The Tor Browser / annotate

content/base/test/file_mixed_content_main.html@6474c204b198 (annotated)

content/base/test/file_mixed_content_main.html

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 <!DOCTYPE HTML>
michael@0 2 <html>
michael@0 3 <!--
michael@0 4 Tests for Mixed Content Blocker
michael@0 5 https://bugzilla.mozilla.org/show_bug.cgi?id=62178
michael@0 6 -->
michael@0 7 <head>
michael@0 8 <meta charset="utf-8">
michael@0 9 <title>Tests for Bug 62178</title>
michael@0 10 <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
michael@0 11 </head>
michael@0 12 <body>
michael@0 13 <div id="testContent"></div>
michael@0 14
michael@0 15 <!-- types the Mixed Content Blocker can block
michael@0 16 /*
michael@0 17 switch (aContentType) {
michael@0 18 case nsIContentPolicy::TYPE_OBJECT:
michael@0 19 case nsIContentPolicy::TYPE_SCRIPT:
michael@0 20 case nsIContentPolicy::TYPE_STYLESHEET:
michael@0 21 case nsIContentPolicy::TYPE_SUBDOCUMENT:
michael@0 22 case nsIContentPolicy::TYPE_XMLHTTPREQUEST:
michael@0 23
michael@0 24 case nsIContentPolicy::TYPE_FONT: - NO TEST:
michael@0 25 Load events for external fonts are not detectable by javascript.
michael@0 26 case nsIContentPolicy::TYPE_WEBSOCKET: - NO TEST:
michael@0 27 websocket connections over https require an encrypted websocket protocol (wss:)
michael@0 28
michael@0 29 case nsIContentPolicy::TYPE_IMAGE:
michael@0 30 case nsIContentPolicy::TYPE_MEDIA:
michael@0 31 case nsIContentPolicy::TYPE_PING:
michael@0 32 our ping implementation is off by default and does not comply with the current spec (bug 786347)
michael@0 33 case nsIContentPolicy::TYPE_BEACON:
michael@0 34
michael@0 35 }
michael@0 36 */
michael@0 37 -->
michael@0 38
michael@0 39 <script>
michael@0 40 var baseUrl = "http://example.com/tests/content/base/test/file_mixed_content_server.sjs";
michael@0 41
michael@0 42 //For tests that require setTimeout, set the maximum polling time to 100 x 100ms = 10 seconds.
michael@0 43 var MAX_COUNT = 100;
michael@0 44 var TIMEOUT_INTERVAL = 100;
michael@0 45
michael@0 46 var testContent = document.getElementById("testContent");
michael@0 47
michael@0 48 /* Part 1: Mixed Script tests */
michael@0 49
michael@0 50 // Test 1a: insecure object
michael@0 51 var object = document.createElement("object");
michael@0 52 object.data = baseUrl + "?type=object";
michael@0 53 object.type = "application/x-test";
michael@0 54 object.width = "200";
michael@0 55 object.height = "200";
michael@0 56
michael@0 57 testContent.appendChild(object);
michael@0 58
michael@0 59 var objectCount = 0;
michael@0 60
michael@0 61 function objectStatus(object) {
michael@0 62 // Expose our privileged bits on the object
michael@0 63 object = SpecialPowers.wrap(object);
michael@0 64
michael@0 65 if (object.displayedType != SpecialPowers.Ci.nsIObjectLoadingContent.TYPE_NULL) {
michael@0 66 //object loaded
michael@0 67 parent.postMessage({"test": "object", "msg": "insecure object loaded"}, "http://mochi.test:8888");
michael@0 68 }
michael@0 69 else {
michael@0 70 if(objectCount < MAX_COUNT) {
michael@0 71 objectCount++;
michael@0 72 setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
michael@0 73 }
michael@0 74 else {
michael@0 75 //After we have called setTimeout the maximum number of times, assume object is blocked
michael@0 76 parent.postMessage({"test": "object", "msg": "insecure object blocked"}, "http://mochi.test:8888");
michael@0 77 }
michael@0 78 }
michael@0 79 }
michael@0 80
michael@0 81 // object does not have onload and onerror events. Hence we need a setTimeout to check the object's status
michael@0 82 setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
michael@0 83
michael@0 84 // Test 1b: insecure script
michael@0 85 var script = document.createElement("script");
michael@0 86 var scriptLoad = false;
michael@0 87 var scriptCount = 0;
michael@0 88 script.src = baseUrl + "?type=script";
michael@0 89 script.onload = function() {
michael@0 90 parent.postMessage({"test": "script", "msg": "insecure script loaded"}, "http://mochi.test:8888");
michael@0 91 scriptLoad = true;
michael@0 92 }
michael@0 93 testContent.appendChild(script);
michael@0 94
michael@0 95 function scriptStatus(script)
michael@0 96 {
michael@0 97 if(scriptLoad) {
michael@0 98 return;
michael@0 99 }
michael@0 100 else {
michael@0 101 if(scriptCount < MAX_COUNT) {
michael@0 102 scriptCount++;
michael@0 103 setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
michael@0 104 }
michael@0 105 else {
michael@0 106 //After we have called setTimeout the maximum number of times, assume script is blocked
michael@0 107 parent.postMessage({"test": "script", "msg": "insecure script blocked"}, "http://mochi.test:8888");
michael@0 108 }
michael@0 109 }
michael@0 110 }
michael@0 111
michael@0 112 // scripts blocked by Content Policy's do not have onerror events (see bug 789856). Hence we need a setTimeout to check the script's status
michael@0 113 setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
michael@0 114
michael@0 115
michael@0 116 // Test 1c: insecure stylesheet
michael@0 117 var cssStyleSheet = document.createElement("link");
michael@0 118 cssStyleSheet.rel = "stylesheet";
michael@0 119 cssStyleSheet.href = baseUrl + "?type=stylesheet";
michael@0 120 cssStyleSheet.type = "text/css";
michael@0 121 testContent.appendChild(cssStyleSheet);
michael@0 122
michael@0 123 var styleCount = 0;
michael@0 124
michael@0 125 function styleStatus(cssStyleSheet) {
michael@0 126 if( cssStyleSheet.sheet || cssStyleSheet.styleSheet || cssStyleSheet.innerHTML ) {
michael@0 127 parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet loaded"}, "http://mochi.test:8888");
michael@0 128 }
michael@0 129 else {
michael@0 130 if(styleCount < MAX_COUNT) {
michael@0 131 styleCount++;
michael@0 132 setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
michael@0 133 }
michael@0 134 else {
michael@0 135 //After we have called setTimeout the maximum number of times, assume stylesheet is blocked
michael@0 136 parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet blocked"}, "http://mochi.test:8888");
michael@0 137 }
michael@0 138 }
michael@0 139 }
michael@0 140
michael@0 141 // link does not have onload and onerror events. Hence we need a setTimeout to check the link's status
michael@0 142 window.setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
michael@0 143
michael@0 144 // Test 1d: insecure iframe
michael@0 145 var iframe = document.createElement("iframe");
michael@0 146 iframe.src = baseUrl + "?type=iframe";
michael@0 147 iframe.onload = function() {
michael@0 148 parent.postMessage({"test": "iframe", "msg": "insecure iframe loaded"}, "http://mochi.test:8888");
michael@0 149 }
michael@0 150 iframe.onerror = function() {
michael@0 151 parent.postMessage({"test": "iframe", "msg": "insecure iframe blocked"}, "http://mochi.test:8888");
michael@0 152 };
michael@0 153 testContent.appendChild(iframe);
michael@0 154
michael@0 155
michael@0 156 // Test 1e: insecure xhr
michael@0 157 var xhrsuccess = true;
michael@0 158 var xhr = new XMLHttpRequest;
michael@0 159 try {
michael@0 160 xhr.open("GET", baseUrl + "?type=xhr", true);
michael@0 161 } catch(ex) {
michael@0 162 xhrsuccess = false;
michael@0 163 parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
michael@0 164 }
michael@0 165
michael@0 166 if(xhrsuccess) {
michael@0 167 xhr.onreadystatechange = function (oEvent) {
michael@0 168 var result = false;
michael@0 169 if (xhr.readyState == 4) {
michael@0 170 if (xhr.status == 200) {
michael@0 171 parent.postMessage({"test": "xhr", "msg": "insecure xhr loaded"}, "http://mochi.test:8888");
michael@0 172 }
michael@0 173 else {
michael@0 174 parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
michael@0 175 }
michael@0 176 }
michael@0 177 }
michael@0 178
michael@0 179 xhr.send(null);
michael@0 180 }
michael@0 181
michael@0 182 /* Part 2: Mixed Display tests */
michael@0 183
michael@0 184 // Test 2a: insecure image
michael@0 185 var img = document.createElement("img");
michael@0 186 img.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
michael@0 187 img.onload = function() {
michael@0 188 parent.postMessage({"test": "image", "msg": "insecure image loaded"}, "http://mochi.test:8888");
michael@0 189 }
michael@0 190 img.onerror = function() {
michael@0 191 parent.postMessage({"test": "image", "msg": "insecure image blocked"}, "http://mochi.test:8888");
michael@0 192 }
michael@0 193 // We don't need to append the image to the document. Doing so causes the image test to run twice.
michael@0 194
michael@0 195
michael@0 196 // Test 2b: insecure media
michael@0 197 var media = document.createElement("video");
michael@0 198 media.src = "http://mochi.test:8888/tests/content/media/test/320x240.ogv?" + Math.floor((Math.random()*1000)+1);
michael@0 199 media.width = "320";
michael@0 200 media.height = "200";
michael@0 201 media.type = "video/ogg";
michael@0 202 media.onloadeddata = function() {
michael@0 203 parent.postMessage({"test": "media", "msg": "insecure media loaded"}, "http://mochi.test:8888");
michael@0 204 }
michael@0 205 media.onerror = function() {
michael@0 206 parent.postMessage({"test": "media", "msg": "insecure media blocked"}, "http://mochi.test:8888");
michael@0 207 }
michael@0 208 // We don't need to append the video to the document. Doing so causes the image test to run twice.
michael@0 209
michael@0 210 </script>
michael@0 211 </body>
michael@0 212 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial