content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.js@b8a032363ba2 (annotated)
content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.js
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | // some javascript for the CSP eval() tests |
| michael@0 | 2 | |
| michael@0 | 3 | function logResult(str, passed) { |
| michael@0 | 4 | var elt = document.createElement('div'); |
| michael@0 | 5 | var color = passed ? "#cfc;" : "#fcc"; |
| michael@0 | 6 | elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;'); |
| michael@0 | 7 | elt.innerHTML = str; |
| michael@0 | 8 | document.body.appendChild(elt); |
| michael@0 | 9 | } |
| michael@0 | 10 | |
| michael@0 | 11 | window._testResults = {}; |
| michael@0 | 12 | |
| michael@0 | 13 | // callback for when stuff is allowed by CSP |
| michael@0 | 14 | var onevalexecuted = (function(window) { |
| michael@0 | 15 | return function(shouldrun, what, data) { |
| michael@0 | 16 | window._testResults[what] = "ran"; |
| michael@0 | 17 | window.parent.scriptRan(shouldrun, what, data); |
| michael@0 | 18 | logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun); |
| michael@0 | 19 | };})(window); |
| michael@0 | 20 | |
| michael@0 | 21 | // callback for when stuff is blocked |
| michael@0 | 22 | var onevalblocked = (function(window) { |
| michael@0 | 23 | return function(shouldrun, what, data) { |
| michael@0 | 24 | window._testResults[what] = "blocked"; |
| michael@0 | 25 | window.parent.scriptBlocked(shouldrun, what, data); |
| michael@0 | 26 | logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun); |
| michael@0 | 27 | };})(window); |
| michael@0 | 28 | |
| michael@0 | 29 | |
| michael@0 | 30 | // Defer until document is loaded so that we can write the pretty result boxes |
| michael@0 | 31 | // out. |
| michael@0 | 32 | addEventListener('load', function() { |
| michael@0 | 33 | // generateCRMFRequest test -- make sure we cannot eval the callback if CSP is in effect |
| michael@0 | 34 | try { |
| michael@0 | 35 | var script = 'console.log("dynamic script eval\'d in crypto.generateCRMFRequest should be disallowed")'; |
| michael@0 | 36 | crypto.generateCRMFRequest('CN=0', 0, 0, null, script, 384, null, 'rsa-dual-use'); |
| michael@0 | 37 | onevalexecuted(false, "crypto.generateCRMFRequest()", |
| michael@0 | 38 | "crypto.generateCRMFRequest() should not run!"); |
| michael@0 | 39 | } catch (e) { |
| michael@0 | 40 | onevalblocked(false, "eval(script) inside crypto.generateCRMFRequest", |
| michael@0 | 41 | "eval was blocked during crypto.generateCRMFRequest"); |
| michael@0 | 42 | } |
| michael@0 | 43 | |
| michael@0 | 44 | |
| michael@0 | 45 | }, false); |
| michael@0 | 46 | |
| michael@0 | 47 | |
| michael@0 | 48 |
