summaryrefslogtreecommitdiffstats
path: root/docshell/test
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-05-01 09:53:46 +0200
committerGitHub <noreply@github.com>2018-05-01 09:53:46 +0200
commitae45e61da06ba989fcbb856183d9578d4d4f51ed (patch)
tree5c7dea17ce684c1cce57011ef487370c22d0e677 /docshell/test
parentfefce8f7ccbc476cfc46e61b01eff069346d3c73 (diff)
parentcc4036a9cd56d504667c07fe215e61b22ab0e1f4 (diff)
downloadUXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar
UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar.gz
UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar.lz
UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar.xz
UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.zip
Merge pull request #311 from janekptacijarabaci/security_blocking_data_2
Use asyncOpen2() for docshell loads
Diffstat (limited to 'docshell/test')
-rw-r--r--docshell/test/browser/browser.ini3
-rw-r--r--docshell/test/browser/browser_click_link_within_view_source.js60
-rw-r--r--docshell/test/browser/browser_history_triggeringprincipal_viewsource.js50
-rw-r--r--docshell/test/browser/dummy_page.html6
-rw-r--r--docshell/test/browser/file_click_link_within_view_source.html6
-rw-r--r--docshell/test/dummy_page.html6
-rw-r--r--docshell/test/mochitest.ini2
-rw-r--r--docshell/test/test_triggeringprincipal_location_seturi.html102
8 files changed, 235 insertions, 0 deletions
diff --git a/docshell/test/browser/browser.ini b/docshell/test/browser/browser.ini
index 9211092a4..300caff1a 100644
--- a/docshell/test/browser/browser.ini
+++ b/docshell/test/browser/browser.ini
@@ -1,5 +1,6 @@
[DEFAULT]
support-files =
+ dummy_page.html
favicon_bug655270.ico
file_bug234628-1-child.html
file_bug234628-1.html
@@ -45,6 +46,7 @@ support-files =
browser_timelineMarkers-frame-05.js
head.js
frame-head.js
+ file_click_link_within_view_source.html
[browser_bug1206879.js]
[browser_bug1309900_crossProcessHistoryNavigation.js]
@@ -91,3 +93,4 @@ skip-if = true # Bug 1220415
[browser_timelineMarkers-04.js]
[browser_timelineMarkers-05.js]
[browser_ua_emulation.js]
+[browser_click_link_within_view_source.js]
diff --git a/docshell/test/browser/browser_click_link_within_view_source.js b/docshell/test/browser/browser_click_link_within_view_source.js
new file mode 100644
index 000000000..84cfc1f0f
--- /dev/null
+++ b/docshell/test/browser/browser_click_link_within_view_source.js
@@ -0,0 +1,60 @@
+"use strict";
+
+/**
+ * Test for Bug 1359204
+ *
+ * Loading a local file, then view-source on that file. Make sure that
+ * clicking a link within that view-source page is not blocked by security checks.
+ */
+
+add_task(function* test_click_link_within_view_source() {
+ let TEST_FILE = "file_click_link_within_view_source.html";
+ let TEST_FILE_URI = getChromeDir(getResolvedURI(gTestPath));
+ TEST_FILE_URI.append(TEST_FILE);
+ TEST_FILE_URI = Services.io.newFileURI(TEST_FILE_URI).spec;
+
+ let DUMMY_FILE = "dummy_page.html";
+ let DUMMY_FILE_URI = getChromeDir(getResolvedURI(gTestPath));
+ DUMMY_FILE_URI.append(DUMMY_FILE);
+ DUMMY_FILE_URI = Services.io.newFileURI(DUMMY_FILE_URI).spec;
+
+ yield BrowserTestUtils.withNewTab(TEST_FILE_URI, function*(aBrowser) {
+ let tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+ info("loading: " + tabSpec);
+ ok(tabSpec.startsWith("file://") && tabSpec.endsWith(TEST_FILE),
+ "sanity check to make sure html loaded");
+
+ info("click view-source of html");
+ let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser);
+ document.getElementById("View:PageSource").doCommand();
+
+ let tab = yield tabPromise;
+ tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+ info("loading: " + tabSpec);
+ ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(TEST_FILE),
+ "loading view-source of html succeeded");
+
+ info("click testlink within view-source page");
+ let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, url => url.endsWith("dummy_page.html"));
+ yield ContentTask.spawn(gBrowser.selectedBrowser, {}, function*() {
+ if (content.document.readyState != "complete") {
+ yield ContentTaskUtils.waitForEvent(content.document, "readystatechange", false, () =>
+ content.document.readyState == "complete");
+ }
+ // document.getElementById() does not work on a view-source page, hence we use document.links
+ let linksOnPage = content.document.links;
+ is (linksOnPage.length, 1, "sanity check: make sure only one link is present on page");
+ let myLink = content.document.links[0];
+ myLink.click();
+ });
+
+ yield loadPromise;
+
+ tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+ info("loading: " + tabSpec);
+ ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(DUMMY_FILE),
+ "loading view-source of html succeeded");
+
+ yield BrowserTestUtils.removeTab(tab);
+ });
+});
diff --git a/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js b/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js
new file mode 100644
index 000000000..96908bbc2
--- /dev/null
+++ b/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js
@@ -0,0 +1,50 @@
+"use strict";
+
+const TEST_PATH = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "http://example.com");
+const HTML_URI = TEST_PATH + "dummy_page.html";
+const VIEW_SRC_URI = "view-source:" + HTML_URI;
+
+add_task(function*() {
+ info("load baseline html in new tab");
+ yield BrowserTestUtils.withNewTab(HTML_URI, function*(aBrowser) {
+ is(gBrowser.selectedBrowser.currentURI.spec, HTML_URI,
+ "sanity check to make sure html loaded");
+
+ info("right-click -> view-source of html");
+ let vSrcCtxtMenu = document.getElementById("contentAreaContextMenu");
+ let popupPromise = BrowserTestUtils.waitForEvent(vSrcCtxtMenu, "popupshown");
+ BrowserTestUtils.synthesizeMouseAtCenter("body", { type: "contextmenu", button: 2 }, aBrowser);
+ yield popupPromise;
+ let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser, VIEW_SRC_URI);
+ let vSrcItem = vSrcCtxtMenu.getElementsByAttribute("id", "context-viewsource")[0];
+ vSrcItem.click();
+ vSrcCtxtMenu.hidePopup();
+ let tab = yield tabPromise;
+ is(gBrowser.selectedBrowser.currentURI.spec, VIEW_SRC_URI,
+ "loading view-source of html succeeded");
+
+ info ("load html file again before going .back()");
+ let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, HTML_URI);
+ yield ContentTask.spawn(tab.linkedBrowser, HTML_URI, HTML_URI => {
+ content.document.location = HTML_URI;
+ });
+ yield loadPromise;
+ is(gBrowser.selectedBrowser.currentURI.spec, HTML_URI,
+ "loading html another time succeeded");
+
+ info("click .back() to view-source of html again and make sure the history entry has a triggeringPrincipal");
+ let backCtxtMenu = document.getElementById("contentAreaContextMenu");
+ popupPromise = BrowserTestUtils.waitForEvent(backCtxtMenu, "popupshown");
+ BrowserTestUtils.synthesizeMouseAtCenter("body", { type: "contextmenu", button: 2 }, aBrowser);
+ yield popupPromise;
+ loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, VIEW_SRC_URI);
+ let backItem = backCtxtMenu.getElementsByAttribute("id", "context-back")[0];
+ backItem.click();
+ backCtxtMenu.hidePopup();
+ yield loadPromise;
+ is(gBrowser.selectedBrowser.currentURI.spec, VIEW_SRC_URI,
+ "clicking .back() to view-source of html succeeded");
+
+ yield BrowserTestUtils.removeTab(tab);
+ });
+});
diff --git a/docshell/test/browser/dummy_page.html b/docshell/test/browser/dummy_page.html
new file mode 100644
index 000000000..59bf2a5f8
--- /dev/null
+++ b/docshell/test/browser/dummy_page.html
@@ -0,0 +1,6 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+ <body>
+ just a dummy html file
+ </body>
+</html>
diff --git a/docshell/test/browser/file_click_link_within_view_source.html b/docshell/test/browser/file_click_link_within_view_source.html
new file mode 100644
index 000000000..d78e4ba0f
--- /dev/null
+++ b/docshell/test/browser/file_click_link_within_view_source.html
@@ -0,0 +1,6 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+ <body>
+ <a id="testlink" href="dummy_page.html">clickme</a>
+ </body>
+</html>
diff --git a/docshell/test/dummy_page.html b/docshell/test/dummy_page.html
new file mode 100644
index 000000000..59bf2a5f8
--- /dev/null
+++ b/docshell/test/dummy_page.html
@@ -0,0 +1,6 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+ <body>
+ just a dummy html file
+ </body>
+</html>
diff --git a/docshell/test/mochitest.ini b/docshell/test/mochitest.ini
index 7b27908fb..2298bed74 100644
--- a/docshell/test/mochitest.ini
+++ b/docshell/test/mochitest.ini
@@ -11,6 +11,7 @@ support-files =
bug668513_redirect.html
bug668513_redirect.html^headers^
bug691547_frame.html
+ dummy_page.html
file_anchor_scroll_after_document_open.html
file_bug385434_1.html
file_bug385434_2.html
@@ -94,3 +95,4 @@ skip-if = toolkit == 'android' # bug 784321
support-files = file_framedhistoryframes.html
[test_pushState_after_document_open.html]
[test_windowedhistoryframes.html]
+[test_triggeringprincipal_location_seturi.html]
diff --git a/docshell/test/test_triggeringprincipal_location_seturi.html b/docshell/test/test_triggeringprincipal_location_seturi.html
new file mode 100644
index 000000000..3b0c7bac5
--- /dev/null
+++ b/docshell/test/test_triggeringprincipal_location_seturi.html
@@ -0,0 +1,102 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<script type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+const SAME_ORIGIN_URI = "http://mochi.test:8888/tests/docshell/test/dummy_page.html";
+const CROSS_ORIGIN_URI = "http://example.com/tests/docshell/test/dummy_page.html";
+const NUMBER_OF_TESTS = 3;
+let testCounter = 0;
+
+function checkFinish() {
+ testCounter++;
+ if (testCounter < NUMBER_OF_TESTS) {
+ return;
+ }
+ SimpleTest.finish();
+}
+
+// ---- test 1 ----
+
+let myFrame1 = document.createElement("iframe");
+myFrame1.src = SAME_ORIGIN_URI;
+myFrame1.addEventListener("load", checkLoadFrame1);
+document.documentElement.appendChild(myFrame1);
+
+function checkLoadFrame1() {
+ myFrame1.removeEventListener('load', checkLoadFrame1, false);
+ // window.location.href is no longer cross-origin accessible in gecko.
+ is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, SAME_ORIGIN_URI,
+ "initial same origin dummy loaded into frame1");
+
+ SpecialPowers.wrap(myFrame1.contentWindow).location.hash = "#bar";
+ is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, SAME_ORIGIN_URI + "#bar",
+ "initial same origin dummy#bar loaded into iframe1");
+
+ myFrame1.addEventListener("load", checkNavFrame1);
+ myFrame1.src = CROSS_ORIGIN_URI;
+}
+
+function checkNavFrame1() {
+ myFrame1.removeEventListener('load', checkNavFrame1, false);
+ is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, CROSS_ORIGIN_URI,
+ "cross origin dummy loaded into frame1");
+
+ myFrame1.addEventListener("load", checkBackNavFrame1);
+ myFrame1.src = SAME_ORIGIN_URI + "#bar";
+}
+
+function checkBackNavFrame1() {
+ myFrame1.removeEventListener('load', checkBackNavFrame1, false);
+ is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, SAME_ORIGIN_URI + "#bar",
+ "navagiating back to same origin dummy for frame1");
+ checkFinish();
+}
+
+// ---- test 2 ----
+
+let myFrame2 = document.createElement("iframe");
+myFrame2.src = "about:blank";
+myFrame2.addEventListener("load", checkLoadFrame2);
+document.documentElement.appendChild(myFrame2);
+
+function checkLoadFrame2() {
+ myFrame2.removeEventListener('load', checkLoadFrame2, false);
+ is(SpecialPowers.wrap(myFrame2.contentWindow).location.href, "about:blank",
+ "initial about:blank frame loaded");
+
+ myFrame2.contentWindow.location.hash = "#foo";
+ is(SpecialPowers.wrap(myFrame2.contentWindow).location.href, "about:blank#foo",
+ "about:blank#foo frame loaded");
+
+ myFrame2.addEventListener('load', checkHistoryFrame2);
+ myFrame2.src = "about:blank";
+}
+
+function checkHistoryFrame2() {
+ myFrame2.removeEventListener('load', checkHistoryFrame2, false);
+ is(SpecialPowers.wrap(myFrame2.contentWindow).location.href, "about:blank",
+ "about:blank frame loaded again");
+ checkFinish();
+}
+
+// ---- test 3 ----
+
+let myFrame3 = document.createElement("frame");
+document.documentElement.appendChild(myFrame3);
+myFrame3.contentWindow.location.hash = "#foo";
+
+is(myFrame3.contentWindow.location.href, "about:blank#foo",
+ "created history entry with about:blank#foo");
+checkFinish();
+
+</script>
+</body>
+</html>