Add m-esr52 at 52.6.0

author: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
committer: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
commit: 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree: 10027f336435511475e392454359edea8e25895d /dom/security/test/mixedcontentblocker
parent: 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download: UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
15 files changed, 1363 insertions, 0 deletions
diff --git a/dom/security/test/mixedcontentblocker/file_bug803225_test_mailto.html b/dom/security/test/mixedcontentblocker/file_bug803225_test_mailto.html
new file mode 100644
index 000000000..f1459d366
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_bug803225_test_mailto.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Mailto Protocol Compose Page
+https://bugzilla.mozilla.org/show_bug.cgi?id=803225
+-->
+<head> <meta charset="utf-8"> 
+</head>
+<body>
+Hello
+<script>window.close();</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_frameNavigation.html b/dom/security/test/mixedcontentblocker/file_frameNavigation.html
new file mode 100644
index 000000000..fd9ea2317
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_frameNavigation.html
@@ -0,0 +1,74 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker related to navigating children, grandchildren, etc
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+<div id="testContent"></div>
+
+<script>
+  var baseUrlHttps = "https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html";
+
+  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+
+  var testContent = document.getElementById("testContent");
+
+  // Test 1: Navigate secure iframe to insecure iframe on an insecure page
+  var iframe_test1 = document.createElement("iframe");
+  var counter_test1 = 0;
+  iframe_test1.src = baseUrlHttps + "?insecurePage_navigate_child";
+  iframe_test1.setAttribute("id", "test1");
+  iframe_test1.onerror = function() {
+    parent.postMessage({"test": "insecurePage_navigate_child", "msg": "got an onerror alert when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test1);
+
+  function navigationStatus(iframe_test1)
+  {
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      var loc = document.getElementById("test1").contentDocument.location;
+    } catch(e) {
+      if (e.name === "SecurityError") {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter_test1++;
+      return;
+    }
+    if (loc == "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_child_response") {
+      return;
+    }
+    else {
+      if(counter_test1 < MAX_COUNT) {
+        counter_test1++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        parent.postMessage({"test": "insecurePage_navigate_child", "msg": "navigating to insecure iframe blocked on insecure page"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+
+  // Test 2: Navigate secure grandchild iframe to insecure grandchild iframe on a page that has no secure parents
+  var iframe_test2 = document.createElement("iframe");
+  iframe_test2.src = "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_grandchild.html"
+  iframe_test2.onerror = function() {
+    parent.postMessage({"test": "insecurePage_navigate_grandchild", "msg": "got an on error alert when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test2);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_frameNavigation_blankTarget.html b/dom/security/test/mixedcontentblocker/file_frameNavigation_blankTarget.html
new file mode 100644
index 000000000..5cfd95984
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_frameNavigation_blankTarget.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Opening link with _blank target in an https iframe.
+https://bugzilla.mozilla.org/show_bug.cgi?id=841850
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+<a href="http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?blankTarget" id="blankTarget" target="_blank">Go to http site</a>
+
+<script>
+  var blankTarget = document.getElementById("blankTarget");
+  blankTarget.click();
+
+  var os = SpecialPowers.Cc["@mozilla.org/observer-service;1"].
