michael@0: // Tests whether characters above 0x7F decode to ASCII characters liable to 
michael@0: // expose XSS vulnerabilities
michael@0: load('CharsetConversionTests.js');
michael@0: 
michael@0: function run_test() {
michael@0:   var failures = false;
michael@0:   var ccManager = Cc["@mozilla.org/charset-converter-manager;1"]
michael@0:         .getService(Ci.nsICharsetConverterManager);
michael@0:   var decodingConverter = CreateScriptableConverter();
michael@0: 
michael@0:   var charsetList = ccManager.getDecoderList();
michael@0:   var counter = 0;
michael@0:   while (charsetList.hasMore()) {
michael@0:     ++counter;
michael@0:     var charset = charsetList.getNext();
michael@0:     dump("testing " + counter + " " + charset + "\n");
michael@0:       
michael@0:     try {
michael@0:       decodingConverter.charset = charset;
michael@0:     } catch(e) {
michael@0:       dump("Warning: couldn't set decoder charset to " + charset + "\n");
michael@0:       continue;
michael@0:     }
michael@0:     for (var i = 0x80; i < 0x100; ++i) {
michael@0:       var inString = String.fromCharCode(i);
michael@0:       var outString;
michael@0:       try {
michael@0: 	outString = decodingConverter.ConvertToUnicode(inString) +
michael@0: 	                decodingConverter.Finish();
michael@0:       } catch(e) {
michael@0: 	outString = String.fromCharCode(0xFFFD);
michael@0:       }
michael@0:       for (var n = 0; n < outString.length; ++n) {
michael@0: 	var outChar = outString.charAt(n);
michael@0: 	if (outChar == '<' || outChar == '>' || outChar == '/') {
michael@0: 	  dump(charset + " has a problem: " + escape(inString) +
michael@0: 	       " decodes to '" + outString + "'\n");
michael@0: 	  failures = true;
michael@0: 	}
michael@0:       }
michael@0:     }
michael@0:   }
michael@0:   if (failures) {
michael@0:     do_throw("test failed\n");
michael@0:   }
michael@0: }