1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/test_CSP_evalscript.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,65 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<head>
1.7 + <title>Test for Content Security Policy "no eval" base restriction</title>
1.8 + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.9 + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
1.10 +</head>
1.11 +<body>
1.12 +<p id="display"></p>
1.13 +<div id="content" style="display: none">
1.14 +</div>
1.15 +<iframe style="width:100%;height:300px;" id='cspframe'></iframe>
1.16 +<iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
1.17 +<iframe style="width:100%;height:300px;" id='cspframe3'></iframe>
1.18 +<script class="testbody" type="text/javascript">
1.19 +
1.20 +var path = "/tests/content/base/test/csp/";
1.21 +
1.22 +var evalScriptsThatRan = 0;
1.23 +var evalScriptsBlocked = 0;
1.24 +var evalScriptsTotal = 24;
1.25 +
1.26 +// called by scripts that run
1.27 +var scriptRan = function(shouldrun, testname, data) {
1.28 + evalScriptsThatRan++;
1.29 + ok(shouldrun, 'EVAL SCRIPT RAN: ' + testname + '(' + data + ')');
1.30 + checkTestResults();
1.31 +}
1.32 +
1.33 +// called when a script is blocked
1.34 +var scriptBlocked = function(shouldrun, testname, data) {
1.35 + evalScriptsBlocked++;
1.36 + ok(!shouldrun, 'EVAL SCRIPT BLOCKED: ' + testname + '(' + data + ')');
1.37 + checkTestResults();
1.38 +}
1.39 +
1.40 +
1.41 +// Check to see if all the tests have run
1.42 +var checkTestResults = function() {
1.43 + // if any test is incomplete, keep waiting
1.44 + if (evalScriptsTotal - evalScriptsBlocked - evalScriptsThatRan > 0)
1.45 + return;
1.46 +
1.47 + // ... otherwise, finish
1.48 + SimpleTest.finish();
1.49 +}
1.50 +
1.51 +//////////////////////////////////////////////////////////////////////
1.52 +// set up and go
1.53 +SimpleTest.waitForExplicitFinish();
1.54 +
1.55 +SpecialPowers.pushPrefEnv(
1.56 + {'set':[["security.csp.speccompliant", true]]},
1.57 + function() {
1.58 + // save this for last so that our listeners are registered.
1.59 + // ... this loads the testbed of good and bad requests.
1.60 + document.getElementById('cspframe').src = 'file_CSP_evalscript_main.html';
1.61 + document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_spec_compliant.html';
1.62 + document.getElementById('cspframe3').src = 'file_CSP_evalscript_main_spec_compliant_allowed.html';
1.63 + // document.getElementById('cspframe4').src = 'file_CSP_evalscript_no_CSP_at_all.html';
1.64 + });
1.65 +</script>
1.66 +</pre>
1.67 +</body>
1.68 +</html>
