michael@0: // some javascript for the CSP eval() tests michael@0: michael@0: function logResult(str, passed) { michael@0: var elt = document.createElement('div'); michael@0: var color = passed ? "#cfc;" : "#fcc"; michael@0: elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;'); michael@0: elt.innerHTML = str; michael@0: document.body.appendChild(elt); michael@0: } michael@0: michael@0: window._testResults = {}; michael@0: michael@0: // callback for when stuff is allowed by CSP michael@0: var onevalexecuted = (function(window) { michael@0: return function(shouldrun, what, data) { michael@0: window._testResults[what] = "ran"; michael@0: window.parent.scriptRan(shouldrun, what, data); michael@0: logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun); michael@0: };})(window); michael@0: michael@0: // callback for when stuff is blocked michael@0: var onevalblocked = (function(window) { michael@0: return function(shouldrun, what, data) { michael@0: window._testResults[what] = "blocked"; michael@0: window.parent.scriptBlocked(shouldrun, what, data); michael@0: logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun); michael@0: };})(window); michael@0: michael@0: michael@0: // Defer until document is loaded so that we can write the pretty result boxes michael@0: // out. michael@0: addEventListener('load', function() { michael@0: // generateCRMFRequest test -- make sure we cannot eval the callback if CSP is in effect michael@0: try { michael@0: var script = 'console.log("dynamic script eval\'d in crypto.generateCRMFRequest should be disallowed")'; michael@0: crypto.generateCRMFRequest('CN=0', 0, 0, null, script, 384, null, 'rsa-dual-use'); michael@0: onevalexecuted(false, "crypto.generateCRMFRequest()", michael@0: "crypto.generateCRMFRequest() should not run!"); michael@0: } catch (e) { michael@0: onevalblocked(false, "eval(script) inside crypto.generateCRMFRequest", michael@0: "eval was blocked during crypto.generateCRMFRequest"); michael@0: } michael@0: michael@0: michael@0: }, false); michael@0: michael@0: michael@0: