1
0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2024-12-22 12:50:36 +01:00

Added CSP test

This commit is contained in:
kkapsner 2019-12-14 21:22:18 +01:00
parent ddcaf5a2a9
commit a9ed208505
3 changed files with 97 additions and 0 deletions

71
test/cspTest.js Normal file
View File

@ -0,0 +1,71 @@
function draw(canvas){
"use strict";
canvas.setAttribute("width", 220);
canvas.setAttribute("height", 30);
var fp_text = "BrowserLeaks,com <canvas> 10";
var ctx = canvas.getContext("2d");
ctx.textBaseline = "top";
ctx.font = "14px 'Arial'";
ctx.textBaseline = "alphabetic";
ctx.fillStyle = "#f60";
ctx.fillRect(125, 1, 62, 20);
ctx.fillStyle = "#069";
ctx.fillText(fp_text, 2, 15);
ctx.fillStyle = "rgba(102, 204, 0, 07)";
ctx.fillText(fp_text, 4, 17);
return ctx;
}
function test(window){
"use strict";
// create window canvas
var canvas = document.createElement("canvas");
// draw image in window canvas
draw(canvas);
return window.HTMLCanvasElement.prototype.toDataURL.call(canvas);
}
function hash(string){
"use strict";
var buffer = new TextEncoder("utf-8").encode(string);
return crypto.subtle.digest("SHA-256", buffer).then(function(hash){
var chunks = [];
(new Uint32Array(hash)).forEach(function(num){
chunks.push(num.toString(16));
});
return chunks.map(function(chunk){
return "0".repeat(8 - chunk.length) + chunk;
}).join("");
});
}
var addLine = function(){
"use strict";
var output = document.getElementById("results");
return function(text){
var line = document.createElement("div");
line.textContent = text;
output.appendChild(line);
};
}();
addLine("window name at start: " + window.name);
window.name = "CanvasBlocker CSP test";
addLine("window name after set: " + window.name);
hash(test(window)).then(function(hash){
"use strict";
addLine("canvas hash: " + hash);
return;
}).catch(function(error){
"use strict";
addLine("error while creating canvas hash: " + error);
});

25
test/cspTest.php Normal file
View File

@ -0,0 +1,25 @@
<?php
header("Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'");
?>
<!DOCTYPE html>
<html>
<head>
<title>CSP test</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<link href="testIcon.svg" type="image/png" rel="icon">
<link href="testIcon.svg" type="image/png" rel="shortcut icon">
</head>
<body>
<h1>CSP test</h1>
<h2>Expected result</h2>
<ul>
<li>if the window API protection is active the window name at start is always empty</li>
<li>the canvas hash changes upon reload</li>
</ul>
<h2>Tests</h2>
<div id="results"></div>
<script src="cspTest.js"></script>
</body>
</html>

View File

@ -23,5 +23,6 @@
<li><a href="screenSizeTest.html">Screen size test</a></li>
<li><a href="settingsLoading.php">Settings loading</a></li>
<li><a href="iframeTest.html">Iframe protection</a></li>
<li><a href="cspTest.php">CSP test</a></li>
</ul>
</body></html>