Macintosh-SW/tenfourfox
1
0
Fork 0
mirror of https://github.com/classilla/tenfourfox.git synced 2025-01-16 17:31:17 +00:00
Code Issues Projects Releases Wiki Activity
tenfourfox/dom/security/test/csp/test_docwrite_meta.html

87 lines
3.3 KiB
HTML
Raw Permalink Normal View History

hello FPR
2017-04-19 00:56:45 -07:00
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Bug 663570 - Implement Content Security Policy via meta tag</title>
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<iframe style="width:100%;" id="writemetacspframe"></iframe>
<iframe style="width:100%;" id="commentmetacspframe"></iframe>
<script class="testbody" type="text/javascript">
/* Description of the test:
* We load two frames, where the first frame does doc.write(meta csp) and
* the second does doc.write(comment out meta csp).
* We make sure to reuse/invalidate preloads depending on the policy.
*/
SimpleTest.waitForExplicitFinish();
var writemetacspframe = document.getElementById("writemetacspframe");
var commentmetacspframe = document.getElementById("commentmetacspframe");
var seenResults = 0;
function checkTestsDone() {
seenResults++;
if (seenResults < 2) {
return;
}
SimpleTest.finish();
}
// document.write(<meta csp ...>) should block resources from being included in the doc
function checkResultsBlocked() {
writemetacspframe.removeEventListener('load', checkResultsBlocked, false);
// stylesheet: default background color within FF is transparent
var bgcolor = window.getComputedStyle(writemetacspframe.contentDocument.body)
.getPropertyValue("background-color");
is(bgcolor, "transparent", "inital background value in FF should be 'transparent'");
// image: make sure image is blocked
var img = writemetacspframe.contentDocument.getElementById("testimage");
is(img.width, 0, "image widht should be 0");
is(img.height, 0, "image widht should be 0");
// script: make sure defined variable in external script is undefined
is(writemetacspframe.contentDocument.myMetaCSPScript, undefined, "myMetaCSPScript should be 'undefined'");
checkTestsDone();
}
// document.write(<--) to comment out meta csp should allow resources to be loaded
// after the preload failed
function checkResultsAllowed() {
commentmetacspframe.removeEventListener('load', checkResultsAllowed, false);
// stylesheet: should be applied; bgcolor should be red
var bgcolor = window.getComputedStyle(commentmetacspframe.contentDocument.body).getPropertyValue("background-color");
is(bgcolor, "rgb(255, 0, 0)", "background should be red/rgb(255, 0, 0)");
// image: should be completed
var img = commentmetacspframe.contentDocument.getElementById("testimage");
ok(img.complete, "image should not be loaded");
// script: defined variable in external script should be accessible
is(commentmetacspframe.contentDocument.myMetaCSPScript, "external-JS-loaded", "myMetaCSPScript should be 'external-JS-loaded'");
checkTestsDone();
}
// doc.write(meta csp) should should allow preloads but should block actual loads
writemetacspframe.src = 'file_docwrite_meta.html';
writemetacspframe.addEventListener('load', checkResultsBlocked, false);
// commenting out a meta CSP should result in loaded image, script, style
commentmetacspframe.src = 'file_doccomment_meta.html';
commentmetacspframe.addEventListener('load', checkResultsAllowed, false);
</script>
</body>
</html>
Reference in New Issue Copy Permalink