The Tor Browser / file diff

diff: content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.js

content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.js

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.js	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,48 @@
     1.4 +// some javascript for the CSP eval() tests
     1.5 +
     1.6 +function logResult(str, passed) {
     1.7 +  var elt = document.createElement('div');
     1.8 +  var color = passed ? "#cfc;" : "#fcc";
     1.9 +  elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
    1.10 +  elt.innerHTML = str;
    1.11 +  document.body.appendChild(elt);
    1.12 +}
    1.13 +
    1.14 +window._testResults = {};
    1.15 +
    1.16 +// callback for when stuff is allowed by CSP
    1.17 +var onevalexecuted = (function(window) {
    1.18 +    return function(shouldrun, what, data) {
    1.19 +      window._testResults[what] = "ran";
    1.20 +      window.parent.scriptRan(shouldrun, what, data);
    1.21 +      logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
    1.22 +    };})(window);
    1.23 +
    1.24 +// callback for when stuff is blocked
    1.25 +var onevalblocked = (function(window) {
    1.26 +    return function(shouldrun, what, data) {
    1.27 +      window._testResults[what] = "blocked";
    1.28 +      window.parent.scriptBlocked(shouldrun, what, data);
    1.29 +      logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
    1.30 +    };})(window);
    1.31 +
    1.32 +
    1.33 +// Defer until document is loaded so that we can write the pretty result boxes
    1.34 +// out.
    1.35 +addEventListener('load', function() {
    1.36 +  // generateCRMFRequest test -- make sure we cannot eval the callback if CSP is in effect
    1.37 +  try {
    1.38 +    var script = 'console.log("dynamic script eval\'d in crypto.generateCRMFRequest should be disallowed")';
    1.39 +    crypto.generateCRMFRequest('CN=0', 0, 0, null, script, 384, null, 'rsa-dual-use');
    1.40 +    onevalexecuted(false, "crypto.generateCRMFRequest()",
    1.41 +                   "crypto.generateCRMFRequest() should not run!");
    1.42 +  } catch (e) {
    1.43 +    onevalblocked(false, "eval(script) inside crypto.generateCRMFRequest",
    1.44 +                  "eval was blocked during crypto.generateCRMFRequest");
    1.45 +  }
    1.46 +
    1.47 +
    1.48 +}, false);
    1.49 +
    1.50 +
    1.51 +

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial