content/base/test/csp/file_CSP_bug888172.html@129ffea94266 (annotated)
content/base/test/csp/file_CSP_bug888172.html
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
| michael@0 | 1 | <!doctype html> |
| michael@0 | 2 | <html> |
| michael@0 | 3 | <body> |
| michael@0 | 4 | <ol> |
| michael@0 | 5 | <li id="unsafe-inline-script">Inline script (green if allowed, black if blocked)</li> |
| michael@0 | 6 | <li id="unsafe-eval-script">Eval script (green if allowed, black if blocked)</li> |
| michael@0 | 7 | <li id="unsafe-inline-style">Inline style (green if allowed, black if blocked)</li> |
| michael@0 | 8 | </ol> |
| michael@0 | 9 | |
| michael@0 | 10 | <script> |
| michael@0 | 11 | // Use inline script to set a style attribute |
| michael@0 | 12 | document.getElementById("unsafe-inline-script").style.color = "green"; |
| michael@0 | 13 | |
| michael@0 | 14 | // Use eval to set a style attribute |
| michael@0 | 15 | // try/catch is used because CSP causes eval to throw an exception when it |
| michael@0 | 16 | // is blocked, which would derail the rest of the tests in this file. |
| michael@0 | 17 | try { |
| michael@0 | 18 | eval('document.getElementById("unsafe-eval-script").style.color = "green";'); |
| michael@0 | 19 | } catch (e) {} |
| michael@0 | 20 | </script> |
| michael@0 | 21 | |
| michael@0 | 22 | <style> |
| michael@0 | 23 | li#unsafe-inline-style { |
| michael@0 | 24 | color: green; |
| michael@0 | 25 | } |
| michael@0 | 26 | </style> |
| michael@0 | 27 | </body> |
| michael@0 | 28 | </html> |
