The Tor Browser / annotate

content/base/test/csp/test_CSP_bug885433.html@b8a032363ba2 (annotated)

content/base/test/csp/test_CSP_bug885433.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 <!DOCTYPE HTML>
michael@0 2 <html>
michael@0 3 <head>
michael@0 4 <title>Test for Content Security Policy inline stylesheets stuff</title>
michael@0 5 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
michael@0 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
michael@0 7 </head>
michael@0 8 <body>
michael@0 9 <p id="display"></p>
michael@0 10 <div id="content" style="display: none">
michael@0 11 </div>
michael@0 12
michael@0 13 <iframe style="width:100%;" id='cspframe'></iframe>
michael@0 14 <iframe style="width:100%;" id='cspframe2'></iframe>
michael@0 15 <script class="testbody" type="text/javascript">
michael@0 16
michael@0 17 //////////////////////////////////////////////////////////////////////
michael@0 18 // set up and go
michael@0 19 SimpleTest.waitForExplicitFinish();
michael@0 20
michael@0 21 // utilities for check functions
michael@0 22 // black means the style wasn't applied, applied styles are green
michael@0 23 var green = 'rgb(0, 128, 0)';
michael@0 24 var black = 'rgb(0, 0, 0)';
michael@0 25
michael@0 26 // We test both script and style execution by observing changes in computed styles
michael@0 27 function checkAllowed () {
michael@0 28 var cspframe = document.getElementById('cspframe');
michael@0 29 var color;
michael@0 30
michael@0 31 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-allowed')).color;
michael@0 32 ok(color === green, "Inline script should be allowed");
michael@0 33 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-allowed')).color;
michael@0 34 ok(color === green, "Eval should be allowed");
michael@0 35 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-allowed')).color;
michael@0 36 ok(color === green, "Inline style should be allowed");
michael@0 37 }
michael@0 38
michael@0 39 function checkBlocked () {
michael@0 40 var cspframe = document.getElementById('cspframe2');
michael@0 41 var color;
michael@0 42
michael@0 43 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-blocked')).color;
michael@0 44 ok(color === black, "Inline script should be blocked");
michael@0 45 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-blocked')).color;
michael@0 46 ok(color === black, "Eval should be blocked");
michael@0 47 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-blocked')).color;
michael@0 48 ok(color === black, "Inline style should be blocked");
michael@0 49
michael@0 50 SimpleTest.finish();
michael@0 51 }
michael@0 52
michael@0 53 SpecialPowers.pushPrefEnv(
michael@0 54 {'set':[["security.csp.speccompliant", true]]},
michael@0 55 function () {
michael@0 56 document.getElementById('cspframe').src = 'file_CSP_bug885433_allows.html';
michael@0 57 document.getElementById('cspframe').addEventListener('load', checkAllowed, false);
michael@0 58 document.getElementById('cspframe2').src = 'file_CSP_bug885433_blocks.html';
michael@0 59 document.getElementById('cspframe2').addEventListener('load', checkBlocked, false);
michael@0 60 }
michael@0 61 );
michael@0 62 </script>
michael@0 63 </pre>
michael@0 64 </body>
michael@0 65 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial