1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/docshell/test/chrome/test_viewsource_forbidden_in_iframe.xul Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,180 @@
1.4 +<?xml version="1.0"?>
1.5 +<?xml-stylesheet type="text/css" href="chrome://global/skin/"?>
1.6 +<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
1.7 +<!--
1.8 +https://bugzilla.mozilla.org/show_bug.cgi?id=624883
1.9 +-->
1.10 +<window title="Mozilla Bug 624883"
1.11 + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
1.12 + <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js" />
1.13 +
1.14 + <!-- test results are displayed in the html:body -->
1.15 + <body xmlns="http://www.w3.org/1999/xhtml">
1.16 + <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=624883"
1.17 + target="_blank">Mozilla Bug 624883</a>
1.18 + </body>
1.19 +
1.20 + <!-- test code goes here -->
1.21 + <iframe type="content" onload="startTest()" src="file_viewsource_forbidden_in_iframe.html"></iframe>
1.22 +
1.23 + <script type="application/javascript">
1.24 + <![CDATA[
1.25 +
1.26 + const Ci = Components.interfaces;
1.27 + const Cu = Components.utils;
1.28 +
1.29 + Cu.import("resource://gre/modules/XPCOMUtils.jsm");
1.30 +
1.31 + SimpleTest.waitForExplicitFinish();
1.32 +
1.33 + // We create a promise that will resolve with the error message
1.34 + // on a network error page load and reject on any other load.
1.35 + function createNetworkErrorMessagePromise(frame) {
1.36 + return new Promise(function(resolve, reject) {
1.37 +
1.38 + // Error pages do not fire "load" events, so use a progressListener.
1.39 + var originalDocumentURI = frame.contentDocument.documentURI;
1.40 + var progressListener = {
1.41 + onLocationChange: function(aWebProgress, aRequest, aLocation, aFlags) {
1.42 + // Make sure nothing other than an error page is loaded.
1.43 + if (!(aFlags & Ci.nsIWebProgressListener.LOCATION_CHANGE_ERROR_PAGE)) {
1.44 + reject("location change was not to an error page");
1.45 + }
1.46 + },
1.47 +
1.48 + onStateChange: function(aWebProgress, aRequest, aStateFlags, aStatus) {
1.49 + // Wait until the documentURI changes (from about:blank) this should
1.50 + // be the error page URI.
1.51 + var documentURI = frame.contentDocument.documentURI;
1.52 + if (documentURI == originalDocumentURI) {
1.53 + return;
1.54 + }
1.55 +
1.56 + aWebProgress.removeProgressListener(progressListener,
1.57 + Ci.nsIWebProgress.NOTIFY_ALL);
1.58 + var matchArray = /about:neterror\?.*&d=([^&]*)/.exec(documentURI);
1.59 + if (!matchArray) {
1.60 + reject("no network error message found in URI")
1.61 + return;
1.62 + }
1.63 +
1.64 + var errorMsg = matchArray[1];
1.65 + resolve(decodeURIComponent(errorMsg));
1.66 + },
1.67 +
1.68 + QueryInterface: XPCOMUtils.generateQI([Ci.nsIWebProgressListener,
1.69 + Ci.nsISupportsWeakReference])
1.70 + };
1.71 +
1.72 + frame.contentWindow.QueryInterface(Ci.nsIInterfaceRequestor)
1.73 + .getInterface(Ci.nsIWebNavigation)
1.74 + .QueryInterface(Ci.nsIInterfaceRequestor)
1.75 + .getInterface(Ci.nsIWebProgress)
1.76 + .addProgressListener(progressListener,
1.77 + Ci.nsIWebProgress.NOTIFY_LOCATION |
1.78 + Ci.nsIWebProgress.NOTIFY_STATE_REQUEST);
1.79 + });
1.80 + }
1.81 +
1.82 + function startTest() {
1.83 + // Get a reference message that we know will be an unknown protocol message,
1.84 + // so we can use it for comparisons in the test cases.
