The Tor Browser / file comparison
comparison: content/base/test/csp/test_CSP.html
content/base/test/csp/test_CSP.html
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:0a00344d5b54 |
|---|---|
| 1 <!DOCTYPE HTML> | |
| 2 <html> | |
| 3 <head> | |
| 4 <title>Test for Content Security Policy Connections</title> | |
| 5 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> | |
| 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> | |
| 7 </head> | |
| 8 <body> | |
| 9 <p id="display"></p> | |
| 10 <div id="content" style="display: none"> | |
| 11 </div> | |
| 12 <iframe style="width:200px;height:200px;" id='cspframe'></iframe> | |
| 13 <iframe style="width:200px;height:200px;" id='cspframe2'></iframe> | |
| 14 <script class="testbody" type="text/javascript"> | |
| 15 | |
| 16 var path = "/tests/content/base/test/csp/"; | |
| 17 | |
| 18 // These are test results: -1 means it hasn't run, | |
| 19 // true/false is the pass/fail result. | |
| 20 window.tests = { | |
| 21 img_good: -1, | |
| 22 img_bad: -1, | |
| 23 style_good: -1, | |
| 24 style_bad: -1, | |
| 25 frame_good: -1, | |
| 26 frame_bad: -1, | |
| 27 script_good: -1, | |
| 28 script_bad: -1, | |
| 29 xhr_good: -1, | |
| 30 xhr_bad: -1, | |
| 31 media_good: -1, | |
| 32 media_bad: -1, | |
| 33 font_good: -1, | |
| 34 font_bad: -1, | |
| 35 object_good: -1, | |
| 36 object_bad: -1, | |
| 37 img_spec_compliant_good: -1, | |
| 38 img_spec_compliant_bad: -1, | |
| 39 style_spec_compliant_good: -1, | |
| 40 style_spec_compliant_bad: -1, | |
| 41 frame_spec_compliant_good: -1, | |
| 42 frame_spec_compliant_bad: -1, | |
| 43 script_spec_compliant_good: -1, | |
| 44 script_spec_compliant_bad: -1, | |
| 45 xhr_spec_compliant_good: -1, | |
| 46 xhr_spec_compliant_bad: -1, | |
| 47 media_spec_compliant_good: -1, | |
| 48 media_spec_compliant_bad: -1, | |
| 49 font_spec_compliant_good: -1, | |
| 50 font_spec_compliant_bad: -1, | |
| 51 object_spec_compliant_good: -1, | |
| 52 object_spec_compliant_bad: -1, | |
| 53 }; | |
| 54 | |
| 55 // This is used to watch the blocked data bounce off CSP and allowed data | |
| 56 // get sent out to the wire. | |
| 57 function examiner() { | |
| 58 SpecialPowers.addObserver(this, "csp-on-violate-policy", false); | |
| 59 SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false); | |
| 60 } | |
| 61 examiner.prototype = { | |
| 62 observe: function(subject, topic, data) { | |
| 63 var testpat = new RegExp("testid=([a-z0-9_]+)"); | |
| 64 | |
| 65 //_good things better be allowed! | |
| 66 //_bad things better be stopped! | |
| 67 | |
| 68 // This is a special observer topic that is proxied from | |
| 69 // http-on-modify-request in the parent process to inform us when a URI is | |
| 70 // loaded | |
| 71 if (topic === "specialpowers-http-notify-request") { | |
| 72 var uri = data; | |
| 73 if (!testpat.test(uri)) return; | |
| 74 var testid = testpat.exec(uri)[1]; | |
| 75 | |
| 76 window.testResult(testid, | |
| 77 /_good/.test(testid), | |
| 78 uri + " allowed by csp"); | |
| 79 } | |
| 80 | |
| 81 if (topic === "csp-on-violate-policy") { | |
| 82 // these were blocked... record that they were blocked | |
| 83 var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec"); | |
| 84 if (!testpat.test(asciiSpec)) return; | |
| 85 var testid = testpat.exec(asciiSpec)[1]; | |
| 86 window.testResult(testid, | |
| 87 /_bad/.test(testid), | |
| 88 asciiSpec + " blocked by \"" + data + "\""); | |
| 89 } | |
| 90 }, | |
| 91 | |
| 92 // must eventually call this to remove the listener, | |
| 93 // or mochitests might get borked. | |
| 94 remove: function() { | |
| 95 SpecialPowers.removeObserver(this, "csp-on-violate-policy"); | |
| 96 SpecialPowers.removeObserver(this, "specialpowers-http-notify-request"); | |
| 97 } | |
| 98 } | |
| 99 | |
| 100 window.examiner = new examiner(); | |
| 101 | |
| 102 window.testResult = function(testname, result, msg) { | |
| 103 //test already complete.... forget it... remember the first result. | |
| 104 if (window.tests[testname] != -1) | |
| 105 return; | |
| 106 | |
| 107 window.tests[testname] = result; | |
| 108 is(result, true, testname + ' test: ' + msg); | |
| 109 | |
| 110 // if any test is incomplete, keep waiting | |
| 111 for (var v in window.tests) | |
| 112 if(tests[v] == -1) | |
| 113 return; | |
| 114 | |
| 115 // ... otherwise, finish | |
| 116 window.examiner.remove(); | |
| 117 SimpleTest.finish(); | |
| 118 } | |
| 119 | |
| 120 SimpleTest.waitForExplicitFinish(); | |
| 121 | |
| 122 SpecialPowers.pushPrefEnv( | |
| 123 {'set':[["security.csp.speccompliant", true], | |
| 124 // This defaults to 0 ("preload none") on mobile (B2G/Android), which | |
| 125 // blocks loading the resource until the user interacts with a | |
| 126 // corresponding widget, which breaks the media_* tests. We set it | |
| 127 // back to the default used by desktop Firefox to get consistent | |
| 128 // behavior. | |
| 129 ["media.preload.default", 2]]}, | |
| 130 function() { | |
| 131 // save this for last so that our listeners are registered. | |
| 132 // ... this loads the testbed of good and bad requests. | |
| 133 document.getElementById('cspframe').src = 'file_CSP_main.html'; | |
| 134 document.getElementById('cspframe2').src = 'file_CSP_main_spec_compliant.html'; | |
| 135 }); | |
| 136 </script> | |
| 137 </pre> | |
| 138 </body> | |
| 139 </html> |
