[tbb-commits] [tor-browser/tor-browser-38.1.0esr-5.0-1] Bug #15703: Regression tests for isolation of mediasource URI

mikeperry at torproject.org mikeperry at torproject.org
Tue Jul 28 08:41:37 UTC 2015 

commit 2ae052be0e0cdcba4df89607002233ad3d1e6f11
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date:   Thu Jul 2 16:28:36 2015 -0700

    Bug #15703: Regression tests for isolation of mediasource URI
---
 dom/base/test/bug15703_page_create.html   |   28 +++++++++
 dom/base/test/bug15703_page_retrieve.html |   50 ++++++++++++++++
 dom/base/test/mochitest.ini               |    3 +
 dom/base/test/test_tor_bug15703.html      |   92 +++++++++++++++++++++++++++++
 4 files changed, 173 insertions(+)

diff --git a/dom/base/test/bug15703_page_create.html b/dom/base/test/bug15703_page_create.html
new file mode 100644
index 0000000..2325e6f
--- /dev/null
+++ b/dom/base/test/bug15703_page_create.html
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugs.torproject.org/15703
+-->
+<head>
+  <meta http-equiv="content-type" content="text/html; charset=utf-8">
+  <title>Page mediasource URI creator for Tor Browser Bug 15703</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
+  <script type="text/javascript;version=1.7" src="bug15502_utils.js"></script>
+</head>
+<body>
+<div id="display" style="white-space:pre; font-family:monospace; display:inline;"></div>
+
+<script type="text/javascript;version=1.7">
+
+spawnTask(function* () {
+  sendMessage(window.parent, "ready");
+  let message = yield receiveMessage(window.parent),
+      mediaSource = new MediaSource(),
+      mediaSourceURL = URL.createObjectURL(mediaSource);
+  sendMessage(window.parent, mediaSourceURL);
+  appendLine("display", message + " -> " + mediaSourceURL);
+});
+
+</script>
+</body>
+</html>
diff --git a/dom/base/test/bug15703_page_retrieve.html b/dom/base/test/bug15703_page_retrieve.html
new file mode 100644
index 0000000..de3e14f
--- /dev/null
+++ b/dom/base/test/bug15703_page_retrieve.html
@@ -0,0 +1,50 @@
+
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugs.torproject.org/15502
+-->
+<head>
+  <meta http-equiv="content-type" content="text/html; charset=utf-8">
+  <title>Page mediaSource retriever for Tor Browser Bug 15703</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
+  <script type="text/javascript;version=1.7" src="bug15502_utils.js"></script>
+</head>
+<body>
+<div id="display" style="white-space:pre; font-family:monospace; display:inline;"></div>
+<video id="testvideo"></video>
+<script type="text/javascript;version=1.7">
+
+let reportResult = function(mediaSourceURL, message) {
+  sendMessage(window.parent, message);
+  appendLine("display", mediaSourceURL + " -> " + message);
+};
+
+spawnTask(function* () {
+  // Tell the parent tab we are ready to start.
+  sendMessage(window.parent, "ready");
+  // Receive a mediaSourceURL. In a moment, we will
+  // use a video element to attempt to implicitly load
+  // the MediaSource object at this URL.
+  let mediaSourceURL = yield receiveMessage(window.parent);
+  // First create the video element.
+  let videoElement = document.getElementById("testvideo");
+  // If we are not able to load a MediaSource object
+  // at mediaSourceURL, then an error event will occur.
+  videoElement.addEventListener("error", function (e) {
+    reportResult(mediaSourceURL, "setting videoElement.src failed");
+  });
+  // If we do find a MediaSource object at mediaSourceURL,
+  // then a "stalled" event will occur, because the object
+  // has been found, but contains no content.
+  videoElement.addEventListener("stalled", function (e) {
+    reportResult(mediaSourceURL, "retrieved");
+  });
+  // Now attempt to load a MediaSource object by setting
+  // the video element's src to mediaSourceURL.
+  videoElement.src = mediaSourceURL;
+});
+
+</script>
+</body>
+</html>
diff --git a/dom/base/test/mochitest.ini b/dom/base/test/mochitest.ini
index dc5dfef..133348e 100644
--- a/dom/base/test/mochitest.ini
+++ b/dom/base/test/mochitest.ini
@@ -31,6 +31,8 @@ support-files =
   bug15502_worker_blobify.html
   bug15502_worker_deblobify.js
