Apq
/
markdown-viewer
mirror of https://github.com/simov/markdown-viewer.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328
							
var t = require('assert')
var defaults = require('./utils/defaults')


module.exports = ({extensions, popup, advanced, content}) => {

  before(async () => {
    await defaults({popup, advanced, content})

    await advanced.bringToFront()

    // enable path matching
    await advanced.evaluate(() => {
      document.querySelector('.m-list li:nth-of-type(1) input').value = 'csp-match-path'
      document.querySelector('.m-list li:nth-of-type(1) input').dispatchEvent(new Event('keyup'))
    })
    // there is debounce timeout of 750ms in the options UI
    await advanced.waitForTimeout(800)
  })

  describe('not correct content-type + non matching path', () => {
    before(async () => {
      await advanced.bringToFront()

      // expand origin
      if (!await advanced.evaluate(() => document.querySelector('.m-list li:nth-of-type(1)').classList.contains('m-expanded'))) {
        await advanced.click('.m-list li:nth-of-type(1)')
      }

      // enable csp
      if (!await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }

      // go to page serving content with strict csp
      await content.goto('http://localhost:3000/csp-no-header-no-path')
      await content.bringToFront()
      await content.waitForTimeout(300)
    })
    it('non matching urls should be skipped', async () => {
      t.strictEqual(
        await content.evaluate(() => {
          try {
            window.localStorage
          }
          catch (err) {
            return err.message.split(':')[1].trim()
          }
        }),
        `The document is sandboxed and lacks the 'allow-same-origin' flag.`,
        'localStorage should not be accessible'
      )
    })
  })

  describe('correct content-type + non matching path', () => {
    before(async () => {
      await advanced.bringToFront()

      // expand origin
      if (!await advanced.evaluate(() => document.querySelector('.m-list li:nth-of-type(1)').classList.contains('m-expanded'))) {
        await advanced.click('.m-list li:nth-of-type(1)')
      }

      // enable csp
      if (!await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }

      // go to page serving content with strict csp
      await content.goto('http://localhost:3000/csp-match-header')
      await content.bringToFront()
      await content.waitForTimeout(300)
    })
    it('non matching urls cannot be checked for enabled csp', async () => {
      t.strictEqual(
        await content.evaluate(() => {
          try {
            window.localStorage
          }
          catch (err) {
            return err.message.split(':')[1].trim()
          }
        }),
        `The document is sandboxed and lacks the 'allow-same-origin' flag.`,
        'localStorage should not be accessible'
      )
    })
  })

  // TEST: localStorage is no longer available even with disabled CSP
  describe.skip('not correct content-type + matching path', () => {
    before(async () => {
      await advanced.bringToFront()

      // expand origin
      if (!await advanced.evaluate(() => document.querySelector('.m-list li:nth-of-type(1)').classList.contains('m-expanded'))) {
        await advanced.click('.m-list li:nth-of-type(1)')
      }

      // enable csp
      if (!await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }

      // go to page serving content with strict csp
      await content.goto('http://localhost:3000/csp-match-path')
      await content.bringToFront()
      await content.waitForTimeout(300)
    })
    it('webRequest.onHeadersReceived event is enabled', async () => {
      t.strictEqual(
        await content.evaluate(() =>
          window.localStorage.toString()
        ),
        '[object Storage]',
        'localStorage should be accessible'
      )
    })
  })

  // TEST: localStorage is no longer available even with disabled CSP
  describe.skip('disable - enable - disable', () => {
    it('full cycle', async () => {
      // 1. disable
      await advanced.bringToFront()

      // expand origin
      if (!await advanced.evaluate(() => document.querySelector('.m-list li:nth-of-type(1)').classList.contains('m-expanded'))) {
        await advanced.click('.m-list li:nth-of-type(1)')
      }

      // disable csp
      if (await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }
      await advanced.waitForTimeout(300)

      // go to page serving content with strict csp
      await content.goto('http://localhost:3000/csp-match-path')
      await content.bringToFront()
      await content.waitForTimeout(300)

      t.strictEqual(
        await content.evaluate(() => {
          try {
            window.localStorage
          }
          catch (err) {
            return err.message.split(':')[1].trim()
          }
        }),
        `The document is sandboxed and lacks the 'allow-same-origin' flag.`,
        'localStorage should not be accessible'
      )

      // 2. enable
      await advanced.bringToFront()

      // enable csp
      if (!await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }
      await advanced.waitForTimeout(300)

