[tbb-commits] [tor-browser/tor-browser-31.4.0esr-4.5-1] Bug #13749.1: regression tests for first party isolation of localStorage
mikeperry at torproject.org
mikeperry at torproject.org
Wed Jan 14 16:40:50 UTC 2015
commit a447c129b1f779ffdb76c401176e38a2d0c58192
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date: Wed Dec 10 17:35:12 2014 -0800
Bug #13749.1: regression tests for first party isolation of localStorage
---
dom/tests/mochitest/localstorage/firstParty.html | 16 +++++
.../mochitest/localstorage/firstPartyInner.html | 25 +++++++
dom/tests/mochitest/localstorage/mochitest.ini | 3 +
.../test_localStorageByFirstParty.html | 73 ++++++++++++++++++++
4 files changed, 117 insertions(+)
diff --git a/dom/tests/mochitest/localstorage/firstParty.html b/dom/tests/mochitest/localstorage/firstParty.html
new file mode 100644
index 0000000..7bf2539
--- /dev/null
+++ b/dom/tests/mochitest/localstorage/firstParty.html
@@ -0,0 +1,16 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <script>
+ window.onload = function () {
+ var inner = document.getElementById("inner");
+ window.addEventListener("message", function (event) {
+ opener.postMessage(event.data, "http://mochi.test:8888");
+ });
+ inner.src = "http://example.net/tests/dom/tests/mochitest/localstorage/firstPartyInner.html" +
+ location.search + "&host=" + encodeURIComponent(location.protocol + "//" + location.host);
+ };
+ </script>
+ <body>
+ <div>firstParty.html</div>
+ <iframe id="inner" width=400 height=200></iframe>
+ </body>
+</html>
diff --git a/dom/tests/mochitest/localstorage/firstPartyInner.html b/dom/tests/mochitest/localstorage/firstPartyInner.html
new file mode 100644
index 0000000..1b24d2b
--- /dev/null
+++ b/dom/tests/mochitest/localstorage/firstPartyInner.html
@@ -0,0 +1,25 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <body>
+ <div>firstPartyInner.html</div>
+ <pre id="result"></pre>
+ <script>
+ var request = new URLSearchParams(location.search.substring(1)),
+ expected = request.get("expected"),
+ prescribed = request.get("prescribed"),
+ host = decodeURIComponent(request.get("host")),
+ found = localStorage.getItem("firstPartyTest"),
+ resultDiv = document.getElementById("result"),
+ show = function (x) { resultDiv.innerHTML += x + "\n"; };
+ show("host: " + host);
+ if (expected) {
+ show("expected: " + expected);
+ show("found: " + found);
+ }
+ if (prescribed) {
+ localStorage.setItem("firstPartyTest", prescribed);
+ show("wrote: " + prescribed);
+ }
+ parent.postMessage(expected ? (found === expected) : true, host);
+ </script>
+ </body>
+</html>
diff --git a/dom/tests/mochitest/localstorage/mochitest.ini b/dom/tests/mochitest/localstorage/mochitest.ini
index 3b3c50c..6d258f3 100644
--- a/dom/tests/mochitest/localstorage/mochitest.ini
+++ b/dom/tests/mochitest/localstorage/mochitest.ini
@@ -1,5 +1,7 @@
[DEFAULT]
support-files =
+ firstParty.html
+ firstPartyInner.html
frameAppIsolation.html
frameChromeSlave.html
frameKeySync.html
@@ -32,6 +34,7 @@ skip-if = toolkit=='gonk' # b2g(4 failures) b2g-debug(debug-only failure)
[test_localStorageBase.html]
skip-if = buildapp == 'b2g' || e10s # b2g(no storage chrome event received)
[test_localStorageBaseSessionOnly.html]
+[test_localStorageByFirstParty.html]
skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug))
[test_localStorageCookieSettings.html]
skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug))
diff --git a/dom/tests/mochitest/localstorage/test_localStorageByFirstParty.html b/dom/tests/mochitest/localstorage/test_localStorageByFirstParty.html
new file mode 100644
index 0000000..6858303
--- /dev/null
+++ b/dom/tests/mochitest/localstorage/test_localStorageByFirstParty.html
@@ -0,0 +1,73 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>localStorage by first party test</title>
+
+<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+<script type="application/javascript;version=1.7">
+
+// This series of unit tests ensures that, when the "privacy.thirdparty.isolate" pref
+// is set to 2 (active), we should have a separate localStorage for each first-party
+// (URL bar domain). If the pref is set to 0 (inactive), then two iframes with the
+// same origin but different first-party domains will share localStorage.
+
+let originalPrefValue = SpecialPowers.getIntPref("privacy.thirdparty.isolate");
+
+let mapToUriParameters = aMap =>
+ Object.keys(aMap).map(k => encodeURIComponent(k) + "=" +
+ encodeURIComponent(aMap[k])).join("&");
+
+let steps = [
+ // When first party isolation is turned off, we expect that DOM storage will be
+ // the same for two iframes at http://example.net.
+ { domain : "example.com", prescribed : "test1", pref : 0 },
+ { domain : "example.org", prescribed : "test2" },
+ { domain : "example.com", expected : "test2", prescribed : "test3" },
+ { domain : "example.org", expected : "test3", prescribed : "test4" },
+ // When first party isolation is turned on, we expect two separate DOM storage
+ // silos for two iframes both at http://example.net but contained in pages
+ // with different first party domains.
+ { domain : "example.com", prescribed : "test1", pref : 2 },
+ { domain : "example.org", prescribed : "test2" },
+ { domain : "example.com", expected : "test1", prescribed : "test3" },
+ { domain : "example.org", expected : "test2", prescribed : "test4" }
+];
+
+let runStep = function (i) {
+ if (i < steps.length) {
+ let step = steps[i],
+ { domain, pref } = step;
+ if (pref !== undefined) {
+ SpecialPowers.setIntPref("privacy.thirdparty.isolate", pref);
+ }
+ window.open("http://" + domain +
+ "/tests/dom/tests/mochitest/localstorage/firstParty.html?" +
+ mapToUriParameters(step), "_blank");
+ } else if (i == steps.length) {
+ SpecialPowers.setIntPref("privacy.thirdparty.isolate", originalPrefValue);
+ SimpleTest.finish();
+ }
+};
+
+let startTest = function () {
+ let i = 0;
+ window.addEventListener("message", function (event) {
+ // Get the result of the last step.
+ is(event.data, true, "correct DOM storage isolation");
+ // Run the next step.
+ runStep(++i);
+ });
+ runStep(0);
+};
+
+SimpleTest.waitForExplicitFinish();
+
+</script>
+
+</head>
+
+<body onload="startTest();">
+
+</body>
+</html>
More information about the tbb-commits
mailing list