The Tor Browser / file revision

content/base/test/csp/test_CSP_bug885433.html@6474c204b198

content/base/test/csp/test_CSP_bug885433.html

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 <!DOCTYPE HTML>

     2 <html>

     3 <head>

     4   <title>Test for Content Security Policy inline stylesheets stuff</title>

     5   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>

     6   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />

     7 </head>

     8 <body>

     9 <p id="display"></p>

    10 <div id="content" style="display: none">

    11 </div>

    12 

    13 <iframe style="width:100%;" id='cspframe'></iframe>

    14 <iframe style="width:100%;" id='cspframe2'></iframe>

    15 <script class="testbody" type="text/javascript">

    16 

    17 //////////////////////////////////////////////////////////////////////

    18 // set up and go

    19 SimpleTest.waitForExplicitFinish();

    20 

    21 // utilities for check functions

    22 // black means the style wasn't applied, applied styles are green

    23 var green = 'rgb(0, 128, 0)';

    24 var black = 'rgb(0, 0, 0)';

    25 

    26 // We test both script and style execution by observing changes in computed styles

    27 function checkAllowed () {

    28   var cspframe = document.getElementById('cspframe');

    29   var color;

    30 

    31   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-allowed')).color;

    32   ok(color === green, "Inline script should be allowed");

    33   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-allowed')).color;

    34   ok(color === green, "Eval should be allowed");

    35   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-allowed')).color;

    36   ok(color === green, "Inline style should be allowed");

    37 }

    38 

    39 function checkBlocked () {

    40   var cspframe = document.getElementById('cspframe2');

    41   var color;

    42 

    43   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-script-blocked')).color;

    44   ok(color === black, "Inline script should be blocked");

    45   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-eval-script-blocked')).color;

    46   ok(color === black, "Eval should be blocked");

    47   color = window.getComputedStyle(cspframe.contentDocument.getElementById('unsafe-inline-style-blocked')).color;

    48   ok(color === black, "Inline style should be blocked");

    49 

    50   SimpleTest.finish();

    51 }

    52 

    53 SpecialPowers.pushPrefEnv(

    54   {'set':[["security.csp.speccompliant", true]]},

    55   function () {

    56     document.getElementById('cspframe').src = 'file_CSP_bug885433_allows.html';

    57     document.getElementById('cspframe').addEventListener('load', checkAllowed, false);

    58     document.getElementById('cspframe2').src = 'file_CSP_bug885433_blocks.html';

    59     document.getElementById('cspframe2').addEventListener('load', checkBlocked, false);

    60   }

    61 );

    62 </script>

    63 </pre>

    64 </body>

    65 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial