The Tor Browser / file comparison
comparison: content/base/test/csp/test_CSP_bug885433.html
content/base/test/csp/test_CSP_bug885433.html
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:539b270a24ed |
|---|---|
| 1 <!DOCTYPE HTML> | |
| 2 <html> | |
| 3 <head> | |
| 4 <title>Test for Content Security Policy inline stylesheets stuff</title> | |
| 5 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> | |
| 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> | |
| 7 </head> | |
| 8 <body> | |
| 9 <p id="display"></p> | |
| 10 <div id="content" style="display: none"> | |
| 11 </div> | |
| 12 | |
| 13 <iframe style="width:100%;" id='cspframe'></iframe> | |
| 14 <iframe style="width:100%;" id='cspframe2'></iframe> | |
| 15 <script class="testbody" type="text/javascript"> | |
| 16 | |
| 17 ////////////////////////////////////////////////////////////////////// | |
| 18 // set up and go | |
| 19 SimpleTest.waitForExplicitFinish(); | |
| 20 | |
| 21 // utilities for check functions | |
| 22 // black means the style wasn't applied, applied styles are green | |
| 23 var green = 'rgb(0, 128, 0)'; | |
| 24 var black = 'rgb(0, 0, 0)'; | |
| 25 | |
| 26 // We test both script and style execution by observing changes in computed styles | |
| 27 function checkAllowed () { | |
| 28 var cspframe = document.getElementById('cspframe'); | |
| 29 var color; | |
| 30 | |
| 31 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-allowed')).color; | |
| 32 ok(color === green, "Inline script should be allowed"); | |
| 33 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-allowed')).color; | |
| 34 ok(color === green, "Eval should be allowed"); | |
| 35 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-allowed')).color; | |
| 36 ok(color === green, "Inline style should be allowed"); | |
| 37 } | |
| 38 | |
| 39 function checkBlocked () { | |
| 40 var cspframe = document.getElementById('cspframe2'); | |
| 41 var color; | |
| 42 | |
| 43 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-blocked')).color; | |
| 44 ok(color === black, "Inline script should be blocked"); | |
| 45 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-blocked')).color; | |
| 46 ok(color === black, "Eval should be blocked"); | |
| 47 color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-blocked')).color; | |
| 48 ok(color === black, "Inline style should be blocked"); | |
| 49 | |
| 50 SimpleTest.finish(); | |
| 51 } | |
| 52 | |
| 53 SpecialPowers.pushPrefEnv( | |
| 54 {'set':[["security.csp.speccompliant", true]]}, | |
| 55 function () { | |
| 56 document.getElementById('cspframe').src = 'file_CSP_bug885433_allows.html'; | |
| 57 document.getElementById('cspframe').addEventListener('load', checkAllowed, false); | |
| 58 document.getElementById('cspframe2').src = 'file_CSP_bug885433_blocks.html'; | |
| 59 document.getElementById('cspframe2').addEventListener('load', checkBlocked, false); | |
| 60 } | |
| 61 ); | |
| 62 </script> | |
| 63 </pre> | |
| 64 </body> | |
| 65 </html> |
