tgr · November 20, 2023 04:51
diff --git a/.gitignore b/.gitignore
 .venv/
 *.html
 jquery.js
diff --git a/generate.py b/generate.py
 #!/usr/bin/env python

 import base64
 import html
 import json
 import simplejson
 import urllib
 from argparse import ArgumentParser
 from string import Template


 parser = ArgumentParser()
 parser.add_argument("-b", "--baseurl", required=True, help="Base URL of HTML files")
 args = parser.parse_args()

 SANDBOX_MODES =['none', 'allow-origin', 'full']
 SOURCE_MODES = ['srcdoc', 'data', 'blob', 'src']
 MSG = {
 	'sandbox-mode-none': 'No sandboxing',
 	'sandbox-mode-allow-origin': 'Sandboxing but origin not suppressed (sandbox="allow-same-origin")',
 	'sandbox-mode-full': 'Full sandboxing (sandbox="")',
 	'source-mode-srcdoc': 'srcdoc attribute',
 	'source-mode-data': 'data URI',
 	'source-mode-blob': 'blob URI',
 	'source-mode-src': 'separate webpage',
 }

 index_template = Template( open('index.thtml', 'r').read() )
 template = Template( open('template.thtml', 'r').read() )
 iframe = Template( open('iframe.thtml', 'r').read() ).substitute(baseurl=args.baseurl)

 mode_list = {}
 for sandbox_mode in SANDBOX_MODES:
 	for source_mode in SOURCE_MODES:
 		filename = sandbox_mode + '-' + source_mode + '.html'
 		mode_desc = 'sandboxing: %s / source: %s' % ( sandbox_mode, source_mode)
 		mode_list[filename] = mode_desc

 for sandbox_mode in SANDBOX_MODES:
 	sandbox_mode_arg = ''
 	if sandbox_mode == 'allow-origin':
 		sandbox_mode_arg = 'sandbox="allow-scripts allow-same-origin"'
 	elif sandbox_mode == 'full':
 		sandbox_mode_arg = 'sandbox="allow-scripts"'

 	for source_mode in SOURCE_MODES:
 		source_arg = blob_generator = ''
 		if source_mode == 'src':
 			source_arg = 'src="iframe.html"'
 		elif source_mode == 'data':
 			source_arg = 'src="data:text/html;charset=utf-8;base64,%s"' % base64.b64encode(iframe.encode('utf-8')).decode('utf-8')
 		elif source_mode == 'blob':
 			source_arg = 'src="about:blank"'
 			blob_generator = """<script>
 var blob = new Blob( [%s], { type: "text/html" } );
 document.querySelector("iframe").src = URL.createObjectURL(blob);
 </script>""" % json.dumps(iframe, cls=simplejson.JSONEncoderForHTML)
 		elif source_mode == 'srcdoc':
 			source_arg = 'srcdoc="%s"' % html.escape(iframe)

 		mode_desc = 'sandboxing: %s / source: %s' % ( sandbox_mode, source_mode)

 		template_variables = {
 			'mode_desc': mode_desc,
 			'mode_list': '\n'.join(['<li><a href="%s">%s</a></li>' % (k, v) for k, v in mode_list.items()]),
 			'iframe_source': html.escape(iframe),
 			'sandbox_mode': MSG['sandbox-mode-' + sandbox_mode],
 			'source_mode': MSG['source-mode-' + source_mode],
 			'iframe_args': sandbox_mode_arg + ' ' + source_arg,
 			'blob_generator': blob_generator,
 			'baseurl': args.baseurl,
 		}

 		filename = sandbox_mode + '-' + source_mode + '.html'
 		with open(filename, 'w') as f:
 			f.write(template.substitute(**template_variables))

 with open('index.html', 'w') as f:
 	f.write(index_template.substitute(**template_variables))
 with open('iframe.html', 'w') as f:
 	f.write(iframe)

 # download https://code.jquery.com/jquery-3.7.1.js to jquery.js if the file doesn't exist yet
 try:
 	open('jquery.js', 'r').close()
 except FileNotFoundError:
 	urllib.request.urlretrieve('https://code.jquery.com/jquery-3.7.1.js', 'jquery.js')
diff --git a/iframe.thtml b/iframe.thtml
 <!DOCTYPE html>
 <html>
 <head>
  <meta charset="utf-8">
  <title>Embedded iframe</title>
  <script src="${baseurl}/jquery.js"></script>
 </head>
 <body>
  <script>try { document.write( "Origin: " + location.origin ); } catch (e) {}</script>
 </body>
 </html>
diff --git a/index.thtml b/index.thtml
 <!DOCTYPE html>
 <html>
 <head>
  <meta charset="utf-8">
  <title>Iframe caching test</title>
 </head>
 <body>
  Load the page several times and check if jquery.js loads from cache.
  <ul>
    ${mode_list}
  </ul>
 </body>
 </html>
diff --git a/requirements.txt b/requirements.txt
 simplejson
diff --git a/template.thtml b/template.thtml
 <!DOCTYPE html>
 <html>
 <head>
  <meta charset="utf-8">
  <title>Iframe caching test ${mode_desc}</title>
 </head>
 <body>
  <ul>
    <li>Sandbox mode: ${sandbox_mode}</li>
    <li>Source: ${source_mode}</li>
    <li>"Origin: <script>document.write( location.origin );</script></li>
  </ul>
  Iframe source:
  <pre>${iframe_source}</pre>
  Iframe:
  <iframe ${iframe_args}></iframe>
  ${blob_generator}
  <ul style="list-style-type: none">${mode_list}</ul>
  <a href="index.html">Back to index</a>
 </body>
 </html>
	#!/usr/bin/env python

