Bug 1476324 - Storage activation via window.open(URL) applies across top-level domains - part 2 - tests, r=ehsan
authorAndrea Marchesini <amarchesini@mozilla.com>
Wed, 18 Jul 2018 15:44:55 +0200
changeset 427130 2272ac475d49d4911948f7eb782a48ca0054b4db
parent 427129 48dbdb55cabecb167d115a5d121bef6cdf005cf1
child 427131 1b81fd5d2002a208552fcfa4aac65a4871614eed
push id34293
push usercsabou@mozilla.com
push dateWed, 18 Jul 2018 17:20:23 +0000
treeherdermozilla-central@117473983569 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersehsan
bugs1476324
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1476324 - Storage activation via window.open(URL) applies across top-level domains - part 2 - tests, r=ehsan
toolkit/components/antitracking/test/browser/browser.ini
toolkit/components/antitracking/test/browser/browser_script.js
toolkit/components/antitracking/test/browser/tracker.js
--- a/toolkit/components/antitracking/test/browser/browser.ini
+++ b/toolkit/components/antitracking/test/browser/browser.ini
@@ -15,8 +15,10 @@ support-files = server.sjs
 [browser_blockingIndexedDb.js]
 [browser_blockingStorage.js]
 [browser_blockingWorkers.js]
 [browser_blockingMessaging.js]
 [browser_imageCache.js]
 support-files = image.sjs
 [browser_subResources.js]
 support-files = subResources.sjs
+[browser_script.js]
+support-files = tracker.js
new file mode 100644
--- /dev/null
+++ b/toolkit/components/antitracking/test/browser/browser_script.js
@@ -0,0 +1,131 @@
+ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+add_task(async function() {
+  info("Starting subResources test");
+
+  await SpecialPowers.flushPrefEnv();
+  await SpecialPowers.pushPrefEnv({"set": [
+    ["privacy.restrict3rdpartystorage.enabled", true],
+    ["privacy.trackingprotection.enabled", false],
+    ["privacy.trackingprotection.pbmode.enabled", false],
+    ["privacy.trackingprotection.annotate_channels", true],
+  ]});
+
+  await UrlClassifierTestUtils.addTestTrackers();
+
+  info("Creating a new tab");
+  let tab = BrowserTestUtils.addTab(gBrowser, TEST_TOP_PAGE);
+  gBrowser.selectedTab = tab;
+
+  let browser = gBrowser.getBrowserForTab(tab);
+  await BrowserTestUtils.browserLoaded(browser);
+
+  info("Loading tracking scripts");
+  await ContentTask.spawn(browser, { scriptURL: TEST_DOMAIN + TEST_PATH + "tracker.js",
+                                     page: TEST_3RD_PARTY_PAGE,
+                                   }, async obj => {
+    info("Checking if permission is denied");
+    let callbackBlocked = async _ => {
+      try {
+        localStorage.foo = 42;
+        ok(false, "LocalStorage cannot be used!");
+      } catch (e) {
+        ok(true, "LocalStorage cannot be used!");
+        is(e.name, "SecurityError", "We want a security error message.");
+      }
+    };
+
+    await new content.Promise(resolve => {
+      let ifr = content.document.createElement("iframe");
+      ifr.onload = function() {
+        info("Sending code to the 3rd party content");
+        ifr.contentWindow.postMessage(callbackBlocked.toString(), "*");
+      };
+
+      content.addEventListener("message", function msg(event) {
+        if (event.data.type == "finish") {
+          content.removeEventListener("message", msg);
+          resolve();
+          return;
+        }
+
+        if (event.data.type == "ok") {
+          ok(event.data.what, event.data.msg);
+          return;
+        }
+
+        if (event.data.type == "info") {
+          info(event.data.msg);
+          return;
+        }
+
+        ok(false, "Unknown message");
+      });
+
+      content.document.body.appendChild(ifr);
+      ifr.src = obj.page;
+    });
+
+    info("Triggering a 3rd party script...");
+    let p = new content.Promise(resolve => {
+      let bc = new content.BroadcastChannel("a");
+      bc.onmessage = resolve;
+    });
+
+    let src = content.document.createElement("script");
+    content.document.body.appendChild(src);
+    src.src = obj.scriptURL;
+
+    await p;
+
+    info("Checking if permission is granted");
+    let callbackAllowed = async _ => {
+      localStorage.foo = 42;
+      ok(true, "LocalStorage can be used!");
+    };
+
+    await new content.Promise(resolve => {
+      let ifr = content.document.createElement("iframe");
+      ifr.onload = function() {
+        info("Sending code to the 3rd party content");
+        ifr.contentWindow.postMessage(callbackAllowed.toString(), "*");
+      };
+
+      content.addEventListener("message", function msg(event) {
+        if (event.data.type == "finish") {
+          content.removeEventListener("message", msg);
+          resolve();
+          return;
+        }
+
+        if (event.data.type == "ok") {
+          ok(event.data.what, event.data.msg);
+          return;
+        }
+
+        if (event.data.type == "info") {
+          info(event.data.msg);
+          return;
+        }
+
+        ok(false, "Unknown message");
+      });
+
+      content.document.body.appendChild(ifr);
+      ifr.src = obj.page;
+    });
+  });
+
+  info("Removing the tab");
+  BrowserTestUtils.removeTab(tab);
+
+  UrlClassifierTestUtils.cleanupTestTrackers();
+});
+
+add_task(async function() {
+  info("Cleaning up.");
+  await new Promise(resolve => {
+    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => resolve());
+  });
+});
+
new file mode 100644
--- /dev/null
+++ b/toolkit/components/antitracking/test/browser/tracker.js
@@ -0,0 +1,5 @@
+window.addEventListener("message", e => {
+  let bc = new BroadcastChannel("a");
+  bc.postMessage("ready!");
+});
+window.open("https://tracking.example.com/browser/toolkit/components/antitracking/test/browser/3rdPartyOpen.html");