Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

const BASE_URI =
const EMPTY_URI =
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
add_setup(async function () {
await SpecialPowers.pushPrefEnv({
set: [["privacy.partition.bloburl_per_partition_key", true]],
});
});
// Ensuring Blob URL cannot be resolved under a different
// top-level domain other than its original creation top-level domain
add_task(async function test_different_tld_with_iframe() {
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);
let browser1 = gBrowser.getBrowserForTab(tab1);
let blobURL = await SpecialPowers.spawn(browser1, [], function () {
return content.URL.createObjectURL(new content.Blob(["hello world!"]));
});
let tab2 = await BrowserTestUtils.openNewForegroundTab(gBrowser, EMPTY_URI);
let browser2 = gBrowser.getBrowserForTab(tab2);
await SpecialPowers.spawn(
browser2,
[
{
page: BASE_URI,
blob: blobURL,
},
],
async obj => {
let ifr = content.document.createElement("iframe");
ifr.setAttribute("id", "ifr");
ifr.setAttribute("src", obj.page);
info("Iframe loading...");
await new content.Promise(resolve => {
ifr.onload = resolve;
content.document.body.appendChild(ifr);
});
let value = await new content.Promise(resolve => {
content.addEventListener(
"message",
e => {
resolve(e.data == "error");
},
{ once: true }
);
ifr.contentWindow.postMessage(obj.blob, "*");
});
ok(value, "Blob URL was unable to be resolved");
}
);
BrowserTestUtils.removeTab(tab1);
BrowserTestUtils.removeTab(tab2);
});
// Ensuring if Blob URL can be resolved if a domain1 creates a blob URL
// and domain1 trys to resolve blob URL within an iframe of itself
add_task(async function test_same_tld_with_iframe() {
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);
let browser1 = gBrowser.getBrowserForTab(tab1);
let blobURL = await SpecialPowers.spawn(browser1, [], function () {
return content.URL.createObjectURL(new content.Blob(["hello world!"]));
});
let tab2 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);
let browser2 = gBrowser.getBrowserForTab(tab2);
await SpecialPowers.spawn(
browser2,
[
{
page: BASE_URI,
blob: blobURL,
},
],
async obj => {
let ifr = content.document.createElement("iframe");
ifr.setAttribute("id", "ifr");
ifr.setAttribute("src", obj.page);
info("Iframe loading...");
await new content.Promise(resolve => {
ifr.onload = resolve;
content.document.body.appendChild(ifr);
});
let value = await new content.Promise(resolve => {
content.addEventListener(
"message",
e => {
resolve(e.data == "hello world!");
},
{ once: true }
);
ifr.contentWindow.postMessage(obj.blob, "*");
});
ok(value, "Blob URL was able to be resolved");
}
);
BrowserTestUtils.removeTab(tab1);
BrowserTestUtils.removeTab(tab2);
});
// Ensuring Blob URL can be resolved in an iframe
// under the same top-level domain where it creates.
add_task(async function test_no_iframes_same_tld() {
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);
let browser1 = gBrowser.getBrowserForTab(tab1);
let blobURL = await SpecialPowers.spawn(browser1, [], function () {
return content.URL.createObjectURL(new content.Blob(["hello world!"]));
});
let tab2 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);
let browser2 = gBrowser.getBrowserForTab(tab2);
let status = await SpecialPowers.spawn(
browser2,
[blobURL],
function (blobURL) {
return new content.Promise(resolve => {
var xhr = new content.XMLHttpRequest();
xhr.open("GET", blobURL);
xhr.onloadend = function () {
resolve(xhr.response == "hello world!");
};
xhr.send();
});
}
);
ok(status, "Blob URL was able to be resolved");
BrowserTestUtils.removeTab(tab1);
BrowserTestUtils.removeTab(tab2);
});
// Ensuring Blob URL can be resolved in a sandboxed
// iframe under the top-level domain where it creates.
add_task(async function test_same_tld_with_iframe() {
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);
let browser1 = gBrowser.getBrowserForTab(tab1);
let blobURL = await SpecialPowers.spawn(browser1, [], function () {
return content.URL.createObjectURL(new content.Blob(["hello world!"]));
});
await SpecialPowers.spawn(
browser1,
[
{
page: BASE_URI,
blob: blobURL,
},
],
async obj => {
let ifr = content.document.createElement("iframe");
ifr.setAttribute("id", "ifr");
ifr.setAttribute("sandbox", "allow-scripts allow-same-origin");
ifr.setAttribute("src", obj.page);
info("Iframe loading...");
await new content.Promise(resolve => {
ifr.onload = resolve;
content.document.body.appendChild(ifr);
});
let value = await new content.Promise(resolve => {
content.addEventListener(
"message",
e => {
resolve(e.data == "hello world!");
},
{ once: true }
);
ifr.contentWindow.postMessage(obj.blob, "*");
});
ok(value, "Blob URL was able to be resolved");
}
);
BrowserTestUtils.removeTab(tab1);
});