content/base/test/file_mixed_content_main.html@6474c204b198
content/base/test/file_mixed_content_main.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!DOCTYPE HTML>
2 <html>
3 <!--
4 Tests for Mixed Content Blocker
5 https://bugzilla.mozilla.org/show_bug.cgi?id=62178
6 -->
7 <head>
8 <meta charset="utf-8">
9 <title>Tests for Bug 62178</title>
10 <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
11 </head>
12 <body>
13 <div id="testContent"></div>
15 <!-- types the Mixed Content Blocker can block
16 /*
17 switch (aContentType) {
18 case nsIContentPolicy::TYPE_OBJECT:
19 case nsIContentPolicy::TYPE_SCRIPT:
20 case nsIContentPolicy::TYPE_STYLESHEET:
21 case nsIContentPolicy::TYPE_SUBDOCUMENT:
22 case nsIContentPolicy::TYPE_XMLHTTPREQUEST:
24 case nsIContentPolicy::TYPE_FONT: - NO TEST:
25 Load events for external fonts are not detectable by javascript.
26 case nsIContentPolicy::TYPE_WEBSOCKET: - NO TEST:
27 websocket connections over https require an encrypted websocket protocol (wss:)
29 case nsIContentPolicy::TYPE_IMAGE:
30 case nsIContentPolicy::TYPE_MEDIA:
31 case nsIContentPolicy::TYPE_PING:
32 our ping implementation is off by default and does not comply with the current spec (bug 786347)
33 case nsIContentPolicy::TYPE_BEACON:
35 }
36 */
37 -->
39 <script>
40 var baseUrl = "http://example.com/tests/content/base/test/file_mixed_content_server.sjs";
42 //For tests that require setTimeout, set the maximum polling time to 100 x 100ms = 10 seconds.
43 var MAX_COUNT = 100;
44 var TIMEOUT_INTERVAL = 100;
46 var testContent = document.getElementById("testContent");
48 /* Part 1: Mixed Script tests */
50 // Test 1a: insecure object
51 var object = document.createElement("object");
52 object.data = baseUrl + "?type=object";
53 object.type = "application/x-test";
54 object.width = "200";
55 object.height = "200";
57 testContent.appendChild(object);
59 var objectCount = 0;
61 function objectStatus(object) {
62 // Expose our privileged bits on the object
63 object = SpecialPowers.wrap(object);
65 if (object.displayedType != SpecialPowers.Ci.nsIObjectLoadingContent.TYPE_NULL) {
66 //object loaded
67 parent.postMessage({"test": "object", "msg": "insecure object loaded"}, "http://mochi.test:8888");
68 }
69 else {
70 if(objectCount < MAX_COUNT) {
71 objectCount++;
72 setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
73 }
74 else {
75 //After we have called setTimeout the maximum number of times, assume object is blocked
76 parent.postMessage({"test": "object", "msg": "insecure object blocked"}, "http://mochi.test:8888");
77 }
78 }
79 }
81 // object does not have onload and onerror events. Hence we need a setTimeout to check the object's status
82 setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
84 // Test 1b: insecure script
85 var script = document.createElement("script");
86 var scriptLoad = false;
87 var scriptCount = 0;
88 script.src = baseUrl + "?type=script";
89 script.onload = function() {
90 parent.postMessage({"test": "script", "msg": "insecure script loaded"}, "http://mochi.test:8888");
91 scriptLoad = true;
92 }
93 testContent.appendChild(script);
95 function scriptStatus(script)
96 {
97 if(scriptLoad) {
98 return;
99 }
100 else {
101 if(scriptCount < MAX_COUNT) {
102 scriptCount++;
103 setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
104 }
105 else {
106 //After we have called setTimeout the maximum number of times, assume script is blocked
107 parent.postMessage({"test": "script", "msg": "insecure script blocked"}, "http://mochi.test:8888");
108 }
109 }
110 }
112 // scripts blocked by Content Policy's do not have onerror events (see bug 789856). Hence we need a setTimeout to check the script's status
113 setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
116 // Test 1c: insecure stylesheet
117 var cssStyleSheet = document.createElement("link");
118 cssStyleSheet.rel = "stylesheet";
119 cssStyleSheet.href = baseUrl + "?type=stylesheet";
120 cssStyleSheet.type = "text/css";
121 testContent.appendChild(cssStyleSheet);
123 var styleCount = 0;
125 function styleStatus(cssStyleSheet) {
126 if( cssStyleSheet.sheet || cssStyleSheet.styleSheet || cssStyleSheet.innerHTML ) {
127 parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet loaded"}, "http://mochi.test:8888");
128 }
129 else {
130 if(styleCount < MAX_COUNT) {
131 styleCount++;
132 setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
133 }
134 else {
135 //After we have called setTimeout the maximum number of times, assume stylesheet is blocked
136 parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet blocked"}, "http://mochi.test:8888");
137 }
138 }
139 }
141 // link does not have onload and onerror events. Hence we need a setTimeout to check the link's status
142 window.setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
144 // Test 1d: insecure iframe
145 var iframe = document.createElement("iframe");
146 iframe.src = baseUrl + "?type=iframe";
147 iframe.onload = function() {
148 parent.postMessage({"test": "iframe", "msg": "insecure iframe loaded"}, "http://mochi.test:8888");
149 }
150 iframe.onerror = function() {
151 parent.postMessage({"test": "iframe", "msg": "insecure iframe blocked"}, "http://mochi.test:8888");
152 };
153 testContent.appendChild(iframe);
156 // Test 1e: insecure xhr
157 var xhrsuccess = true;
158 var xhr = new XMLHttpRequest;
159 try {
160 xhr.open("GET", baseUrl + "?type=xhr", true);
161 } catch(ex) {
162 xhrsuccess = false;
163 parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
164 }
166 if(xhrsuccess) {
167 xhr.onreadystatechange = function (oEvent) {
168 var result = false;
169 if (xhr.readyState == 4) {
170 if (xhr.status == 200) {
171 parent.postMessage({"test": "xhr", "msg": "insecure xhr loaded"}, "http://mochi.test:8888");
172 }
173 else {
174 parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
175 }
176 }
177 }
179 xhr.send(null);
180 }
182 /* Part 2: Mixed Display tests */
184 // Test 2a: insecure image
185 var img = document.createElement("img");
186 img.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
187 img.onload = function() {
188 parent.postMessage({"test": "image", "msg": "insecure image loaded"}, "http://mochi.test:8888");
189 }
190 img.onerror = function() {
191 parent.postMessage({"test": "image", "msg": "insecure image blocked"}, "http://mochi.test:8888");
192 }
193 // We don't need to append the image to the document. Doing so causes the image test to run twice.
196 // Test 2b: insecure media
197 var media = document.createElement("video");
198 media.src = "http://mochi.test:8888/tests/content/media/test/320x240.ogv?" + Math.floor((Math.random()*1000)+1);
199 media.width = "320";
200 media.height = "200";
201 media.type = "video/ogg";
202 media.onloadeddata = function() {
203 parent.postMessage({"test": "media", "msg": "insecure media loaded"}, "http://mochi.test:8888");
204 }
205 media.onerror = function() {
206 parent.postMessage({"test": "media", "msg": "insecure media blocked"}, "http://mochi.test:8888");
207 }
208 // We don't need to append the video to the document. Doing so causes the image test to run twice.
210 </script>
211 </body>
212 </html>
