1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/test_CSP_bug941404.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,111 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<head>
1.7 + <meta charset="utf-8">
1.8 + <title>Bug 941404 - Data documents should not set CSP</title>
1.9 + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.10 + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
1.11 +</head>
1.12 +<body>
1.13 +<p id="display"></p>
1.14 +<div id="content" style="display: none">
1.15 +
1.16 +
1.17 +</div>
1.18 +
1.19 +<iframe style="width:200px;height:200px;" id='cspframe'></iframe>
1.20 +<script class="testbody" type="text/javascript">
1.21 +
1.22 +
1.23 +var path = "/tests/content/base/test/csp/";
1.24 +
1.25 +// These are test results: -1 means it hasn't run,
1.26 +// true/false is the pass/fail result.
1.27 +window.tests = {
1.28 + img_good: -1,
1.29 + img2_good: -1,
1.30 +};
1.31 +
1.32 +
1.33 +//csp related
1.34 +
1.35 +// This is used to watch the blocked data bounce off CSP and allowed data
1.36 +// get sent out to the wire.
1.37 +function examiner() {
1.38 + SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
1.39 + SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
1.40 +}
1.41 +
1.42 +examiner.prototype = {
1.43 + observe: function(subject, topic, data) {
1.44 + var testpat = new RegExp("testid=([a-z0-9_]+)");
1.45 +
1.46 + //_good things better be allowed!
1.47 + //_bad things better be stopped!
1.48 +
1.49 + if (topic === "specialpowers-http-notify-request") {
1.50 + //these things were allowed by CSP
1.51 + var uri = data;
1.52 + if (!testpat.test(uri)) return;
1.53 + var testid = testpat.exec(uri)[1];
1.54 +
1.55 + window.testResult(testid,
1.56 + /_good/.test(testid),
1.57 + uri + " allowed by csp");
1.58 + }
1.59 +
1.60 + if(topic === "csp-on-violate-policy") {
1.61 + //these were blocked... record that they were blocked
1.62 + var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
1.63 + if (!testpat.test(asciiSpec)) return;
1.64 + var testid = testpat.exec(asciiSpec)[1];
1.65 + window.testResult(testid,
1.66 + /_bad/.test(testid),
1.67 + asciiSpec + " blocked by \"" + data + "\"");
1.68 + }
1.69 + },
1.70 +
1.71 + // must eventually call this to remove the listener,
1.72 + // or mochitests might get borked.
1.73 + remove: function() {
1.74 + SpecialPowers.removeObserver(this, "csp-on-violate-policy");
1.75 + SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
1.76 + }
1.77 +}
1.78 +
1.79 +window.examiner = new examiner();
1.80 +
1.81 +window.testResult = function(testname, result, msg) {
1.82 + //test already complete.... forget it... remember the first result.
1.83 + if (window.tests[testname] != -1)
1.84 + return;
1.85 +
1.86 + window.tests[testname] = result;
1.87 + is(result, true, testname + ' test: ' + msg);
1.88 +
1.89 + // if any test is incomplete, keep waiting
1.90 + for (var v in window.tests)
1.91 + if(tests[v] == -1) {
1.92 + console.log(v + " is not complete");
1.93 + return;
1.94 + }
1.95 +
1.96 + // ... otherwise, finish
1.97 + window.examiner.remove();
1.98 + SimpleTest.finish();
1.99 +}
1.100 +
1.101 +SimpleTest.waitForExplicitFinish();
1.102 +
1.103 +SpecialPowers.pushPrefEnv(
1.104 + {'set':[["security.csp.speccompliant", true]]},
1.105 + function() {
1.106 + // save this for last so that our listeners are registered.
1.107 + // ... this loads the testbed of good and bad requests.
1.108 + document.getElementById('cspframe').src = 'file_CSP_bug941404.html';
1.109 + });
1.110 +
1.111 +</script>
1.112 +</pre>
1.113 +</body>
1.114 +</html>
