diff options
| author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-08-25 09:50:55 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-22 11:23:16 +0100 |
| commit | cdcfbde10dbcf0fab0630d5ee0146be45d7a6572 (patch) | |
| tree | fc40d9dcb0e31e526b468b1202ca0f445f24e729 /dom/security/test/csp/test_punycode_host_src.html | |
| parent | b4dac5093a75a024643b93aef88758770df73c55 (diff) | |
| download | UXP-cdcfbde10dbcf0fab0630d5ee0146be45d7a6572.tar UXP-cdcfbde10dbcf0fab0630d5ee0146be45d7a6572.tar.gz UXP-cdcfbde10dbcf0fab0630d5ee0146be45d7a6572.tar.lz UXP-cdcfbde10dbcf0fab0630d5ee0146be45d7a6572.tar.xz UXP-cdcfbde10dbcf0fab0630d5ee0146be45d7a6572.zip | |
CSP: Support IDNs in connect-src
Diffstat (limited to 'dom/security/test/csp/test_punycode_host_src.html')
| -rw-r--r-- | dom/security/test/csp/test_punycode_host_src.html | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_punycode_host_src.html b/dom/security/test/csp/test_punycode_host_src.html new file mode 100644 index 000000000..8d891725c --- /dev/null +++ b/dom/security/test/csp/test_punycode_host_src.html @@ -0,0 +1,81 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1224225 - CSP source matching should work for punycoded domain names</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* Description of the test: + * We load scripts within an iframe and make sure that the + * CSP matching is same for punycode domain names as well as IDNA. + */ + +SimpleTest.waitForExplicitFinish(); + + +var curTest; +var counter = -1; + +const tests = [ + { // test 1 + description: "loads script as sub2.ält.example.org, but whitelist in CSP as sub2.xn--lt-uia.example.org", + action: "script-unicode-csp-punycode", + csp: "script-src http://sub2.xn--lt-uia.example.org;", + expected: "script-allowed", + + }, + { // test 2 + description: "loads script as sub2.xn--lt-uia.example.org, and whitelist in CSP as sub2.xn--lt-uia.example.org", + action: "script-punycode-csp-punycode", + csp: "script-src http://sub2.xn--lt-uia.example.org;", + expected: "script-allowed", + + }, + { // test 3 + description: "loads script as sub2.xn--lt-uia.example.org, and whitelist in CSP as sub2.xn--lt-uia.example.org", + action: "script-punycode-csp-punycode", + csp: "script-src *.xn--lt-uia.example.org;", + expected: "script-allowed", + + }, + +]; + +function finishTest() { + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); +} + +function checkResults(result) { + is(result, curTest.expected, curTest.description); + loadNextTest(); +} + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + checkResults(event.data.result); +} + +function loadNextTest() { + counter++; + if (counter == tests.length) { + finishTest(); + return; + } + curTest = tests[counter]; + var testframe = document.getElementById("testframe"); + testframe.src = `file_punycode_host_src.sjs?action=${curTest.action}&csp=${curTest.csp}`; +} + +loadNextTest(); + +</script> +</body> +</html> |