Testing popup behavior and security and privacy issues (#197)

* First pass on a pop-up test page that allows test time configuring of the window.open() parameters. * Adding referrer check and target="_blank" link to test the anchor rel options. * Fix bad merge. * Moving to the security folder. * Renaming test pages and adding a link back to Home and a description of the test page to conform to the template.
duckduckgo · May 10, 2024 · 59e5013 · 59e5013
1 parent 0112601
commit 59e5013
Show file tree

Hide file tree

Showing 3 changed files with 141 additions and 1 deletion.
diff --git a/index.html b/index.html
@@ -50,7 +50,7 @@ <h2>Browser Features</h2>
 	<li><a href="./features/harmful-apis/">Harmful APIs</a></li>
 	<li><a href="./features/element-hiding/">Element Hiding</a></li>
 	<li><a href="./features/auto-refresh.html">Auto Refresh</a></li>
-    <li><a href="./features/favicon/">Favicon</a></li>
+	<li><a href="./features/favicon/">Favicon</a></li>
 </ul>
 
 <h2>Security</h2>
@@ -61,6 +61,7 @@ <h2>Security</h2>
 	<li><a href="./security/csp-report/index.html">Leak of extension IDs via CSP</a></li>
 	<li><a href="./security/js-leaks.html">Detect changes to JS objects in global scope</a></li>
 	<li><a href="./security/badware/phishing.html">An example phishing page</a></li>
+	<li><a href="./security/popups/popup-launcher.html">Popup noopener/noreferrer tests</a></li>
 </ul>
 
 <h2>Privacy Protections Tests</h2>

diff --git a/security/popups/popup-launcher.html b/security/popups/popup-launcher.html
@@ -0,0 +1,115 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width">
+    <title>Popup noopener/noreferrer tests</title>
+    <script language="JavaScript">
+        function getWindowFeatures() {
+            var accumulatedOptions = []
+
+            if (document.getElementById('popup').checked) {
+                accumulatedOptions.push('popup')
+            }
+
+            if (document.getElementById('width').value !== '') {
+                accumulatedOptions.push('width=' + document.getElementById('width').value)
+            }
+
+            if (document.getElementById('height').value !== '') {
+                accumulatedOptions.push('height=' + document.getElementById('height').value)
+            }
+
+            if (document.getElementById('top').value !== '') {
+                accumulatedOptions.push('top=' + document.getElementById('top').value)
+            }
+
+            if (document.getElementById('left').value !== '') {
+                accumulatedOptions.push('left=' + document.getElementById('left').value)
+            }
+
+            if (document.getElementById('noopener').checked) {
+                accumulatedOptions.push('noopener')
+            }
+
+            if (document.getElementById('noreferrer').checked) {
+                accumulatedOptions.push('noreferrer')
+            }
+
+            return accumulatedOptions.join(',')
+        }
+
+        function updateRelValue() {
+            var accumulatedOptions = []
+
+            if (document.getElementById('noopener').checked) {
+                accumulatedOptions.push('noopener')
+            }
+
+            if (document.getElementById('opener').checked) {
+                accumulatedOptions.push('opener')
+            }
+
+            if (document.getElementById('noreferrer').checked) {
+                accumulatedOptions.push('noreferrer')
+            }
+
+            var relValue = accumulatedOptions.join(' ')
+
+            if (relValue == '') {
+                document.getElementById('relLink').removeAttribute('rel')
+            } else {
+                document.getElementById('relLink').setAttribute('rel', relValue)
+            }
+        }
+    </script>
+</head>
+<body onload="updateRelValue()">
+    <p><a href="../../index.html">[Home]</a></p>
+
+    <p>Provides a visually configurable interface to test <code>window.open()</code> calls and <code>&lt;a target="_blank"&gt;</code> links to ensure the browser respects <code>noopener</code>, <code>opener</code>, and <code>noreferrer</code>.</p>
+
+    <form>
+        <table>
+            <tr>
+                <td width="100px">
+                    Target:<br />
+                    <input type="radio" id="_self" name="link_target" value="_self" checked>
+                    <label for="_self">_self</label><br />
+                    <input type="radio" id="_blank" name="link_target" value="_blank">
+                    <label for="_blank">_blank</label><br />
+                    <input type="radio" id="_parent" name="link_target" value="_parent">
+                    <label for="_parent">_parent</label><br />
+                    <input type="radio" id="_top" name="link_target" value="_top">
+                    <label for="_top">_top</label><br />
+                    <input type="radio" id="noTarget" name="link_target" value="">
+                    <label for="noTarget">No target</label><br />
+                </td>
+                <td>
+                    Window features:<br />
+                    <input type="checkbox" id="popup" />
+                    <label for="popup">popup</label><br />
+                    <label for="width">width</label>
+                    <input type="text" id="width" /><br />
+                    <label for="height">height</label>
+                    <input type="text" id="height" /><br />
+                    <label for="left">left</label>
+                    <input type="text" id="left" /><br />
+                    <label for="top">top</label>
+                    <input type="text" id="top" /><br />
+                    <input type="checkbox" id="noopener" onclick="updateRelValue()" />
+                    <label for="noopener">noopener</label><br />
+                    <input type="checkbox" id="opener" onclick="updateRelValue()" />
+                    <label for="opener">opener</label><br />
+                    <input type="checkbox" id="noreferrer" onclick="updateRelValue()" />
+                    <label for="noreferrer">noreferrer</label><br />
+                </td>
+            </tr>
+        </table>
+    </form>
+    <button id="openPopup" onclick="window.open('popup-test-window.html', document.querySelector('input[name = link_target]:checked').value, getWindowFeatures())">
+        Open popup!
+    </button>
+    <a href="popup-test-window.html" id="relLink" target="_blank">_blank Link</a>
+</body>
+</html>
diff --git a/security/popups/popup-test-window.html b/security/popups/popup-test-window.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <meta charset="utf-8" />
+    <title>Popup test</title>
+</head>
+<body>
+    <div id="ownerUrl">
+        Uninitialized
+    </div>
+    <div id="referrer">
+        Uninitialized
+    </div>
+    <script language="javascript">
+        if (window.opener !== undefined && window.opener !== null) {
+            document.getElementById('ownerUrl').innerHTML = window.opener.location.href
+        }
+        if (document.referrer !== undefined && document.referrer !== '') {
+            document.getElementById('referrer').innerHTML = document.referrer
+        }
+    </script>
+</body>
+</html>