The Tor Browser / file diff

diff: content/base/test/csp/test_csp_report.html

content/base/test/csp/test_csp_report.html

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/content/base/test/csp/test_csp_report.html	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,108 @@
     1.4 +<!DOCTYPE HTML>
     1.5 +<html>
     1.6 +<!--
     1.7 +https://bugzilla.mozilla.org/show_bug.cgi?id=548193
     1.8 +-->
     1.9 +<head>
    1.10 +  <title>Test for Bug 548193</title>
    1.11 +  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
    1.12 +  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
    1.13 +</head>
    1.14 +<body>
    1.15 +<p id="display"></p>
    1.16 +<div id="content" style="display: none">
    1.17 +</div>
    1.18 +
    1.19 +<iframe style="width:200px;height:200px;" id='cspframe'></iframe>
    1.20 +<script class="testbody" type="text/javascript">
    1.21 +// This is used to watch requests go out so we can see if the report is
    1.22 +// sent correctly
    1.23 +function examiner() {
    1.24 +  SpecialPowers.addObserver(this, "http-on-opening-request", false);
    1.25 +}
    1.26 +examiner.prototype  = {
    1.27 +  observe: function(subject, topic, data) {
    1.28 +    // subject should be an nsURI
    1.29 +    if (!SpecialPowers.can_QI(subject))
    1.30 +      return;
    1.31 +
    1.32 +    const reportURI = "http://mochi.test:8888/csp-report.cgi";
    1.33 +
    1.34 +    if (topic === "http-on-opening-request") {
    1.35 +      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
    1.36 +      if (asciiSpec !== reportURI) return;
    1.37 +
    1.38 +      // Verify that the report was properly formatted.
    1.39 +      // We'll parse the report text as JSON and verify that the properties
    1.40 +      // have expected values.
    1.41 +      var reportText = "{}";
    1.42 +      try {
    1.43 +        var uploadStream = SpecialPowers.wrap(SpecialPowers.do_QueryInterface(subject, "nsIUploadChannel")).uploadStream;
    1.44 +
    1.45 +        if (uploadStream) {
    1.46 +          // get the bytes from the request body
    1.47 +          var binstream = SpecialPowers.Cc["@mozilla.org/binaryinputstream;1"]
    1.48 +                                          .createInstance(SpecialPowers.Ci.nsIBinaryInputStream);
    1.49 +          binstream.setInputStream(uploadStream);
    1.50 +
    1.51 +          var segments = [];
    1.52 +          for (var count = uploadStream.available(); count; count = uploadStream.available()) {
    1.53 +            var data = binstream.readBytes(count);
    1.54 +            segments.push(data);
    1.55 +          }
    1.56 +
    1.57 +          var reportText = segments.join("");
    1.58 +          // rewind stream as we are supposed to - there will be an assertion later if we don't.
    1.59 +          SpecialPowers.do_QueryInterface(uploadStream, "nsISeekableStream").seek(SpecialPowers.Ci.nsISeekableStream.NS_SEEK_SET, 0);
    1.60 +        }
    1.61 +      }
    1.62 +      catch(e) {}
    1.63 +
    1.64 +      var reportObj = JSON.parse(reportText);
    1.65 +
    1.66 +      // test for the proper values in the report object
    1.67 +      window.checkResults(reportObj);
    1.68 +
    1.69 +      // finish up
    1.70 +      window.examiner.remove();
    1.71 +      SimpleTest.finish();
    1.72 +    }
    1.73 +  },
    1.74 +
    1.75 +  // remove the listener
    1.76 +  remove: function() {
    1.77 +    SpecialPowers.removeObserver(this, "http-on-opening-request");
    1.78 +  }
    1.79 +}
    1.80 +
    1.81 +// content file that triggers a violation report
    1.82 +var testFile = "file_csp_report.sjs";
    1.83 +
    1.84 +window.checkResults = function(reportObj) {
    1.85 +  var cspReport = reportObj["csp-report"];
    1.86 +  // correct violating request
    1.87 +  is(cspReport["document-uri"],
    1.88 +     "http://mochi.test:8888/tests/content/base/test/csp/" + testFile,
    1.89 +     "Incorrect violating request");
    1.90 +  // correct blocked-uri
    1.91 +  is(cspReport["blocked-uri"],
    1.92 +     "http://example.org/tests/content/base/test/file_CSP.sjs?testid=img_bad&type=img/png",
    1.93 +     "Incorrect blocked uri");
    1.94 +  // correct violated-directive
    1.95 +  is(cspReport["violated-directive"], "default-src http://mochi.test:8888",
    1.96 +     "Incorrect violated directive");
    1.97 +  // not practical to test request-headers as header names and values will
    1.98 +  // change with the trunk
    1.99 +}
   1.100 +
   1.101 +window.examiner = new examiner();
   1.102 +
   1.103 +SimpleTest.waitForExplicitFinish();
   1.104 +
   1.105 +// load the resource which will generate a CSP violation report
   1.106 +document.getElementById("cspframe").src = testFile;
   1.107 +
   1.108 +</script>
   1.109 +</pre>
   1.110 +</body>
   1.111 +</html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial