The Tor Browser / file revision

content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.js@b8a032363ba2

content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.js

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 // some javascript for the CSP eval() tests

     2 

     3 function logResult(str, passed) {

     4   var elt = document.createElement('div');

     5   var color = passed ? "#cfc;" : "#fcc";

     6   elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');

     7   elt.innerHTML = str;

     8   document.body.appendChild(elt);

     9 }

    10 

    11 window._testResults = {};

    12 

    13 // callback for when stuff is allowed by CSP

    14 var onevalexecuted = (function(window) {

    15     return function(shouldrun, what, data) {

    16       window._testResults[what] = "ran";

    17       window.parent.scriptRan(shouldrun, what, data);

    18       logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);

    19     };})(window);

    20 

    21 // callback for when stuff is blocked

    22 var onevalblocked = (function(window) {

    23     return function(shouldrun, what, data) {

    24       window._testResults[what] = "blocked";

    25       window.parent.scriptBlocked(shouldrun, what, data);

    26       logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);

    27     };})(window);

    28 

    29 

    30 // Defer until document is loaded so that we can write the pretty result boxes

    31 // out.

    32 addEventListener('load', function() {

    33   // generateCRMFRequest test -- make sure we cannot eval the callback if CSP is in effect

    34   try {

    35     var script = 'console.log("dynamic script eval\'d in crypto.generateCRMFRequest should be disallowed")';

    36     crypto.generateCRMFRequest('CN=0', 0, 0, null, script, 384, null, 'rsa-dual-use');

    37     onevalexecuted(false, "crypto.generateCRMFRequest()",

    38                    "crypto.generateCRMFRequest() should not run!");

    39   } catch (e) {

    40     onevalblocked(false, "eval(script) inside crypto.generateCRMFRequest",

    41                   "eval was blocked during crypto.generateCRMFRequest");

    42   }

    43 

    44 

    45 }, false);

    46 

    47 

    48

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial