The Tor Browser / annotate

content/base/test/test_CrossSiteXHR_origin.html@b8a032363ba2 (annotated)

content/base/test/test_CrossSiteXHR_origin.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 <!DOCTYPE HTML>
michael@0 2 <html>
michael@0 3 <head>
michael@0 4 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
michael@0 5 <title>Test for Cross Site XMLHttpRequest</title>
michael@0 6 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
michael@0 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
michael@0 8 </head>
michael@0 9 <body onload="gen.next()">
michael@0 10 <p id="display">
michael@0 11 <iframe id=loader></iframe>
michael@0 12 </p>
michael@0 13 <div id="content" style="display: none">
michael@0 14
michael@0 15 </div>
michael@0 16 <pre id="test">
michael@0 17 <script class="testbody" type="application/javascript;version=1.8">
michael@0 18
michael@0 19 SimpleTest.waitForExplicitFinish();
michael@0 20
michael@0 21 var origins =
michael@0 22 [{ server: 'http://example.org' },
michael@0 23 { server: 'http://example.org:80',
michael@0 24 origin: 'http://example.org'
michael@0 25 },
michael@0 26 { server: 'http://sub1.test1.example.org' },
michael@0 27 { server: 'http://test2.example.org:8000' },
michael@0 28 { server: 'http://sub1.\xe4lt.example.org:8000',
michael@0 29 origin: 'http://sub1.xn--lt-uia.example.org:8000'
michael@0 30 },
michael@0 31 { server: 'http://sub2.\xe4lt.example.org',
michael@0 32 origin: 'http://sub2.xn--lt-uia.example.org'
michael@0 33 },
michael@0 34 { server: 'http://ex\xe4mple.test',
michael@0 35 origin: 'http://xn--exmple-cua.test'
michael@0 36 },
michael@0 37 { server: 'http://xn--exmple-cua.test' },
michael@0 38 { server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae',
michael@0 39 origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp'
michael@0 40 },
michael@0 41 { origin: 'http://example.org',
michael@0 42 file: 'jar:http://example.org/tests/content/base/test/file_CrossSiteXHR_inner.jar!/file_CrossSiteXHR_inner.html'
michael@0 43 },
michael@0 44 { origin: 'null',
michael@0 45 file: 'http://example.org/tests/content/base/test/file_CrossSiteXHR_inner_data.sjs'
michael@0 46 },
michael@0 47 ];
michael@0 48
michael@0 49 //['https://example.com:443'],
michael@0 50 //['https://sub1.test1.example.com:443'],
michael@0 51
michael@0 52 window.addEventListener("message", function(e) {
michael@0 53 gen.send(e.data);
michael@0 54 }, false);
michael@0 55
michael@0 56 gen = runTest();
michael@0 57
michael@0 58 function runTest() {
michael@0 59 var loader = document.getElementById('loader');
michael@0 60 var loaderWindow = loader.contentWindow;
michael@0 61 loader.onload = function () { gen.next() };
michael@0 62
michael@0 63 // Test preflight-less requests
michael@0 64 basePath = "/tests/content/base/test/file_CrossSiteXHR_server.sjs?"
