diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-22 18:51:38 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-22 18:51:38 +0200 |
commit | 1b4c4256ee7705724b02919b4d432b2a391bcd04 (patch) | |
tree | ba2e9442b55afaa4288c096ae81ca64c8523b3c2 /dom/security/test/general/browser_test_toplevel_data_navigations.js | |
parent | c30ebdac27c93b57e368c69e9c13055a17229992 (diff) | |
download | UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar.gz UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar.lz UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.tar.xz UXP-1b4c4256ee7705724b02919b4d432b2a391bcd04.zip |
moebius#223: Consider blocking top level window data: URIs (part 1/3 without tests)
https://github.com/MoonchildProductions/moebius/pull/223
Diffstat (limited to 'dom/security/test/general/browser_test_toplevel_data_navigations.js')
-rw-r--r-- | dom/security/test/general/browser_test_toplevel_data_navigations.js | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/dom/security/test/general/browser_test_toplevel_data_navigations.js b/dom/security/test/general/browser_test_toplevel_data_navigations.js new file mode 100644 index 000000000..a13a6350e --- /dev/null +++ b/dom/security/test/general/browser_test_toplevel_data_navigations.js @@ -0,0 +1,54 @@ +/* eslint-disable mozilla/no-arbitrary-setTimeout */ + +"use strict"; + +const kDataBody = "toplevel navigation to data: URI allowed"; +const kDataURI = "data:text/html,<body>" + kDataBody + "</body>"; +const kTestPath = getRootDirectory(gTestPath) + .replace("chrome://mochitests/content", "http://example.com") +const kRedirectURI = kTestPath + "file_toplevel_data_navigations.sjs"; +const kMetaRedirectURI = kTestPath + "file_toplevel_data_meta_redirect.html"; + +add_task(async function test_nav_data_uri() { + await SpecialPowers.pushPrefEnv({ + "set": [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + await BrowserTestUtils.withNewTab(kDataURI, async function(browser) { + await ContentTask.spawn(gBrowser.selectedBrowser, {kDataBody}, async function({kDataBody}) { // eslint-disable-line + is(content.document.body.innerHTML, kDataBody, + "data: URI navigation from system should be allowed"); + }); + }); +}); + +add_task(async function test_nav_data_uri_redirect() { + await SpecialPowers.pushPrefEnv({ + "set": [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + let tab = BrowserTestUtils.addTab(gBrowser, kRedirectURI); + registerCleanupFunction(async function() { + await BrowserTestUtils.removeTab(tab); + }); + // wait to make sure data: URI did not load before checking that it got blocked + await new Promise(resolve => setTimeout(resolve, 500)); + await ContentTask.spawn(gBrowser.selectedBrowser, {}, async function() { + is(content.document.body.innerHTML, "", + "data: URI navigation after server redirect should be blocked"); + }); +}); + +add_task(async function test_nav_data_uri_meta_redirect() { + await SpecialPowers.pushPrefEnv({ + "set": [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + let tab = BrowserTestUtils.addTab(gBrowser, kMetaRedirectURI); + registerCleanupFunction(async function() { + await BrowserTestUtils.removeTab(tab); + }); + // wait to make sure data: URI did not load before checking that it got blocked + await new Promise(resolve => setTimeout(resolve, 500)); + await ContentTask.spawn(gBrowser.selectedBrowser, {}, async function() { + is(content.document.body.innerHTML, "", + "data: URI navigation after meta redirect should be blocked"); + }); +}); |