summaryrefslogtreecommitdiffstats
path: root/toolkit/components/antitracking/test/browser/browser_storageAccessSandboxed.js
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/components/antitracking/test/browser/browser_storageAccessSandboxed.js')
-rw-r--r--toolkit/components/antitracking/test/browser/browser_storageAccessSandboxed.js155
1 files changed, 155 insertions, 0 deletions
diff --git a/toolkit/components/antitracking/test/browser/browser_storageAccessSandboxed.js b/toolkit/components/antitracking/test/browser/browser_storageAccessSandboxed.js
new file mode 100644
index 0000000000..2c9b7e3df8
--- /dev/null
+++ b/toolkit/components/antitracking/test/browser/browser_storageAccessSandboxed.js
@@ -0,0 +1,155 @@
+/* import-globals-from antitracking_head.js */
+
+AntiTracking.runTest(
+ "Storage Access API called in a sandboxed iframe",
+ // blocking callback
+ async _ => {
+ /* import-globals-from storageAccessAPIHelpers.js */
+ let [threw, rejected] = await callRequestStorageAccess();
+ ok(!threw, "requestStorageAccess should not throw");
+ ok(rejected, "requestStorageAccess shouldn't be available");
+ },
+
+ null, // non-blocking callback
+ // cleanup function
+ async _ => {
+ // Only clear the user-interaction permissions for the tracker here so that
+ // the next test has a clean slate.
+ await new Promise(resolve => {
+ Services.clearData.deleteDataFromHost(
+ Services.io.newURI(TEST_3RD_PARTY_DOMAIN).host,
+ true,
+ Ci.nsIClearDataService.CLEAR_PERMISSIONS,
+ value => resolve()
+ );
+ });
+ },
+ [["dom.storage_access.enabled", true]], // extra prefs
+ false, // no window open test
+ false, // no user-interaction test
+ 0, // no blocking notifications
+ false, // run in normal window
+ "allow-scripts allow-same-origin allow-popups"
+);
+
+AntiTracking.runTest(
+ "Storage Access API called in a sandboxed iframe with" +
+ " allow-storage-access-by-user-activation",
+ // blocking callback
+ async _ => {
+ /* import-globals-from storageAccessAPIHelpers.js */
+ let [threw, rejected] = await callRequestStorageAccess();
+ ok(!threw, "requestStorageAccess should not throw");
+ ok(!rejected, "requestStorageAccess should be available");
+ },
+
+ null, // non-blocking callback
+ null, // cleanup function
+ [["dom.storage_access.enabled", true]], // extra prefs
+ false, // no window open test
+ false, // no user-interaction test
+ Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_TRACKER, // expect blocking notifications
+ false, // run in normal window
+ "allow-scripts allow-same-origin allow-popups allow-storage-access-by-user-activation"
+);
+
+AntiTracking.runTest(
+ "Verify that sandboxed contexts don't get the saved permission",
+ // blocking callback
+ async _ => {
+ /* import-globals-from storageAccessAPIHelpers.js */
+ await noStorageAccessInitially();
+
+ try {
+ localStorage.foo = 42;
+ ok(false, "LocalStorage cannot be used!");
+ } catch (e) {
+ ok(true, "LocalStorage cannot be used!");
+ is(e.name, "SecurityError", "We want a security error message.");
+ }
+ },
+
+ null, // non-blocking callback
+ null, // cleanup function
+ [["dom.storage_access.enabled", true]], // extra prefs
+ false, // no window open test
+ false, // no user-interaction test
+ Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_TRACKER, // expect blocking notifications
+ false, // run in normal window
+ "allow-scripts allow-same-origin allow-popups"
+);
+
+AntiTracking.runTest(
+ "Verify that sandboxed contexts with" +
+ " allow-storage-access-by-user-activation get the" +
+ " saved permission",
+ // blocking callback
+ async _ => {
+ /* import-globals-from storageAccessAPIHelpers.js */
+ await hasStorageAccessInitially();
+
+ localStorage.foo = 42;
+ ok(true, "LocalStorage can be used!");
+ },
+
+ null, // non-blocking callback
+ null, // cleanup function
+ [["dom.storage_access.enabled", true]], // extra prefs
+ false, // no window open test
+ false, // no user-interaction test
+ 0, // no blocking notifications
+ false, // run in normal window
+ "allow-scripts allow-same-origin allow-popups allow-storage-access-by-user-activation"
+);
+
+AntiTracking.runTest(
+ "Verify that private browsing contexts don't get the saved permission",
+ // blocking callback
+ async _ => {
+ /* import-globals-from storageAccessAPIHelpers.js */
+ await noStorageAccessInitially();
+
+ try {
+ localStorage.foo = 42;
+ ok(false, "LocalStorage cannot be used!");
+ } catch (e) {
+ ok(true, "LocalStorage cannot be used!");
+ is(e.name, "SecurityError", "We want a security error message.");
+ }
+ },
+
+ null, // non-blocking callback
+ null, // cleanup function
+ [["dom.storage_access.enabled", true]], // extra prefs
+ false, // no window open test
+ false, // no user-interaction test
+ Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_TRACKER, // expect blocking notifications
+ true, // run in private window
+ null // iframe sandbox
+);
+
+AntiTracking.runTest(
+ "Verify that non-sandboxed contexts get the saved permission",
+ // blocking callback
+ async _ => {
+ /* import-globals-from storageAccessAPIHelpers.js */
+ await hasStorageAccessInitially();
+
+ localStorage.foo = 42;
+ ok(true, "LocalStorage can be used!");
+ },
+
+ null, // non-blocking callback
+ // cleanup function
+ async _ => {
+ await new Promise(resolve => {
+ Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value =>
+ resolve()
+ );
+ });
+ },
+ [["dom.storage_access.enabled", true]], // extra prefs
+ false, // no window open test
+ false, // no user-interaction test
+ 0 // no blocking notifications
+);
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-28 19:20:54 +0000