	import base64
	import html
	import json
	import simplejson
	import urllib
	from argparse import ArgumentParser
	from string import Template


	parser = ArgumentParser()
	parser.add_argument("-b", "--baseurl", required=True, help="Base URL of HTML files")
	args = parser.parse_args()

	SANDBOX_MODES =['none', 'allow-origin', 'full']
	SOURCE_MODES = ['srcdoc', 'data', 'blob', 'src']
	MSG = {
	'sandbox-mode-none': 'No sandboxing',
	'sandbox-mode-allow-origin': 'Sandboxing but origin not suppressed (sandbox="allow-same-origin")',
	'sandbox-mode-full': 'Full sandboxing (sandbox="")',
	'source-mode-srcdoc': 'srcdoc attribute',
	'source-mode-data': 'data URI',
	'source-mode-blob': 'blob URI',
	'source-mode-src': 'separate webpage',
	}

	index_template = Template( open('index.thtml', 'r').read() )
	template = Template( open('template.thtml', 'r').read() )
	iframe = Template( open('iframe.thtml', 'r').read() ).substitute(baseurl=args.baseurl)

	mode_list = {}
	for sandbox_mode in SANDBOX_MODES:
	for source_mode in SOURCE_MODES:
	filename = sandbox_mode + '-' + source_mode + '.html'
	mode_desc = 'sandboxing: %s / source: %s' % ( sandbox_mode, source_mode)
	mode_list[filename] = mode_desc

	for sandbox_mode in SANDBOX_MODES:
	sandbox_mode_arg = ''
	if sandbox_mode == 'allow-origin':
	sandbox_mode_arg = 'sandbox="allow-scripts allow-same-origin"'
	elif sandbox_mode == 'full':
	sandbox_mode_arg = 'sandbox="allow-scripts"'

	for source_mode in SOURCE_MODES:
	source_arg = blob_generator = ''
	if source_mode == 'src':
	source_arg = 'src="iframe.html"'
	elif source_mode == 'data':
	source_arg = 'src="data:text/html;charset=utf-8;base64,%s"' % base64.b64encode(iframe.encode('utf-8')).decode('utf-8')
	elif source_mode == 'blob':
	source_arg = 'src="about:blank"'
	blob_generator = """<script>
	var blob = new Blob( [%s], { type: "text/html" } );
	document.querySelector("iframe").src = URL.createObjectURL(blob);
	</script>""" % json.dumps(iframe, cls=simplejson.JSONEncoderForHTML)
	elif source_mode == 'srcdoc':
	source_arg = 'srcdoc="%s"' % html.escape(iframe)

	mode_desc = 'sandboxing: %s / source: %s' % ( sandbox_mode, source_mode)

	template_variables = {
	'mode_desc': mode_desc,
	'mode_list': '\n'.join(['<li><a href="%s">%s</a></li>' % (k, v) for k, v in mode_list.items()]),
	'iframe_source': html.escape(iframe),
	'sandbox_mode': MSG['sandbox-mode-' + sandbox_mode],
	'source_mode': MSG['source-mode-' + source_mode],
	'iframe_args': sandbox_mode_arg + ' ' + source_arg,
	'blob_generator': blob_generator,
	'baseurl': args.baseurl,
	}

	filename = sandbox_mode + '-' + source_mode + '.html'
	with open(filename, 'w') as f:
	f.write(template.substitute(**template_variables))

	with open('index.html', 'w') as f:
	f.write(index_template.substitute(**template_variables))
	with open('iframe.html', 'w') as f:
	f.write(iframe)

	# download https://code.jquery.com/jquery-3.7.1.js to jquery.js if the file doesn't exist yet
	try:
	open('jquery.js', 'r').close()
	except FileNotFoundError:
	urllib.request.urlretrieve('https://code.jquery.com/jquery-3.7.1.js', 'jquery.js')
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>Embedded iframe</title>
	<script src="${baseurl}/jquery.js"></script>
	</head>
	<body>
	<script>try { document.write( "Origin: " + location.origin ); } catch (e) {}</script>
	</body>
	</html>