOST, HTTPS_PORT} = get_host_info();
const unhosted_url = `https://nonexistent.${ORIGINAL_HOST}:${HTTPS_PORT}/`;

masked_entry_test(
  unhosted_url,
  "Test iframe from non-existent host gets reported");

masked_entry_test(
  "/resource-timing/resources/fake_responses.py?redirect=" + unhosted_url,
  "Test iframe redirecting to non-existent host gets reported");

unmasked_entry_with_csp_test("/resource-timing/resources/csp-default-none.html",
  "Same-origin iframe that complies with CSP attribute gets reported");

// masked because this will load an error page which is cross-origin.
masked_entry_with_csp_test("/resource-timing/resources/green-frame.html",
  "Same-origin iframe that doesn't comply with CSP attribute gets reported");

masked_entry_with_csp_test(
  new URL("/resource-timing/resources/csp-default-none.html", REMOTE_ORIGIN),
  "Cross-origin iframe that complies with CSP attribute gets reported");

masked_entry_with_csp_test(
  new URL("/resource-timing/resources/green-frame.html", REMOTE_ORIGIN),
  "Cross-origin iframe that doesn't comply with CSP attribute gets reported");

masked_entry_with_csp_test(
  "/resource-timing/resources/200_empty.asis",
  "Same-origin empty iframe with a 200 status gets reported");

masked_entry_with_csp_test(
  new URL("/resource-timing/resources/200_empty.asis", REMOTE_ORIGIN),
  "Cross-origin empty iframe with a 200 status gets reported");

non_navigating_masked_entry_with_csp_test(
    new URL("/resource-timing/resources/204_empty.asis", location.origin),
    "Same-origin empty iframe with a 204 status gets reported");

non_navigating_masked_entry_with_csp_test(
    new URL("/resource-timing/resources/205_empty.asis", location.origin),
    "Same-origin empty iframe with a 205 status gets reported");

non_navigating_masked_entry_with_csp_test(
    new URL("/resource-timing/resources/204_empty.asis", REMOTE_ORIGIN),
    "Cross-origin empty iframe with a 204 status gets reported");

non_navigating_masked_entry_with_csp_test(
    new URL("/resource-timing/resources/205_empty.asis", REMOTE_ORIGIN),
    "Cross-origin empty iframe with a 205 status gets reported");

</script>
</body>
</html>