File: moving-between-documents-iframe.py

package info (click to toggle)
thunderbird 1%3A128.14.0esr-1~deb13u1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 4,334,960 kB
  • sloc: cpp: 7,391,917; javascript: 5,617,271; ansic: 3,833,216; python: 1,230,742; xml: 619,690; asm: 456,020; java: 179,892; sh: 118,796; makefile: 21,906; perl: 14,825; objc: 12,399; yacc: 4,583; pascal: 2,973; lex: 1,720; ruby: 1,190; exp: 762; sql: 674; awk: 580; php: 436; lisp: 430; sed: 70; csh: 10
file content (102 lines) | stat: -rw-r--r-- 2,777 bytes parent folder | download | duplicates (20) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
import random
import time

from wptserve.utils import isomorphic_decode


"""
This script serves
"""

def main(request, response):
  inlineOrExternal = request.GET.first(b"inlineOrExternal", b"null")
  hasBlockingStylesheet = request.GET.first(b"hasBlockingStylesheet", b"true") == b"true"
  result = request.GET.first(b"result", b"success")
  type = u"text/javascript" if request.GET.first(b"type", b"classic") == b"classic" else u"module"

  response.headers.set(b"Content-Type", b"text/html; charset=utf-8")
  response.headers.set(b"Transfer-Encoding", b"chunked")
  response.write_status_headers()

  # Step 1: Start parsing.
  body = u"""<!DOCTYPE html>
    <head>
      <script>
        parent.postMessage("fox", "*");
      </script>
  """

  if hasBlockingStylesheet:
    body += u"""
        <link rel="stylesheet" href="slow-flag-setter.py?result=css&cache=%f">
      """ % random.random()

  body += u"""
    </head>
    <body>
  """

  if inlineOrExternal == b"inline" or inlineOrExternal == b"external" or inlineOrExternal == b"empty-src":
        body += u"""
      <streaming-element>
    """

  # Trigger DOM processing
  body += u"A" * 100000

  response.writer.write(u"%x\r\n" % len(body))
  response.writer.write(body)
  response.writer.write(u"\r\n")

  body = u""

  if inlineOrExternal == b"inline":
    time.sleep(1)
    body += u"""
        <script id="s1" type="%s"
                onload="scriptOnLoad()"
                onerror="scriptOnError(event)">
        if (!window.readyToEvaluate) {
          window.didExecute = "executed too early";
        } else {
          window.didExecute = "executed";
        }
    """ % type
    if result == b"parse-error":
      body += u"1=2 parse error\n"

    body += u"""
        </script>
      </streaming-element>
    """
  elif inlineOrExternal == b"external":
    time.sleep(1)
    body += u"""
        <script id="s1" type="%s"
                src="slow-flag-setter.py?result=%s&cache=%s"
                onload="scriptOnLoad()"
                onerror="scriptOnError(event)"></script>
      </streaming-element>
    """ % (type, isomorphic_decode(result), random.random())
  elif inlineOrExternal == b"empty-src":
    time.sleep(1)
    body += u"""
        <script id="s1" type="%s"
                src=""
                onload="scriptOnLoad()"
                onerror="scriptOnError(event)"></script>
      </streaming-element>
    """ % (type,)

  #        // if readyToEvaluate is false, the script is probably
  #       // wasn't blocked by stylesheets as expected.

  # Trigger DOM processing
  body += u"B" * 100000

  response.writer.write(u"%x\r\n" % len(body))
  response.writer.write(body)
  response.writer.write(u"\r\n")

  response.writer.write(u"0\r\n")
  response.writer.write(u"\r\n")