File: opaque-script.https.html

package info (click to toggle)
thunderbird 1%3A128.14.0esr-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,334,824 kB
  • sloc: cpp: 7,391,917; javascript: 5,617,271; ansic: 3,833,216; python: 1,230,742; xml: 619,690; asm: 456,022; java: 179,892; sh: 118,796; makefile: 21,908; perl: 14,825; objc: 12,399; yacc: 4,583; pascal: 2,973; lex: 1,720; ruby: 1,190; exp: 762; sql: 674; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10
file content (71 lines) | stat: -rw-r--r-- 2,988 bytes parent folder | download | duplicates (27) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
<!doctype html>
<title>Cache Storage: verify scripts loaded from cache_storage are marked opaque</title>
<link rel="help" href="https://w3c.github.io/ServiceWorker/#cache-interface">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="resources/testharness-helpers.js"></script>
<script src="resources/test-helpers.sub.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script>
'use strict';

const SW_URL = 'resources/opaque-script-sw.js';
const BASE_SCOPE = './resources/opaque-script-frame.html';
const SAME_ORIGIN_BASE = new URL('./resources/', self.location.href).href;
const CROSS_ORIGIN_BASE = new URL('./resources/',
    get_host_info().HTTPS_REMOTE_ORIGIN + base_path()).href;

function wait_for_error() {
  return new Promise(resolve => {
    self.addEventListener('message', function messageHandler(evt) {
      if (evt.data.type !== 'ErrorEvent')
        return;
      self.removeEventListener('message', messageHandler);
      resolve(evt.data.msg);
    });
  });
}

// Load an iframe that dynamically adds a script tag that is
// same/cross origin and large/small.  It then calls a function
// defined in that loaded script that throws an unhandled error.
// The resulting message exposed in the global onerror handler
// is reported back from this function.  Opaque cross origin
// scripts should not expose the details of the uncaught exception.
async function get_error_message(t, mode, size) {
  const script_base = mode === 'same-origin' ? SAME_ORIGIN_BASE
                                             : CROSS_ORIGIN_BASE;
  const script = script_base + `opaque-script-${size}.js`;
  const scope = BASE_SCOPE + `?script=${script}`;
  const reg = await service_worker_unregister_and_register(t, SW_URL, scope);
  t.add_cleanup(_ => reg.unregister());
  assert_true(!!reg.installing);
  await wait_for_state(t, reg.installing, 'activated');
  const error_promise = wait_for_error();
  const f = await with_iframe(scope);
  t.add_cleanup(_ => f.remove());
  const error = await error_promise;
  return error;
}

promise_test(async t => {
  const error = await get_error_message(t, 'same-origin', 'small');
  assert_true(error.includes('Intentional error'));
}, 'Verify small same-origin cache_storage scripts are not opaque.');

promise_test(async t => {
  const error = await get_error_message(t, 'same-origin', 'large');
  assert_true(error.includes('Intentional error'));
}, 'Verify large same-origin cache_storage scripts are not opaque.');

promise_test(async t => {
  const error = await get_error_message(t, 'cross-origin', 'small');
  assert_false(error.includes('Intentional error'));
}, 'Verify small cross-origin cache_storage scripts are opaque.');

promise_test(async t => {
  const error = await get_error_message(t, 'cross-origin', 'large');
  assert_false(error.includes('Intentional error'));
}, 'Verify large cross-origin cache_storage scripts are opaque.');

</script>