   bug15502_worker_deblobify.html
+  bug15703_page_create.html
+  bug15703_page_retrieve.html
   bug282547.sjs
   bug298064-subframe.html
   bug313646.txt
@@ -736,6 +738,7 @@ skip-if = toolkit == 'android' || e10s #RANDOM
 [test_textnode_split_in_selection.html]
 [test_title.html]
 [test_tor_bug15502.html]
+[test_tor_bug15703.html]
 [test_treewalker_nextsibling.xml]
 [test_viewport_scroll.html]
 [test_viewsource_forbidden_in_object.html]
diff --git a/dom/base/test/test_tor_bug15703.html b/dom/base/test/test_tor_bug15703.html
new file mode 100644
index 0000000..a0d3ae1
--- /dev/null
+++ b/dom/base/test/test_tor_bug15703.html
@@ -0,0 +1,92 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugs.torproject.org/15703
+-->
+<head>
+  <meta http-equiv="content-type" content="text/html; charset=utf-8">
+  <title>Test for Tor Browser Bug 15703</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
+  <script type="text/javascript;version=1.7" src="bug15502_utils.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content"></div>
+
+<script class="testbody" type="application/javascript;version=1.7">
+SimpleTest.waitForExplicitFinish();
+
+// __setPref(key, value)__.
+// Set a pref value asynchronously, returning a prmoise that resolves
+// when it succeeds.
+let setPref = function* (key, value) {
+  return new Promise(function(resolve, reject) {
+    SpecialPowers.pushPrefEnv({"set": [[key, value]]}, resolve);
+  });
+};
+
+// ## Testing constants
+let domain1 = "http://example.com",
+    domain2 = "http://example.net",
+    path = "/tests/dom/base/test/",
+    page_create = "bug15703_page_create.html",
+    page_retrieve = "bug15703_page_retrieve.html"
+    worker_create = "bug15703_worker_create.html",
+    worker_retrieve = "bug15703_worker_retrieve.html";
+
+// __tabIO(domain, child, input)__.
+// Open a tab at the given `domain` and `child` page. Post an
+// `input` message to the tab.
+let tabIO = function* (domain, child, input) {
+  tab = window.open(domain + path + "bug15502_tab.html", "_blank");
+  yield receiveMessage(tab); // ready message
+  sendMessage(tab, "http://example.org" + path + child);
+  yield receiveMessage(tab); // ready message
+  sendMessage(tab, input);
+  return yield receiveMessage(tab);
+};
+
+// __mediaSourceTest(isolationOn, domainA, domainB, createPage, retrievePage)__.
+// Run a test where we set the pref "privacy.thirdparty.isolate" to on or off,
+// and then create a media source in `domainA`, using the page `createPage`,
+// and then attempt to retrive a media source in `domainB`, using
+// the page `retrievePage`.
+let mediaSourceTest = function* (isolationOn, domainA, domainB, createPage, retrievePage) {
+  yield setPref("privacy.thirdparty.isolate", isolationOn ? 2 : 0);
+  let input = "create",
+      mediaSourceURL = yield tabIO(domainA, createPage, input),
+      result = yield tabIO(domainB, retrievePage, mediaSourceURL),
+      description = domainA + ":" + createPage + "->" + domainB + ":" + retrievePage + ", isolation " + (isolationOn ? "on." : "off.");
+  if (isolationOn && domainA !== domainB) {
+    ok(result !== "retrieved", description + " Deny retrieval");
+  } else {
+    ok(result === "retrieved", description + " Allow retrieval");
+  }
+};
+
+
+// ## The main test
+// Run a Task.jsm coroutine that tests various combinations of domains
+// methods, and isolation states for reading and writing mediasource URLs.
+spawnTask(function* () {
+  yield setPref("media.mediasource.whitelist", false);
+  for (let isolate of [false, true]) {
+    for (let domainB of [domain1, domain2]) {
+      // There doesn't appear to be a way to create a MediaSource object in a worker.
+      for (let create of [page_create, /* worker_create */]) {
+        // No way I could find to retrieve a MediaSource object in a worker.
+        for (let retrieve of [page_retrieve, /* worker_retrieve */]) {
+          yield mediaSourceTest(isolate, domain1, domainB, create, retrieve);
+        }
+      }
+    }
+  }
+  SimpleTest.finish();
+});
+
+</script>
+
+</body>
+</html>

More information about the tbb-commits mailing list