Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma


products/Sources/formale Sprachen/C/Firefox/dom/security/test/https-first/ (Browser von der Mozilla Stiftung Version 136.0.1^©) Datei vom 10.2.2025 mit Größe 6 kB

Quelle file_toplevel_cookies.sjs Sprache: unbekannt

// Custom *.sjs file specifically for the needs of Bug 1711453
"use strict";

// small red image
const IMG_BYTES = atob(
  "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
    "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="
);

const IFRAME_INC = `<iframe id="testframeinc"></iframe>`;

// Sets an image sends cookie and location after loading
const SET_COOKIE_IMG = `
<html>
<body>
<img id="cookieImage">
<script class="testbody" type="text/javascript">
  var cookieImage = document.getElementById("cookieImage");
  cookieImage.onload = function() {
    let myLocation = window.location.href;
    let myCookie = document.cookie;
    window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
  }
  cookieImage.onerror = function() {
    window.opener.postMessage({result: 'error'}, '*');
  }
  // Add the last number of the old query to the new query to set cookie properly
  cookieImage.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?setSameSiteCookie"
   + window.location.href.charAt(window.location.href.length -1);
</script>
</body>
</html>
`;

// Load blank frame navigation sends cookie and location after loading
const LOAD_BLANK_FRAME_NAV = `
<html>
<body>
<iframe id="testframe"></iframe>
<script>
  let testframe = document.getElementById("testframe");
  testframe.onload = function() {
    let myLocation = window.location.href;
    let myCookie = document.cookie;
    window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
  }
  testframe.onerror = function() {
    window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
  }
  testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadblankframeNav";
</script>
</body>
</html>
`;

// Load frame navigation sends cookie and location after loading
const LOAD_FRAME_NAV = `
<html>
<body>
<iframe id="testframe"></iframe>
<script>
  let testframe = document.getElementById("testframe");
  testframe.onload = function() {
    let myLocation = window.location.href;
    let myCookie = document.cookie;
    window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
  }
  testframe.onerror = function() {
    window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
  }
  testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadsrcdocframeNav";
</script>
</body>
</html>

`;
// blank frame sends cookie and location after loading
const LOAD_BLANK_FRAME = `
<html>
<body>
<iframe id="testframe"></iframe>
<script>
  let testframe = document.getElementById("testframe");
  testframe.onload = function() {
    let myLocation = window.location.href;
    let myCookie = document.cookie;
    window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
  }
  testframe.onerror = function() {
    window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
  }
  testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadblankframeInc";
</script>
</body>
</html>
`;
// frame sends cookie and location after loading
const LOAD_FRAME = `
<html>
<body>
<iframe id="testframe"></iframe>
<script>
  let testframe = document.getElementById("testframe");
  testframe.onload = function() {
    let myLocation = window.location.href;
    let myCookie = document.cookie;
    window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
  }
  testframe.onerror = function() {
    window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
  }
  testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadsrcdocframeInc";
</script>
</body>
</html>
`;

const RESPONSE_UNEXPECTED = `
  <html>
    <body>
      send message, error
    <script type="application/javascript">
      let myLocation = document.location.href;
      window.opener.postMessage({result: 'error', loc: myLocation}, '*');
    </script>
    </body>
  </html>`;

function setCookie(name, query) {
  let cookie = name + "=";
  if (query.includes("0")) {
    cookie += "0;Domain=.example.com;sameSite=none";
    return cookie;
  }
  if (query.includes("1")) {
    cookie += "1;Domain=.example.com;sameSite=strict";
    return cookie;
  }
  if (query.includes("2")) {
    cookie += "2;Domain=.example.com;sameSite=none;secure";
    return cookie;
  }
  if (query.includes("3")) {
    cookie += "3;Domain=.example.com;sameSite=strict;secure";
    return cookie;
  }
  return cookie + "error";
}

function handleRequest(request, response) {
  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);
  let query = request.queryString;
  if (query.includes("setImage")) {
    response.write(SET_COOKIE_IMG);
    return;
  }
  // using startsWith and discard the math random
  if (query.includes("setSameSiteCookie")) {
    response.setHeader("Set-Cookie", setCookie("setImage", query), true);
    response.setHeader("Content-Type", "image/png");
    response.write(IMG_BYTES);
    return;
  }

  // navigation tests
  if (query.includes("loadNavBlank")) {
    response.setHeader("Set-Cookie", setCookie("loadNavBlank", query), true);
    response.write(LOAD_BLANK_FRAME_NAV);
    return;
  }

  if (request.queryString === "loadblankframeNav") {
    let FRAME = `
      <iframe src="about:blank"
        // nothing happens here
      </iframe>`;
    response.write(FRAME);
    return;
  }

  if (query.includes("loadNav")) {
    response.setHeader("Set-Cookie", setCookie("loadNav", query), true);
    response.write(LOAD_FRAME_NAV);
    return;
  }

  if (query === "loadsrcdocframeNav") {
    let FRAME = `
      <iframe srcdoc="foo"
       // nothing happens here
      </iframe>`;
    response.write(FRAME);
    return;
  }

  // inclusion tests
  if (query.includes("loadframeIncBlank")) {
    response.setHeader(
      "Set-Cookie",
      setCookie("loadframeIncBlank", query),
      true
    );
    response.write(LOAD_BLANK_FRAME);
    return;
  }

  if (request.queryString === "loadblankframeInc") {
    let FRAME =
      ` <iframe id="blankframe" src="about:blank"></iframe>
      <script>
        document.getElementById("blankframe").contentDocument.write("` +
      IFRAME_INC +
      `");
      <\script>`;
    response.write(FRAME);
    return;
  }

  if (query.includes("loadframeInc")) {
    response.setHeader("Set-Cookie", setCookie("loadframeInc", query), true);
    response.write(LOAD_FRAME);
    return;
  }

  if (request.queryString === "loadsrcdocframeInc") {
    response.write('<iframe srcdoc="' + IFRAME_INC + '"></iframe>');
    return;
  }

  // We should never arrive here, just in case send 'error'
  response.write(RESPONSE_UNEXPECTED);
}