      // go to page serving content with strict csp
      await content.goto('http://localhost:3000/csp-match-path')
      await content.bringToFront()
      await content.waitForTimeout(300)

      t.strictEqual(
        await content.evaluate(() =>
          window.localStorage.toString()
        ),
        '[object Storage]',
        'localStorage should be accessible'
      )

      // 3. disable
      await advanced.bringToFront()

      // disable csp
      if (await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }
      await advanced.waitForTimeout(300)

      // go to page serving content with strict csp
      await content.goto('http://localhost:3000/csp-match-path')
      await content.bringToFront()
      await content.waitForTimeout(300)

      t.strictEqual(
        await content.evaluate(() => {
          try {
            window.localStorage
          }
          catch (err) {
            return err.message.split(':')[1].trim()
          }
        }),
        `The document is sandboxed and lacks the 'allow-same-origin' flag.`,
        'localStorage should not be accessible'
      )
    })
  })

  describe('persist state', () => {
    it('enable csp', async () => {
      await advanced.bringToFront()

      // expand origin
      if (!await advanced.evaluate(() => document.querySelector('.m-list li:nth-of-type(1)').classList.contains('m-expanded'))) {
        await advanced.click('.m-list li:nth-of-type(1)')
      }

      // enable csp
      if (!await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }
      await advanced.reload()
      await advanced.waitForTimeout(300)

      // expand origin
      await advanced.click('.m-list li:nth-of-type(1)')

      t.strictEqual(
        await advanced.evaluate(() =>
          document.querySelector('.m-list li:nth-of-type(1) .m-switch').classList.contains('is-checked')
        ),
        true,
        'csp checkbox should be enabled'
      )
    })
    it('disable csp', async () => {
      await advanced.bringToFront()

      // expand origin
      if (!await advanced.evaluate(() => document.querySelector('.m-list li:nth-of-type(1)').classList.contains('m-expanded'))) {
        await advanced.click('.m-list li:nth-of-type(1)')
      }

      // disable csp
      if (await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }
      await advanced.reload()
      await advanced.waitForTimeout(300)

      // expand origin
      await advanced.click('.m-list li:nth-of-type(1)')

      t.strictEqual(
        await advanced.evaluate(() =>
          document.querySelector('.m-list li:nth-of-type(1) .m-switch').classList.contains('is-checked')
        ),
        false,
        'csp checkbox should be disabled'
      )
    })
  })

  describe('enable csp + suspend the event page', () => {
    before(async () => {
      await advanced.bringToFront()

      // expand origin
      if (!await advanced.evaluate(() => document.querySelector('.m-list li:nth-of-type(1)').classList.contains('m-expanded'))) {
        await advanced.click('.m-list li:nth-of-type(1)')
      }

      // enable csp
      if (!await advanced.evaluate(() => origins.state.origins['http://localhost:3000'].csp)) {
        await advanced.click('.m-list li:nth-of-type(1) .m-switch')
      }

      // chrome://extensions
      await extensions.bringToFront()

      // enable developer mode
      await extensions.evaluate(() => {
        Array.from(
          document.querySelector('extensions-manager').shadowRoot
            .querySelector('extensions-item-list').shadowRoot
            .querySelectorAll('extensions-item'))[0].shadowRoot
            .querySelector('#enableToggle').click()
      })
      // disable the extension
      await extensions.evaluate(() => {
        Array.from(
          document.querySelector('extensions-manager').shadowRoot
            .querySelector('extensions-item-list').shadowRoot
            .querySelectorAll('extensions-item'))[0].shadowRoot
            .querySelector('#enableToggle').click()
      })
      await extensions.waitForTimeout(300)
      // check
      t.equal(
        await extensions.evaluate(() =>
          Array.from(
            document.querySelector('extensions-manager').shadowRoot
              .querySelector('extensions-item-list').shadowRoot
              .querySelectorAll('extensions-item'))[0].shadowRoot
              .querySelector('#inspect-views a').innerText
        ),
        'background page (Inactive)',
        'background page should be inactive'
      )

      // go to page serving content with strict csp
      await content.goto('http://localhost:3000/csp-match-path')
      await content.bringToFront()
      await content.waitForTimeout(300)
    })
    // TEST: localStorage is no longer available even with disabled CSP
    it.skip('the tab is reloaded on event page wakeup', async () => {
      t.strictEqual(
        await content.evaluate(() =>
          window.localStorage.toString()
        ),
        '[object Storage]',
        'localStorage should be accessible'
      )
    })
  })

}