1.85 + var refIframe = window[0].document.getElementById("refIframe");
1.86 + var refErrorPromise = createNetworkErrorMessagePromise(refIframe);
1.87 +
1.88 + refErrorPromise.then(
1.89 + function(msg) {
1.90 + window.refErrorMsg = msg;
1.91 + var testIframe = window[0].document.getElementById("testIframe");
1.92 +
1.93 + // Run test cases on load of "about:blank", so that the URI always changes
1.94 + // and we can detect this in our Promise.
1.95 + testIframe.onload = runNextTestCase;
1.96 + testIframe.src = "about:blank";
1.97 + },
1.98 + function(reason) {
1.99 + ok(false, "Could not get reference error message", reason);
1.100 + SimpleTest.finish();
1.101 + })
1.102 + .catch(function(e) {
1.103 + ok(false, "Unexpected exception thrown getting reference error message", exception);
1.104 + });
1.105 +
1.106 + refIframe.src = "wibble://example.com";
1.107 + }
1.108 +
1.109 + function runTestCase(testCase) {
1.110 + var testIframe = window[0].document.getElementById("testIframe");
1.111 + var expectedErrorMsg = window.refErrorMsg.replace("wibble", testCase.expectedProtocolList);
1.112 +
1.113 + var testErrorPromise = createNetworkErrorMessagePromise(testIframe);
1.114 + testErrorPromise.then(
1.115 + function(actualErrorMsg) {
1.116 + is(actualErrorMsg, expectedErrorMsg, testCase.desc);
1.117 + testIframe.src = "about:blank";
1.118 + },
1.119 + function(reason) {
1.120 + ok(false, testCase.desc, reason);
1.121 + testIframe.src = "about:blank";
1.122 + })
1.123 + .catch(function(e) {
1.124 + ok(false, testCase.desc + " - unexpected exception thrown", exception);
1.125 + });
1.126 +
1.127 + testIframe.src = testCase.protocols + "://example.com/!/";
1.128 + }
1.129 +
1.130 + var testCaseIndex = -1;
1.131 + testCases = [
1.132 + {
1.133 + desc: "Test 1: view-source should not be allowed in an iframe",
1.134 + protocols: "view-source:http",
1.135 + expectedProtocolList: "view-source, http"
1.136 + },
1.137 + {
1.138 + desc: "Test 2: feed:view-source should not be allowed in an iframe",
1.139 + protocols: "feed:view-source:http",
1.140 + expectedProtocolList: "feed, view-source, http"
1.141 + },
1.142 + {
1.143 + desc: "Test 3: jar:view-source should not be allowed in an iframe",
1.144 + protocols: "jar:view-source:http",
1.145 + expectedProtocolList: "jar, view-source, http"
1.146 + },
1.147 + {
1.148 + desc: "Test 4: pcast:view-source should not be allowed in an iframe",
1.149 + protocols: "pcast:view-source:http",
1.150 + expectedProtocolList: "pcast, view-source, http"
1.151 + },
1.152 + {
1.153 + desc: "Test 5: pcast:feed:view-source should not be allowed in an iframe",
1.154 + protocols: "pcast:feed:view-source:http",
1.155 + expectedProtocolList: "pcast, feed, view-source, http"
1.156 + },
1.157 + {
1.158 + desc: "Test 6: if invalid protocol first should report before view-source",
1.159 + protocols: "wibble:view-source:http",
1.160 + // Nothing after the invalid protocol gets set as a proper nested URI,
1.161 + // so the list stops there.
1.162 + expectedProtocolList: "wibble"
1.163 + },
1.164 + {
1.165 + desc: "Test 7: if view-source first should report before invalid protocol",
1.166 + protocols: "view-source:wibble:http",
1.167 + expectedProtocolList: "view-source, wibble"
1.168 + }
1.169 + ];
1.170 +
1.171 + function runNextTestCase() {
1.172 + ++testCaseIndex;
1.173 + if (testCaseIndex == testCases.length) {
1.174 + SimpleTest.finish();
1.175 + return;
1.176 + }
1.177 +
1.178 + runTestCase(testCases[testCaseIndex]);
1.179 + }
1.180 +
1.181 + ]]>
1.182 + </script>
1.183 +</window>
