mirror of
https://github.com/classilla/tenfourfox.git
synced 2025-01-23 18:32:20 +00:00
250 lines
9.7 KiB
HTML
250 lines
9.7 KiB
HTML
<!DOCTYPE HTML>
|
|
<!-- Any copyright is dedicated to the Public Domain.
|
|
http://creativecommons.org/publicdomain/zero/1.0/ -->
|
|
<html>
|
|
<head>
|
|
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
|
<script type="application/javascript">
|
|
SimpleTest.waitForExplicitFinish();
|
|
window.onload = function() {
|
|
SimpleTest.finish();
|
|
}
|
|
</script>
|
|
<script>
|
|
function good_correctHashLoaded() {
|
|
ok(true, "A script was correctly loaded when integrity matched")
|
|
}
|
|
function bad_correctHashBlocked() {
|
|
ok(false, "We should load scripts with hashes that match!");
|
|
}
|
|
|
|
function good_correctHashArrayLoaded() {
|
|
ok(true, "A script was correctly loaded when one of the hashes in the integrity attribute matched")
|
|
}
|
|
function bad_correctHashArrayBlocked() {
|
|
ok(false, "We should load scripts with at least one hash that match!");
|
|
}
|
|
|
|
function good_emptyIntegrityLoaded() {
|
|
ok(true, "A script was correctly loaded when the integrity attribute was empty")
|
|
}
|
|
function bad_emptyIntegrityBlocked() {
|
|
ok(false, "We should load scripts with empty integrity attributes!");
|
|
}
|
|
|
|
function good_whitespaceIntegrityLoaded() {
|
|
ok(true, "A script was correctly loaded when the integrity attribute only contained whitespace")
|
|
}
|
|
function bad_whitespaceIntegrityBlocked() {
|
|
ok(false, "We should load scripts with integrity attributes containing only whitespace!");
|
|
}
|
|
|
|
function good_incorrectHashBlocked() {
|
|
ok(true, "A script was correctly blocked, because the hash digest was wrong");
|
|
}
|
|
function bad_incorrectHashLoaded() {
|
|
ok(false, "We should not load scripts with hashes that do not match the content!");
|
|
}
|
|
|
|
function good_incorrectHashArrayBlocked() {
|
|
ok(true, "A script was correctly blocked, because all the hashes were wrong");
|
|
}
|
|
function bad_incorrectHashArrayLoaded() {
|
|
ok(false, "We should not load scripts when none of the hashes match the content!");
|
|
}
|
|
|
|
function good_incorrectHashLengthBlocked() {
|
|
ok(true, "A script was correctly blocked, because the hash length was wrong");
|
|
}
|
|
function bad_incorrectHashLengthLoaded() {
|
|
ok(false, "We should not load scripts with hashes that don't have the right length!");
|
|
}
|
|
|
|
function bad_incorrectHashFunctionBlocked() {
|
|
ok(false, "We should load scripts with invalid/unsupported hash functions!");
|
|
}
|
|
function good_incorrectHashFunctionLoaded() {
|
|
ok(true, "A script was correctly loaded, despite the hash function being invalid/unsupported.");
|
|
}
|
|
|
|
function bad_missingHashFunctionBlocked() {
|
|
ok(false, "We should load scripts with missing hash functions!");
|
|
}
|
|
function good_missingHashFunctionLoaded() {
|
|
ok(true, "A script was correctly loaded, despite a missing hash function.");
|
|
}
|
|
|
|
function bad_missingHashValueBlocked() {
|
|
ok(false, "We should load scripts with missing hash digests!");
|
|
}
|
|
function good_missingHashValueLoaded() {
|
|
ok(true, "A script was correctly loaded, despite the missing hash digest.");
|
|
}
|
|
|
|
function good_401Blocked() {
|
|
ok(true, "A script was not loaded because of 401 response.");
|
|
}
|
|
function bad_401Loaded() {
|
|
ok(false, "We should nt load scripts with a 401 response!");
|
|
}
|
|
|
|
function good_valid302Loaded() {
|
|
ok(true, "A script was loaded successfully despite a 302 response.");
|
|
}
|
|
function bad_valid302Blocked() {
|
|
ok(false, "We should load scripts with a 302 response and the right hash!");
|
|
}
|
|
|
|
function good_invalid302Blocked() {
|
|
ok(true, "A script was blocked successfully after a 302 response.");
|
|
}
|
|
function bad_invalid302Loaded() {
|
|
ok(false, "We should not load scripts with a 302 response and the wrong hash!");
|
|
}
|
|
|
|
function good_validBlobLoaded() {
|
|
ok(true, "A script was loaded successfully from a blob: URL.");
|
|
}
|
|
function bad_validBlobBlocked() {
|
|
ok(false, "We should load scripts using blob: URLs with the right hash!");
|
|
}
|
|
|
|
function good_invalidBlobBlocked() {
|
|
ok(true, "A script was blocked successfully from a blob: URL.");
|
|
}
|
|
function bad_invalidBlobLoaded() {
|
|
ok(false, "We should not load scripts using blob: URLs with the wrong hash!");
|
|
}
|
|
</script>
|
|
</head>
|
|
<body>
|
|
<!-- valid hash. should trigger onload -->
|
|
<!-- the hash value comes from running this command:
|
|
cat script.js | openssl dgst -sha256 -binary | openssl enc -base64 -A
|
|
-->
|
|
<script src="script.js"
|
|
integrity="sha256-RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="bad_correctHashBlocked()"
|
|
onload="good_correctHashLoaded()"></script>
|
|
|
|
<!-- valid sha512 hash. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity="sha512-mzSqH+vC6qrXX46JX2WEZ0FtY/lGj/5+5yYCBlk0jfYHLm0vP6XgsURbq83mwMApsnwbDLXdgjp5J8E93GT6Mw==?ignore=this"
|
|
onerror="bad_correctHashBlocked()"
|
|
onload="good_correctHashLoaded()"></script>
|
|
|
|
<!-- one valid sha256 hash. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity="sha256-rkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA= sha256-RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA= sha256-rkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="bad_correctHashArrayBlocked()"
|
|
onload="good_correctHashArrayLoaded()"></script>
|
|
|
|
<!-- empty integrity. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity=""
|
|
onerror="bad_emptyIntegrityBlocked()"
|
|
onload="good_emptyIntegrityLoaded()"></script>
|
|
|
|
<!-- whitespace integrity. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity="
|
|
|
|
"
|
|
onerror="bad_whitespaceIntegrityBlocked()"
|
|
onload="good_whitespaceIntegrityLoaded()"></script>
|
|
|
|
<!-- invalid sha256 hash but valid sha384 hash. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity="sha256-bogus sha384-zDCkvKOHXk8mM6Nk07oOGXGME17PA4+ydFw+hq0r9kgF6ZDYFWK3fLGPEy7FoOAo?"
|
|
onerror="bad_correctHashBlocked()"
|
|
onload="good_correctHashLoaded()"></script>
|
|
|
|
<!-- valid sha256 and invalid sha384. should trigger onerror -->
|
|
<script src="script.js"
|
|
integrity="sha256-RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA= sha384-RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="good_incorrectHashLengthBlocked()"
|
|
onload="bad_incorrectHashLengthLoaded()"></script>
|
|
|
|
<!-- invalid hash. should trigger onerror -->
|
|
<script src="script.js"
|
|
integrity="sha256-rkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="good_incorrectHashBlocked()"
|
|
onload="bad_incorrectHashLoaded()"></script>
|
|
|
|
<!-- invalid hashes. should trigger onerror -->
|
|
<script src="script.js"
|
|
integrity="sha256-rkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA= sha256-ZkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA= sha256-zkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="good_incorrectHashBlocked()"
|
|
onload="bad_incorrectHashLoaded()"></script>
|
|
|
|
<!-- invalid hash function. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity="rot13-RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="bad_incorrectHashFunctionBlocked()"
|
|
onload="good_incorrectHashFunctionLoaded()"></script>
|
|
|
|
<!-- missing hash function. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity="RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="bad_missingHashFunctionBlocked()"
|
|
onload="good_missingHashFunctionLoaded()"></script>
|
|
|
|
<!-- missing hash value. should trigger onload -->
|
|
<script src="script.js"
|
|
integrity="sha512-"
|
|
onerror="bad_missingHashValueBlocked()"
|
|
onload="good_missingHashValueLoaded()"></script>
|
|
|
|
<!-- 401 response. should trigger onerror -->
|
|
<script src="script_401.js"
|
|
integrity="sha256-RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="good_401Blocked()"
|
|
onload="bad_401Loaded()"></script>
|
|
|
|
<!-- valid sha256 after a redirection. should trigger onload -->
|
|
<script src="script_302.js"
|
|
integrity="sha256-RkrQYrxD/HCx+ImVLb51nvxJ6ZHfwuEm7bHppTun9oA="
|
|
onerror="bad_valid302Blocked()"
|
|
onload="good_valid302Loaded()"></script>
|
|
|
|
<!-- invalid sha256 after a redirection. should trigger onerror -->
|
|
<script src="script_302.js"
|
|
integrity="sha256-JSi74NSN8WQNr9syBGmNg2APJp9PnHUO5ioZo5hmIiQ="
|
|
onerror="good_invalid302Blocked()"
|
|
onload="bad_invalid302Loaded()"></script>
|
|
|
|
<!-- valid sha256 for a blob: URL -->
|
|
<script>
|
|
var blob = new Blob(["console.log('blob:valid');"],
|
|
{type:"application/javascript"});
|
|
var script = document.createElement('script');
|
|
script.setAttribute('src', URL.createObjectURL(blob));
|
|
script.setAttribute('integrity', 'sha256-AwLdXiGfCqOxOXDPUim73G8NVEL34jT0IcQR/tqv/GQ=');
|
|
script.onerror = bad_validBlobBlocked;
|
|
script.onload = good_validBlobLoaded;
|
|
var head = document.getElementsByTagName('head').item(0);
|
|
head.appendChild(script);
|
|
</script>
|
|
|
|
<!-- invalid sha256 for a blob: URL -->
|
|
<script>
|
|
var blob = new Blob(["console.log('blob:invalid');"],
|
|
{type:"application/javascript"});
|
|
var script = document.createElement('script');
|
|
script.setAttribute('src', URL.createObjectURL(blob));
|
|
script.setAttribute('integrity', 'sha256-AwLdXiGfCqOxOXDPUim73G8NVEL34jT0IcQR/tqv/GQ=');
|
|
script.onerror = good_invalidBlobBlocked;
|
|
script.onload = bad_invalidBlobLoaded;
|
|
var head = document.getElementsByTagName('head').item(0);
|
|
head.appendChild(script);
|
|
</script>
|
|
|
|
<p id="display"></p>
|
|
<div id="content" style="display: none">
|
|
</div>
|
|
<pre id="test">
|
|
</pre>
|
|
</body>
|
|
</html>
|