+     getService(SpecialPowers.Components.interfaces.nsIObserverService);
+  var observer = {
+    observe: function(subject, topic, data) {
+      if(topic == "content-document-global-created" && data =="http://example.com") {
+         parent.parent.postMessage({"test": "blankTarget", "msg": "opened an http link with target=_blank from a secure page"}, "http://mochi.test:8888");
+         os.removeObserver(observer, "content-document-global-created");
+      }
+    }
+  }
+  os.addObserver(observer, "content-document-global-created", false);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_frameNavigation_grandchild.html b/dom/security/test/mixedcontentblocker/file_frameNavigation_grandchild.html
new file mode 100644
index 000000000..1034991da
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_frameNavigation_grandchild.html
@@ -0,0 +1,57 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Navigating Grandchild frames when a secure parent doesn't exist
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+<iframe src="https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_grandchild" id="child"></iframe>
+
+<script>
+  // For tests that require setTimeout, set the maximum polling time to 100 x 100ms = 10 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+  var counter = 0;
+
+  var child = document.getElementById("child");
+  function navigationStatus(child)
+  {
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      var loc;
+      if (child.contentDocument) {
+        loc = child.contentDocument.location;
+      }
+    } catch(e) {
+      if (e.message && e.message.indexOf("Permission denied to access property") == -1) {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter++;
+      return;
+    }
+    if (loc == "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_grandchild_response") {
+      return;
+    }
+    else {
+      if(counter < MAX_COUNT) {
+        counter++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        parent.parent.postMessage({"test": "insecurePage_navigate_grandchild", "msg": "navigating to insecure grandchild iframe blocked on insecure page"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html b/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html
new file mode 100644
index 000000000..62b24f37d
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html
@@ -0,0 +1,72 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+<div id="content"></div>
+<script>
+  // get the case from the query string
+  var type = location.search.substring(1);
+
+  switch (type) {
+    case "insecurePage_navigate_child":
+      document.getElementById("content").innerHTML =
+        '<a href="http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_child_response" id="link">Testing\<\/a>';
+      document.getElementById("link").click();
+      break;
+
+    case "insecurePage_navigate_child_response":
+      parent.parent.postMessage({"test": "insecurePage_navigate_child", "msg": "navigated to insecure iframe on insecure page"}, "http://mochi.test:8888");
+      document.getElementById("content").innerHTML = "Navigated from secure to insecure frame on an insecure page";
+      break;
+
+    case "insecurePage_navigate_grandchild":
+      document.getElementById("content").innerHTML =
+        '<a href="http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_grandchild_response" id="link">Testing\<\/a>';
+      // If we don't reflow before clicking the link, the test will fail intermittently. The reason is still unknown. We'll track this issue in bug 1259715.
+      requestAnimationFrame(function() {
+        setTimeout(function() {
+          document.getElementById("link").click();
+        }, 0);
+      });
+      break;
+
+    case "insecurePage_navigate_grandchild_response":
+      parent.parent.parent.postMessage({"test": "insecurePage_navigate_grandchild", "msg": "navigated to insecure grandchild iframe on insecure page"}, "http://mochi.test:8888");
+      document.getElementById("content").innerHTML = "Navigated from secure to insecure grandchild frame on an insecure page";
+      break;
+
+    case "securePage_navigate_child":
+      document.getElementById("content").innerHTML =
+        '<a href="http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?securePage_navigate_child_response" id="link">Testing\<\/a>';
+      document.getElementById("link").click();
+      break;
+
+    case "securePage_navigate_child_response":
+      document.getElementById("content").innerHTML = "<p>Navigated from secure to insecure frame on a secure page</p>";
+      parent.parent.postMessage({"test": "securePage_navigate_child", "msg": "navigated to insecure iframe on secure page"}, "http://mochi.test:8888");
+      break;
+
+    case "securePage_navigate_grandchild":
+      document.getElementById("content").innerHTML=
+        '<a href="http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?securePage_navigate_grandchild_response" id="link">Testing\<\/a>';
+      document.getElementById("link").click();
+      break;
+
+    case "securePage_navigate_grandchild_response":
+      dump("\nNavigated to grandchild iframe from secure location to insecure location.  About to post message to the top page.\n");
+      parent.parent.parent.postMessage({"test": "securePage_navigate_grandchild", "msg": "navigated to insecure grandchild iframe on secure page"}, "http://mochi.test:8888");
+      dump("\npostMessage to parent attempted.\n");
+      document.getElementById("content").innerHTML = "<p>Navigated from secure to insecure grandchild frame on a secure page</p>";
+      break;
+
+    case "blankTarget":
+      window.close();
+      break;
+
+    default:
+      document.getElementById("content").innerHTML = "Hello";
+      break;
+   }
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_frameNavigation_secure.html b/dom/security/test/mixedcontentblocker/file_frameNavigation_secure.html
new file mode 100644
index 000000000..ea8462c39
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_frameNavigation_secure.html
@@ -0,0 +1,73 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker related to navigating children, grandchildren, etc
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+<div id="testContent"></div>
+
+<script>
+  var baseUrl = "https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html";
+
+  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+
+  var testContent = document.getElementById("testContent");
+
+  // Test 1: Navigate secure iframe to insecure iframe on a secure page
+  var iframe_test1 = document.createElement("iframe");
+  var counter_test1 = 0;
+  iframe_test1.setAttribute("id", "test1");
+  iframe_test1.src = baseUrl + "?securePage_navigate_child";
+  iframe_test1.onerror = function() {
+    parent.postMessage({"test": "securePage_navigate_child", "msg": "got an onerror event when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test1);
+
+  function navigationStatus(iframe_test1)
+  {
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      var loc = document.getElementById("test1").contentDocument.location;
+    } catch(e) {
+      if (e.name === "SecurityError") {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter_test1++;
+      return;
+    }
+    if (loc == "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_child_response") {
+      return;
+    } else {
+      if(counter_test1 < MAX_COUNT) {
+        counter_test1++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        parent.postMessage({"test": "securePage_navigate_child", "msg": "navigating to insecure iframe blocked on secure page"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+
+  // Test 2: Open an http page in a new tab from a link click with target=_blank.
