The Tor Browser / annotate

content/base/test/csp/test_CSP_bug663567.html@b8a032363ba2 (annotated)

content/base/test/csp/test_CSP_bug663567.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 <!DOCTYPE HTML>
michael@0 2 <html>
michael@0 3 <head>
michael@0 4 <title>Test if XSLT stylesheet is subject to document's CSP</title>
michael@0 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
michael@0 6 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
michael@0 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
michael@0 8 </head>
michael@0 9 <body>
michael@0 10 <p id="display"></p>
michael@0 11 <div id="content" style="display: none"></div>
michael@0 12 <iframe style="width:100%;" id='xsltframe'></iframe>
michael@0 13 <iframe style="width:100%;" id='xsltframe2'></iframe>
michael@0 14
michael@0 15 <script class="testbody" type="text/javascript">
michael@0 16
michael@0 17 SimpleTest.waitForExplicitFinish();
michael@0 18
michael@0 19 // define the expected output of this test
michael@0 20 var header = "this xml file should be formatted using an xsl file(lower iframe should contain xml dump)!";
michael@0 21
michael@0 22 var finishedTests = 0;
michael@0 23 var numberOfTests = 2;
michael@0 24
michael@0 25 var checkExplicitFinish = function() {
michael@0 26 finishedTests++;
michael@0 27 if (finishedTests == numberOfTests) {
michael@0 28 SimpleTest.finish();
michael@0 29 }
michael@0 30 }
michael@0 31
michael@0 32 function checkAllowed () {
michael@0 33 /* The policy for this test is:
michael@0 34 * Content-Security-Policy: default-src 'self'
michael@0 35 *
michael@0 36 * we load the xsl file using:
michael@0 37 * <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?>
michael@0 38 */
michael@0 39 try {
michael@0 40 var cspframe = document.getElementById('xsltframe');
michael@0 41 var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML;
michael@0 42 is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!");
michael@0 43 }
michael@0 44 catch (e) {
michael@0 45 ok(false, "Error: could not access content in xsltframe!")
michael@0 46 }
michael@0 47 checkExplicitFinish();
michael@0 48 }
michael@0 49
michael@0 50 function checkBlocked () {
michael@0 51 /* The policy for this test is:
michael@0 52 * Content-Security-Policy: default-src *.example.com
michael@0 53 *
michael@0 54 * we load the xsl file using:
michael@0 55 * <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?>
michael@0 56 */
michael@0 57 try {
michael@0 58 var cspframe = document.getElementById('xsltframe2');
michael@0 59 var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader');
michael@0 60 is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!");
michael@0 61 }
michael@0 62 catch (e) {
michael@0 63 ok(false, "Error: could not access content in xsltframe2!")
michael@0 64 }
michael@0 65 checkExplicitFinish();
michael@0 66 }
michael@0 67
michael@0 68 SpecialPowers.pushPrefEnv(
michael@0 69 {'set':[["security.csp.speccompliant", true]]},
michael@0 70 function () {
michael@0 71 document.getElementById('xsltframe').addEventListener('load', checkAllowed, false);
michael@0 72 document.getElementById('xsltframe').src = 'file_CSP_bug663567_allows.xml';
michael@0 73
michael@0 74 document.getElementById('xsltframe2').addEventListener('load', checkBlocked, false);
michael@0 75 document.getElementById('xsltframe2').src = 'file_CSP_bug663567_blocks.xml';
michael@0 76 }
michael@0 77 );
michael@0 78
michael@0 79 </script>
michael@0 80 </body>
michael@0 81 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial