1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/docshell/test/iframesandbox/test_top_navigation_by_location_exotic.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,204 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<!--
1.7 +https://bugzilla.mozilla.org/show_bug.cgi?id=785310
1.8 +html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
1.9 +-->
1.10 +<head>
1.11 +<meta charset="utf-8">
1.12 +<title>Test for Bug 785310 - iframe sandbox top navigation by location via exotic means tests</title>
1.13 +<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.14 +<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
1.15 +<script>
1.16 + SimpleTest.waitForExplicitFinish();
1.17 +
1.18 + var testWin;
1.19 +
1.20 + function runScriptNavigationTest(testCase) {
1.21 + window.onmessage = function(event) {
1.22 + if (event.data.name != 'newWindow') {
1.23 + ok(false, "event.data.name: got '" + event.data.name + "', expected 'newWindow'");
1.24 + }
1.25 + var diag = "top navigation was " + (event.data.blocked ? "" : "NOT ") + "blocked";
1.26 + ok((testCase.shouldBeBlocked == event.data.blocked), testCase.desc, diag);
1.27 + runNextTest();
1.28 + };
1.29 + try {
1.30 + testWin[testCase.iframeName].eval(testCase.script);
1.31 + } catch(e) {
1.32 + ok(testCase.shouldBeBlocked, testCase.desc, e.message);
1.33 + runNextTest();
1.34 + }
1.35 + }
1.36 +
1.37 + var testCaseIndex = -1;
1.38 + testCases = [
1.39 + {
1.40 + desc: "Test 1: location.replace.call(top.location, ...) should be blocked when sandboxed without allow-top-navigation",
1.41 + script: "location.replace.call(top.location, 'file_top_navigation_by_location_exotic.html')",
1.42 + iframeName: "if1",
1.43 + shouldBeBlocked: true
1.44 + },
1.45 + {
1.46 + desc: "Test 2: location.replace.bind(top.location, ...) should be blocked when sandboxed without allow-top-navigation",
1.47 + script: "location.replace.bind(top.location, 'file_top_navigation_by_location_exotic.html')()",
1.48 + iframeName: "if1",
1.49 + shouldBeBlocked: true
1.50 + },
1.51 + {
1.52 + desc: "Test 3: Function.bind.call(location.replace, top.location, ...) should be blocked when sandboxed without allow-top-navigation",
1.53 + script: "Function.bind.call(location.replace, top.location, 'file_top_navigation_by_location_exotic.html')()",
1.54 + iframeName: "if1",
1.55 + shouldBeBlocked: true
1.56 + },
1.57 + {
1.58 + desc: "Test 4: location.replace.call(top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
1.59 + script: "location.replace.call(top.location, 'file_top_navigation_by_location_exotic.html')",
1.60 + iframeName: "if2",
1.61 + shouldBeBlocked: false
1.62 + },
1.63 + {
1.64 + desc: "Test 5: location.replace.bind(top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
1.65 + script: "location.replace.bind(top.location, 'file_top_navigation_by_location_exotic.html')()",
1.66 + iframeName: "if2",
1.67 + shouldBeBlocked: false
1.68 + },
1.69 + {
1.70 + desc: "Test 6: Function.bind.call(location.replace, top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
1.71 + script: "Function.bind.call(location.replace, top.location, 'file_top_navigation_by_location_exotic.html')()",
1.72 + iframeName: "if2",
1.73 + shouldBeBlocked: false
1.74 + },
1.75 + {
1.76 + desc: "Test 7: top.location.href, via setTimeout, should be blocked when sandboxed without allow-top-navigation",
1.77 + script: "setTimeout(function() { try { top.location.href = 'file_top_navigation_by_location_exotic.html' } catch (e) { top.onBlock() } }, 0)",
1.78 + iframeName: "if1",
1.79 + shouldBeBlocked: true
1.80 + },
1.81 + {
1.82 + desc: "Test 8: top.location.href, via setTimeout, should NOT be blocked when sandboxed with allow-top-navigation",
1.83 + script: "setTimeout(function() { try { top.location.href = 'file_top_navigation_by_location_exotic.html' } catch(e) { top.onBlock() } }, 0)",
1.84 + iframeName: "if2",
1.85 + shouldBeBlocked: false
1.86 + },
1.87 + {
1.88 + desc: "Test 9: top.location.href, via eval, should be blocked when sandboxed without allow-top-navigation",
1.89 + script: "eval('top.location.href = \"file_top_navigation_by_location_exotic.html\"')",
1.90 + iframeName: "if1",
1.91 + shouldBeBlocked: true
1.92 + },
1.93 + {
1.94 + desc: "Test 10: top.location.href, via eval, should NOT be blocked when sandboxed with allow-top-navigation",
1.95 + script: "eval('top.location.href = \"file_top_navigation_by_location_exotic.html\"')",
1.96 + iframeName: "if2",
1.97 + shouldBeBlocked: false
1.98 + },
1.99 + {
1.100 + desc: "Test 11: top.location.href, via anonymous function, should be blocked when sandboxed without allow-top-navigation",
1.101 + script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' })()",
1.102 + iframeName: "if1",
1.103 + shouldBeBlocked: true
1.104 + },
1.105 + {
1.106 + desc: "Test 12: top.location.href, via anonymous function, should NOT be blocked when sandboxed with allow-top-navigation",
1.107 + script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' })()",
1.108 + iframeName: "if2",
1.109 + shouldBeBlocked: false
1.110 + },
1.111 + {
1.112 + desc: "Test 13: top.location.href, via function inserted in top, should be blocked when sandboxed without allow-top-navigation",
1.113 + script: "top.doTest = function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }; top.doTest();",
1.114 + iframeName: "if1",
1.115 + shouldBeBlocked: true
1.116 + },
1.117 + {
1.118 + desc: "Test 14: top.location.href, via function inserted in top, should NOT be blocked when sandboxed with allow-top-navigation",
1.119 + script: "top.doTest = function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }; top.doTest();",
1.120 + iframeName: "if2",
1.121 + shouldBeBlocked: false
1.122 + },
1.123 + {
1.124 + desc: "Test 15: top.location.href, via function inserted in us by top, should NOT be blocked when sandboxed without allow-top-navigation",
1.125 + script: "top.eval('window[\"if1\"].doTest = function() { top.location.href = \"file_top_navigation_by_location_exotic.html\" };'), doTest();",
1.126 + iframeName: "if1",
1.127 + shouldBeBlocked: false
1.128 + },
1.129 + {
1.130 + desc: "Test 16: top.location.href, via function inserted in top, should NOT be blocked when sandboxed with allow-top-navigation",
1.131 + script: "top.eval('window[\"if2\"].doTest = function() { top.location.href = \"file_top_navigation_by_location_exotic.html\" };'), doTest();",
1.132 + iframeName: "if2",
1.133 + shouldBeBlocked: false
1.134 + },
1.135 + {
1.136 + desc: "Test 17: top.location.href, via function in top, should NOT be blocked when sandboxed without allow-top-navigation",
1.137 + script: "top.setOwnHref()",
1.138 + iframeName: "if1",
1.139 + shouldBeBlocked: false
1.140 + },
1.141 + {
1.142 + desc: "Test 18: top.location.href, via function in top, should NOT be blocked when sandboxed with allow-top-navigation",
1.143 + script: "top.setOwnHref()",
1.144 + iframeName: "if2",
1.145 + shouldBeBlocked: false
1.146 + },
1.147 + {
1.148 + desc: "Test 19: top.location.href, via eval in top, should NOT be blocked when sandboxed without allow-top-navigation",
1.149 + script: "top.eval('location.href = \"file_top_navigation_by_location_exotic.html\"')",
1.150 + iframeName: "if1",
1.151 + shouldBeBlocked: false
1.152 + },
1.153 + {
1.154 + desc: "Test 20: top.location.href, via eval in top, should NOT be blocked when sandboxed with allow-top-navigation",
1.155 + script: "top.eval('location.href = \"file_top_navigation_by_location_exotic.html\"')",
1.156 + iframeName: "if2",
1.157 + shouldBeBlocked: false
1.158 + },
1.159 + {
1.160 + desc: "Test 21: top.location.href, via eval in top calling us, should be blocked when sandboxed without allow-top-navigation",
1.161 + script: "function doTest() { top.location.href = 'file_top_navigation_by_location_exotic.html' } top.eval('window[\"if1\"].doTest()');",
1.162 + iframeName: "if1",
1.163 + shouldBeBlocked: true
1.164 + },
1.165 + {
1.166 + desc: "Test 22: top.location.href, via eval in top calling us, should NOT be blocked when sandboxed with allow-top-navigation",
1.167 + script: "function doTest() { top.location.href = 'file_top_navigation_by_location_exotic.html' } top.eval('window[\"if2\"].doTest()');",
1.168 + iframeName: "if2",
1.169 + shouldBeBlocked: false
1.170 + },
1.171 + {
1.172 + desc: "Test 23: top.location.href, via function bound to top, should be blocked when sandboxed without allow-top-navigation",
1.173 + script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }).bind(top)();",
1.174 + iframeName: "if1",
1.175 + shouldBeBlocked: true
1.176 + },
1.177 + {
1.178 + desc: "Test 24: top.location.href, via function bound to top, should NOT be blocked when sandboxed with allow-top-navigation",
1.179 + script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }).bind(top)();",
1.180 + iframeName: "if2",
1.181 + shouldBeBlocked: false
1.182 + }
1.183 + ];
1.184 +
1.185 + function runNextTest() {
1.186 + ++testCaseIndex;
1.187 + if (testCaseIndex == testCases.length) {
1.188 + testWin.close();
1.189 + SimpleTest.finish();
1.190 + return;
1.191 + }
1.192 +
1.193 + runScriptNavigationTest(testCases[testCaseIndex]);
1.194 + }
1.195 +
1.196 + window.onmessage = runNextTest;
1.197 + testWin = window.open('file_top_navigation_by_location_exotic.html', "newWindow");
1.198 +</script>
1.199 +</head>
1.200 +<body>
1.201 +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
1.202 +<p id="display"></p>
1.203 +<div id="content">
1.204 +Tests for Bug 785310
1.205 +</div>
1.206 +</body>
1.207 +</html>