michael@0 65 baseURL = "http://mochi.test:8888" + basePath;
michael@0 66
michael@0 67 for (originEntry of origins) {
michael@0 68 origin = originEntry.origin || originEntry.server;
michael@0 69
michael@0 70 loader.src = originEntry.file ||
michael@0 71 (originEntry.server + "/tests/content/base/test/file_CrossSiteXHR_inner.html");
michael@0 72 yield undefined;
michael@0 73
michael@0 74 var isNullOrigin = origin == "null";
michael@0 75
michael@0 76 port = /:\d+/;
michael@0 77 passTests = [
michael@0 78 origin,
michael@0 79 "*",
michael@0 80 " \t " + origin + "\t \t",
michael@0 81 "\t \t* \t ",
michael@0 82 ];
michael@0 83 failTests = [
michael@0 84 "",
michael@0 85 " ",
michael@0 86 port.test(origin) ? origin.replace(port, "")
michael@0 87 : origin + ":1234",
michael@0 88 port.test(origin) ? origin.replace(port, ":")
michael@0 89 : origin + ":",
michael@0 90 origin + ".",
michael@0 91 origin + "/",
michael@0 92 origin + "#",
michael@0 93 origin + "?",
michael@0 94 origin + "\\",
michael@0 95 origin + "%",
michael@0 96 origin + "@",
michael@0 97 origin + "/hello",
michael@0 98 "foo:bar@" + origin,
michael@0 99 "* " + origin,
michael@0 100 origin + " " + origin,
michael@0 101 "allow <" + origin + ">",
michael@0 102 "<" + origin + ">",
michael@0 103 "<*>",
michael@0 104 origin.substr(0, 5) == "https" ? origin.replace("https", "http")
michael@0 105 : origin.replace("http", "https"),
michael@0 106 origin.replace("://", "://www."),
michael@0 107 origin.replace("://", ":// "),
michael@0 108 origin.replace(/\/[^.]+\./, "/"),
michael@0 109 ];
michael@0 110
michael@0 111 if (isNullOrigin) {
michael@0 112 passTests = ["*", "\t \t* \t ", "null"];
michael@0 113 failTests = failTests.filter(function(v) { return v != origin });
michael@0 114 }
michael@0 115
michael@0 116 for (allowOrigin of passTests) {
michael@0 117 req = {
michael@0 118 url: baseURL +
michael@0 119 "allowOrigin=" + escape(allowOrigin) +
michael@0 120 "&origin=" + escape(origin),
michael@0 121 method: "GET",
michael@0 122 };
michael@0 123 loaderWindow.postMessage(req.toSource(), isNullOrigin ? "*" : origin);
michael@0 124
michael@0 125 res = eval(yield);
michael@0 126 is(res.didFail, false, "shouldn't have failed for " + allowOrigin);
michael@0 127 is(res.status, 200, "wrong status for " + allowOrigin);
michael@0 128 is(res.statusText, "OK", "wrong status text for " + allowOrigin);
michael@0 129 is(res.responseXML,
michael@0 130 "<res>hello pass</res>",
michael@0 131 "wrong responseXML in test for " + allowOrigin);
michael@0 132 is(res.responseText, "<res>hello pass</res>\n",
michael@0 133 "wrong responseText in test for " + allowOrigin);
michael@0 134 is(res.events.join(","),
michael@0 135 "opening,rs1,sending,loadstart,rs2,rs3,rs4,load,loadend",
michael@0 136 "wrong responseText in test for " + allowOrigin);
michael@0 137 }
michael@0 138
michael@0 139 for (allowOrigin of failTests) {
michael@0 140 req = {
michael@0 141 url: baseURL + "allowOrigin=" + escape(allowOrigin),
michael@0 142 method: "GET",
michael@0 143 };
michael@0 144 loaderWindow.postMessage(req.toSource(), isNullOrigin ? "*" : origin);
michael@0 145
michael@0 146 res = eval(yield);
michael@0 147 is(res.didFail, true, "should have failed for " + allowOrigin);
michael@0 148 is(res.responseText, "", "should have no text for " + allowOrigin);
michael@0 149 is(res.status, 0, "should have no status for " + allowOrigin);
michael@0 150 is(res.statusText, "", "wrong status text for " + allowOrigin);
michael@0 151 is(res.responseXML, null, "should have no XML for " + allowOrigin);
michael@0 152 is(res.events.join(","),
michael@0 153 "opening,rs1,sending,loadstart,rs2,rs4,error,loadend",
michael@0 154 "wrong events in test for " + allowOrigin);
michael@0 155 is(res.progressEvents, 0,
michael@0 156 "wrong events in test for " + allowOrigin);
michael@0 157 }
michael@0 158 }
michael@0 159
michael@0 160 SimpleTest.finish();
michael@0 161
michael@0 162 yield undefined;
michael@0 163 }
michael@0 164
michael@0 165 </script>
michael@0 166 </pre>
michael@0 167 </body>
michael@0 168 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial