The Tor Browser: docshell/test/chrome/test_viewsource_forbidden_in

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 <?xml version="1.0"?>

     2 <?xml-stylesheet type="text/css" href="chrome://global/skin/"?>

     3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>

     4 <!--

     5 https://bugzilla.mozilla.org/show_bug.cgi?id=624883

     6 -->

     7 <window title="Mozilla Bug 624883"

     8         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">

     9   <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js" />

    11   <!-- test results are displayed in the html:body -->

    12   <body xmlns="http://www.w3.org/1999/xhtml">

    13   <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=624883"

    14      target="_blank">Mozilla Bug 624883</a>

    15   </body>

    17   <!-- test code goes here -->

    18   <iframe type="content" onload="startTest()" src="file_viewsource_forbidden_in_iframe.html"></iframe>

    20   <script type="application/javascript">

    21   <![CDATA[

    23   const Ci = Components.interfaces;

    24   const Cu = Components.utils;

    26   Cu.import("resource://gre/modules/XPCOMUtils.jsm");

    28   SimpleTest.waitForExplicitFinish();

    30   // We create a promise that will resolve with the error message

    31   // on a network error page load and reject on any other load.

    32   function createNetworkErrorMessagePromise(frame) {

    33     return new Promise(function(resolve, reject) {

    35       // Error pages do not fire "load" events, so use a progressListener.

    36       var originalDocumentURI = frame.contentDocument.documentURI;

    37       var progressListener = {

    38         onLocationChange: function(aWebProgress, aRequest, aLocation, aFlags) {

    39           // Make sure nothing other than an error page is loaded.

    40           if (!(aFlags & Ci.nsIWebProgressListener.LOCATION_CHANGE_ERROR_PAGE)) {

    41             reject("location change was not to an error page");

    42           }

    43         },

    45         onStateChange: function(aWebProgress, aRequest, aStateFlags, aStatus) {

    46           // Wait until the documentURI changes (from about:blank) this should

    47           // be the error page URI.

    48           var documentURI = frame.contentDocument.documentURI;

    49           if (documentURI == originalDocumentURI) {

    50             return;

    51           }

    53           aWebProgress.removeProgressListener(progressListener,

    54                                               Ci.nsIWebProgress.NOTIFY_ALL);

    55           var matchArray = /about:neterror\?.*&d=([^&]*)/.exec(documentURI);

    56           if (!matchArray) {

    57             reject("no network error message found in URI")

    58             return;

    59           }

    61           var errorMsg = matchArray[1];

    62           resolve(decodeURIComponent(errorMsg));

    63         },

    65         QueryInterface: XPCOMUtils.generateQI([Ci.nsIWebProgressListener,

    66                                                Ci.nsISupportsWeakReference])

    67       };

    69       frame.contentWindow.QueryInterface(Ci.nsIInterfaceRequestor)

    70                          .getInterface(Ci.nsIWebNavigation)

    71                          .QueryInterface(Ci.nsIInterfaceRequestor)

    72                          .getInterface(Ci.nsIWebProgress)

    73                          .addProgressListener(progressListener,

    74                                               Ci.nsIWebProgress.NOTIFY_LOCATION |

    75                                               Ci.nsIWebProgress.NOTIFY_STATE_REQUEST);

    76     });

    77   }

    79   function startTest() {

    80     // Get a reference message that we know will be an unknown protocol message,

    81     // so we can use it for comparisons in the test cases.

    82     var refIframe = window[0].document.getElementById("refIframe");

    83     var refErrorPromise = createNetworkErrorMessagePromise(refIframe);

    85     refErrorPromise.then(

    86       function(msg) {

    87         window.refErrorMsg = msg;

    88         var testIframe = window[0].document.getElementById("testIframe");

    90         // Run test cases on load of "about:blank", so that the URI always changes

    91         // and we can detect this in our Promise.

    92         testIframe.onload = runNextTestCase;

    93         testIframe.src = "about:blank";

    94       },

    95       function(reason) {

    96         ok(false, "Could not get reference error message", reason);

    97         SimpleTest.finish();

    98       })

    99       .catch(function(e) {

   100         ok(false, "Unexpected exception thrown getting reference error message", exception);

   101       });

   103     refIframe.src = "wibble://example.com";

   104   }

   106   function runTestCase(testCase) {

   107     var testIframe = window[0].document.getElementById("testIframe");

   108     var expectedErrorMsg = window.refErrorMsg.replace("wibble", testCase.expectedProtocolList);

   110     var testErrorPromise = createNetworkErrorMessagePromise(testIframe);

   111     testErrorPromise.then(

   112       function(actualErrorMsg) {

   113         is(actualErrorMsg, expectedErrorMsg, testCase.desc);

   114         testIframe.src = "about:blank";

   115       },

   116       function(reason) {

   117         ok(false, testCase.desc, reason);

   118         testIframe.src = "about:blank";

   119       })

   120       .catch(function(e) {

   121         ok(false, testCase.desc + " - unexpected exception thrown", exception);

   122       });

   124     testIframe.src = testCase.protocols + "://example.com/!/";

   125   }

   127   var testCaseIndex = -1;

   128   testCases = [

   129     {

   130       desc: "Test 1: view-source should not be allowed in an iframe",

   131       protocols: "view-source:http",

   132       expectedProtocolList: "view-source, http"

   133     },

   134     {

   135       desc: "Test 2: feed:view-source should not be allowed in an iframe",

   136       protocols: "feed:view-source:http",

   137       expectedProtocolList: "feed, view-source, http"

   138     },

   139     {

   140       desc: "Test 3: jar:view-source should not be allowed in an iframe",

   141       protocols: "jar:view-source:http",

   142       expectedProtocolList: "jar, view-source, http"

   143     },

   144     {

   145       desc: "Test 4: pcast:view-source should not be allowed in an iframe",

   146       protocols: "pcast:view-source:http",

   147       expectedProtocolList: "pcast, view-source, http"

   148     },

   149     {

   150       desc: "Test 5: pcast:feed:view-source should not be allowed in an iframe",

   151       protocols: "pcast:feed:view-source:http",

   152       expectedProtocolList: "pcast, feed, view-source, http"

   153     },

   154     {

   155       desc: "Test 6: if invalid protocol first should report before view-source",

   156       protocols: "wibble:view-source:http",

   157       // Nothing after the invalid protocol gets set as a proper nested URI,

   158       // so the list stops there.

   159       expectedProtocolList: "wibble"

   160     },

   161     {

   162       desc: "Test 7: if view-source first should report before invalid protocol",

   163       protocols: "view-source:wibble:http",

   164       expectedProtocolList: "view-source, wibble"

   165     }

   166   ];

   168   function runNextTestCase() {

   169     ++testCaseIndex;

   170     if (testCaseIndex == testCases.length) {

   171       SimpleTest.finish();

   172       return;

   173     }

   175     runTestCase(testCases[testCaseIndex]);

   176   }

   178   ]]>

   179   </script>

   180 </window>

The Tor Browser / file revision