The Tor Browser / file comparison
comparison: content/base/test/csp/test_CSP_bug663567.html
content/base/test/csp/test_CSP_bug663567.html
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:cc8b8d2e94b8 |
|---|---|
| 1 <!DOCTYPE HTML> | |
| 2 <html> | |
| 3 <head> | |
| 4 <title>Test if XSLT stylesheet is subject to document's CSP</title> | |
| 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> | |
| 6 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> | |
| 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> | |
| 8 </head> | |
| 9 <body> | |
| 10 <p id="display"></p> | |
| 11 <div id="content" style="display: none"></div> | |
| 12 <iframe style="width:100%;" id='xsltframe'></iframe> | |
| 13 <iframe style="width:100%;" id='xsltframe2'></iframe> | |
| 14 | |
| 15 <script class="testbody" type="text/javascript"> | |
| 16 | |
| 17 SimpleTest.waitForExplicitFinish(); | |
| 18 | |
| 19 // define the expected output of this test | |
| 20 var header = "this xml file should be formatted using an xsl file(lower iframe should contain xml dump)!"; | |
| 21 | |
| 22 var finishedTests = 0; | |
| 23 var numberOfTests = 2; | |
| 24 | |
| 25 var checkExplicitFinish = function() { | |
| 26 finishedTests++; | |
| 27 if (finishedTests == numberOfTests) { | |
| 28 SimpleTest.finish(); | |
| 29 } | |
| 30 } | |
| 31 | |
| 32 function checkAllowed () { | |
| 33 /* The policy for this test is: | |
| 34 * Content-Security-Policy: default-src 'self' | |
| 35 * | |
| 36 * we load the xsl file using: | |
| 37 * <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?> | |
| 38 */ | |
| 39 try { | |
| 40 var cspframe = document.getElementById('xsltframe'); | |
| 41 var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML; | |
| 42 is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!"); | |
| 43 } | |
| 44 catch (e) { | |
| 45 ok(false, "Error: could not access content in xsltframe!") | |
| 46 } | |
| 47 checkExplicitFinish(); | |
| 48 } | |
| 49 | |
| 50 function checkBlocked () { | |
| 51 /* The policy for this test is: | |
| 52 * Content-Security-Policy: default-src *.example.com | |
| 53 * | |
| 54 * we load the xsl file using: | |
| 55 * <?xml-stylesheet type="text/xsl" href="file_CSP_bug663467.xsl"?> | |
| 56 */ | |
| 57 try { | |
| 58 var cspframe = document.getElementById('xsltframe2'); | |
| 59 var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader'); | |
| 60 is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!"); | |
| 61 } | |
| 62 catch (e) { | |
| 63 ok(false, "Error: could not access content in xsltframe2!") | |
| 64 } | |
| 65 checkExplicitFinish(); | |
| 66 } | |
| 67 | |
| 68 SpecialPowers.pushPrefEnv( | |
| 69 {'set':[["security.csp.speccompliant", true]]}, | |
| 70 function () { | |
| 71 document.getElementById('xsltframe').addEventListener('load', checkAllowed, false); | |
| 72 document.getElementById('xsltframe').src = 'file_CSP_bug663567_allows.xml'; | |
| 73 | |
| 74 document.getElementById('xsltframe2').addEventListener('load', checkBlocked, false); | |
| 75 document.getElementById('xsltframe2').src = 'file_CSP_bug663567_blocks.xml'; | |
| 76 } | |
| 77 ); | |
| 78 | |
| 79 </script> | |
| 80 </body> | |
| 81 </html> |
