The Tor Browser / file revision

content/base/test/csp/test_multi_policy_injection_bypass.html@b8a032363ba2

content/base/test/csp/test_multi_policy_injection_bypass.html

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 <!DOCTYPE HTML>

     2 <html>

     3 <!--

     4 https://bugzilla.mozilla.org/show_bug.cgi?id=717511

     5 -->

     6 <head>

     7   <title>Test for Bug 717511</title>

     8   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>

     9   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />

    10 </head>

    11 <body>

    12 <p id="display"></p>

    13 <div id="content" style="display: none">

    14 

    15 

    16 </div>

    17 

    18 <iframe style="width:200px;height:200px;" id='cspframe'></iframe>

    19 <iframe style="width:200px;height:200px;" id='cspframe2'></iframe>

    20 <script class="testbody" type="text/javascript">

    21 

    22 var path = "/tests/content/base/test/";

    23 

    24 // These are test results: -1 means it hasn't run,

    25 // true/false is the pass/fail result.

    26 // This is not exhaustive, just double-checking the 'self' vs * policy conflict in the two HTTP headers.

    27 window.tests = {

    28   img_good: -1,

    29   img_bad: -1,

    30   script_good: -1,

    31   script_bad: -1,

    32   img2_good: -1,

    33   img2_bad: -1,

    34   script2_good: -1,

    35   script2_bad: -1,

    36 };

    37 

    38 

    39 // This is used to watch the blocked data bounce off CSP and allowed data

    40 // get sent out to the wire.

    41 function examiner() {

    42   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);

    43   SpecialPowers.addObserver(this, "http-on-modify-request", false);

    44 }

    45 examiner.prototype  = {

    46   observe: function(subject, topic, data) {

    47     // subject should be an nsIHttpChannel (for http-on-modify-request)

    48     // and nsIURI for csp-on-violate-policy, and the Request should be

    49     //either allowed or blocked.

    50     if(!SpecialPowers.can_QI(subject))

    51       return;

    52 

    53     var testpat = new RegExp("testid=([a-z0-9_]+)");

    54 

    55     //_good things better be allowed!

    56     //_bad things better be stopped!

    57 

    58     if (topic === "http-on-modify-request") {

    59       //these things were allowed by CSP

    60       var asciiSpec = SpecialPowers.getPrivilegedProps(

    61                         SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"),

    62                         "URI.asciiSpec");

    63       if (!testpat.test(asciiSpec)) return;

    64       var testid = testpat.exec(asciiSpec)[1];

    65       window.testResult(testid,

    66                         /_good/.test(testid),

    67                         asciiSpec + " allowed by csp");

    68 

    69     }

    70 

    71     if(topic === "csp-on-violate-policy") {

    72       //these were blocked... record that they were blocked

    73       var asciiSpec = SpecialPowers.getPrivilegedProps(

    74                         SpecialPowers.do_QueryInterface(subject, "nsIURI"),

    75                         "asciiSpec");

    76       if (!testpat.test(asciiSpec)) return;

    77       var testid = testpat.exec(asciiSpec)[1];

    78       window.testResult(testid,

    79                         /_bad/.test(testid),

    80                         asciiSpec + " blocked by \"" + data + "\"");

    81     }

    82   },

    83 

    84   // must eventually call this to remove the listener,

    85   // or mochitests might get borked.

    86   remove: function() {

    87     SpecialPowers.removeObserver(this, "csp-on-violate-policy");

    88     SpecialPowers.removeObserver(this, "http-on-modify-request");

    89   }

    90 }

    91 

    92 window.examiner = new examiner();

    93 

    94 window.testResult = function(testname, result, msg) {

    95 

    96   //test already complete.... forget it... remember the first result.

    97   if (window.tests[testname] != -1)

    98     return;

    99 

   100   window.tests[testname] = result;

   101   is(result, true, testname + ' test: ' + msg);

   102 

   103   // if any test is incomplete, keep waiting

   104   for (var v in window.tests)

   105     if(tests[v] == -1)

   106       return;

   107 

   108   // ... otherwise, finish

   109   window.examiner.remove();

   110   SimpleTest.finish();

   111 }

   112 

   113 SimpleTest.waitForExplicitFinish();

   114 

   115 // save this for last so that our listeners are registered.

   116 // ... this loads the testbed of good and bad requests.

   117 

   118 document.getElementById('cspframe').src = 'file_multi_policy_injection_bypass.html';

   119 document.getElementById('cspframe2').src = 'file_multi_policy_injection_bypass_2.html';

   120 

   121 </script>

   122 </pre>

   123 </body>

   124 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial