1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/docshell/test/iframesandbox/test_top_navigation_by_location.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,167 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<!--
1.7 +https://bugzilla.mozilla.org/show_bug.cgi?id=785310
1.8 +html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
1.9 +-->
1.10 +<head>
1.11 +<meta charset="utf-8">
1.12 +<title>Test for Bug 785310 - iframe sandbox top navigation by location tests</title>
1.13 +<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.14 +<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
1.15 +<script>
1.16 + SimpleTest.waitForExplicitFinish();
1.17 +
1.18 + var testWin;
1.19 +
1.20 + function runScriptNavigationTest(testCase) {
1.21 + window.onmessage = function(event) {
1.22 + if (event.data != "newTop") {
1.23 + ok(false, "event.data: got '" + event.data + "', expected 'newTop'");
1.24 + }
1.25 + ok(!testCase.shouldBeBlocked, testCase.desc, "top navigation was NOT blocked");
1.26 + runNextTest();
1.27 + };
1.28 + try {
1.29 + SpecialPowers.wrap(testWin[testCase.iframeName]).eval(testCase.script);
1.30 + } catch(e) {
1.31 + ok(testCase.shouldBeBlocked, testCase.desc, SpecialPowers.wrap(e).message);
1.32 + runNextTest();
1.33 + }
1.34 + }
1.35 +
1.36 + var testCaseIndex = -1;
1.37 + testCases = [
1.38 + {
1.39 + desc: "Test 1: top.location.replace should be blocked when sandboxed without allow-top-navigation",
1.40 + script: "top.location.replace('file_top_navigation_by_location.html')",
1.41 + iframeName: "if1",
1.42 + shouldBeBlocked: true
1.43 + },
1.44 + {
1.45 + desc: "Test 2: top.location.assign should be blocked when sandboxed without allow-top-navigation",
1.46 + script: "top.location.assign('file_top_navigation_by_location.html')",
1.47 + iframeName: "if1",
1.48 + shouldBeBlocked: true
1.49 + },
1.50 + {
1.51 + desc: "Test 3: top.location.href should be blocked when sandboxed without allow-top-navigation",
1.52 + script: "top.location.href = 'file_top_navigation_by_location.html'",
1.53 + iframeName: "if1",
1.54 + shouldBeBlocked: true
1.55 + },
1.56 + {
1.57 + desc: "Test 4: top.location.pathname should be blocked when sandboxed without allow-top-navigation",
1.58 + script: "top.location.pathname = top.location.pathname",
1.59 + iframeName: "if1",
1.60 + shouldBeBlocked: true
1.61 + },
1.62 + {
1.63 + desc: "Test 5: top.location should be blocked when sandboxed without allow-top-navigation",
1.64 + script: "top.location = 'file_top_navigation_by_location.html'",
1.65 + iframeName: "if1",
1.66 + shouldBeBlocked: true
1.67 + },
1.68 + {
1.69 + desc: "Test 6: top.location.hash should be blocked when sandboxed without allow-top-navigation",
1.70 + script: "top.location.hash = 'wibble'",
1.71 + iframeName: "if1",
1.72 + shouldBeBlocked: true
1.73 + },
1.74 + {
1.75 + desc: "Test 7: top.location.replace should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
1.76 + script: "top.location.replace('file_top_navigation_by_location.html')",
1.77 + iframeName: "if2",
1.78 + shouldBeBlocked: false
1.79 + },
1.80 + {
1.81 + desc: "Test 8: top.location.assign should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
1.82 + script: "top.location.assign('file_top_navigation_by_location.html')",
1.83 + iframeName: "if2",
1.84 + shouldBeBlocked: false
1.85 + },
1.86 + {
1.87 + desc: "Test 9: top.location.href should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
1.88 + script: "top.location.href = 'file_top_navigation_by_location.html'",
1.89 + iframeName: "if2",
1.90 + shouldBeBlocked: false
1.91 + },
1.92 + {
1.93 + desc: "Test 10: top.location.pathname should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
1.94 + script: "top.location.pathname = top.location.pathname",
1.95 + iframeName: "if2",
1.96 + shouldBeBlocked: false
1.97 + },
1.98 + {
1.99 + desc: "Test 11: top.location should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
1.100 + script: "top.location = 'file_top_navigation_by_location.html'",
1.101 + iframeName: "if2",
1.102 + shouldBeBlocked: false
1.103 + },
1.104 + {
1.105 + desc: "Test 12: top.location.hash should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
1.106 + script: "top.location.hash = 'wibble'",
1.107 + iframeName: "if2",
1.108 + shouldBeBlocked: false
1.109 + },
1.110 + {
1.111 + desc: "Test 13: top.location.replace should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
1.112 + script: "top.location.replace('file_top_navigation_by_location.html')",
1.113 + iframeName: "if3",
1.114 + shouldBeBlocked: false
1.115 + },
1.116 + {
1.117 + desc: "Test 14: top.location.assign should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
1.118 + script: "top.location.assign('file_top_navigation_by_location.html')",
1.119 + iframeName: "if3",
1.120 + shouldBeBlocked: true
1.121 + },
1.122 + {
1.123 + desc: "Test 15: top.location.href should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
1.124 + script: "top.location.href = 'file_top_navigation_by_location.html'",
1.125 + iframeName: "if3",
1.126 + shouldBeBlocked: false
1.127 + },
1.128 + {
1.129 + desc: "Test 16: top.location.pathname should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
1.130 + script: "top.location.pathname = top.location.pathname",
1.131 + iframeName: "if3",
1.132 + shouldBeBlocked: true
1.133 + },
1.134 + {
1.135 + desc: "Test 17: top.location should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
1.136 + script: "top.location = 'file_top_navigation_by_location.html'",
1.137 + iframeName: "if3",
1.138 + shouldBeBlocked: false
1.139 + },
1.140 + {
1.141 + desc: "Test 18: top.location.hash should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
1.142 + script: "top.location.hash = 'wibble'",
1.143 + iframeName: "if3",
1.144 + shouldBeBlocked: true
1.145 + }
1.146 + ];
1.147 +
1.148 + function runNextTest() {
1.149 + ++testCaseIndex;
1.150 + if (testCaseIndex == testCases.length) {
1.151 + testWin.close();
1.152 + SimpleTest.finish();
1.153 + return;
1.154 + }
1.155 +
1.156 + runScriptNavigationTest(testCases[testCaseIndex]);
1.157 + }
1.158 +
1.159 + window.onmessage = runNextTest;
1.160 + testWin = window.open("file_top_navigation_by_location.html", "newTop");
1.161 +</script>
1.162 +</head>
1.163 +<body>
1.164 +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
1.165 +<p id="display"></p>
1.166 +<div id="content">
1.167 +Tests for Bug 785310
1.168 +</div>
1.169 +</body>
1.170 +</html>