+  var iframe_test3 = document.createElement("iframe");
+  iframe_test3.src = "https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_blankTarget.html";
+  iframe_test3.onerror = function() {
+    parent.postMessage({"test": "blankTarget", "msg": "got an onerror event when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test3);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_frameNavigation_secure_grandchild.html b/dom/security/test/mixedcontentblocker/file_frameNavigation_secure_grandchild.html
new file mode 100644
index 000000000..f7f3c4086
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_frameNavigation_secure_grandchild.html
@@ -0,0 +1,58 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Navigating Grandchild Frames when a secure parent exists
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+
+<iframe src="https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?securePage_navigate_grandchild" id="child"></iframe>
+<script>
+  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+  var counter = 0;
+
+  var child = document.getElementById("child");
+  function navigationStatus(child)
+  {
+    var loc;
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      loc = document.getElementById("child").contentDocument.location;
+    } catch(e) {
+      if (e.message && e.message.indexOf("Permission denied to access property") == -1) {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter++;
+      return;
+    }
+    if (loc == "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?securePage_navigate_grandchild_response") {
+      return;
+    }
+    else {
+      if(counter < MAX_COUNT) {
+        counter++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        dump("\nThe current location of the grandchild iframe is: "+loc+".\n");
+        dump("\nWe have past the maximum timeout.  Navigating a grandchild iframe from an https location to an http location on a secure page failed.  We are about to post message to the top level page\n");
+        parent.parent.postMessage({"test": "securePage_navigate_grandchild", "msg": "navigating to insecure grandchild iframe blocked on secure page"}, "http://mochi.test:8888");
+        dump("\nAttempted postMessage\n");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_main.html b/dom/security/test/mixedcontentblocker/file_main.html
new file mode 100644
index 000000000..ade5eefdb
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_main.html
@@ -0,0 +1,261 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker
+https://bugzilla.mozilla.org/show_bug.cgi?id=62178
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 62178</title>
+  <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
+</head>
+<body>
+<div id="testContent"></div>
+
+<!-- types the Mixed Content Blocker can block
+     /*
+  switch (aContentType) {
+  case nsIContentPolicy::TYPE_OBJECT:
+  case nsIContentPolicy::TYPE_SCRIPT:
+  case nsIContentPolicy::TYPE_STYLESHEET:
+  case nsIContentPolicy::TYPE_SUBDOCUMENT:
+  case nsIContentPolicy::TYPE_XMLHTTPREQUEST:
+
+  case nsIContentPolicy::TYPE_FONT: - NO TEST:
+    Load events for external fonts are not detectable by javascript.
+  case nsIContentPolicy::TYPE_WEBSOCKET: - NO TEST:
+    websocket connections over https require an encrypted websocket protocol (wss:)
+
+  case nsIContentPolicy::TYPE_IMAGE:
+  case nsIContentPolicy::TYPE_IMAGESET:
+  case nsIContentPolicy::TYPE_MEDIA:
+  case nsIContentPolicy::TYPE_PING:
+    our ping implementation is off by default and does not comply with the current spec (bug 786347)
+  case nsIContentPolicy::TYPE_BEACON:
+
+  }
+     */
+-->
+
+<script>
+  var baseUrl = "http://example.com/tests/dom/security/test/mixedcontentblocker/file_server.sjs";
+
+  //For tests that require setTimeout, set the maximum polling time to 100 x 100ms = 10 seconds.
+  var MAX_COUNT = 100;
+  var TIMEOUT_INTERVAL = 100;
+
+  var testContent = document.getElementById("testContent");
+
+  /* Part 1: Mixed Script tests */
+
+  // Test 1a: insecure object
+  var object = document.createElement("object");
+  object.data = baseUrl + "?type=object";
+  object.type = "application/x-test";
+  object.width = "200";
+  object.height = "200";
+
+  testContent.appendChild(object);
+
+  var objectCount = 0;
+
+  function objectStatus(object) {
+    // Expose our privileged bits on the object
+    object = SpecialPowers.wrap(object);
+
+    if (object.displayedType != SpecialPowers.Ci.nsIObjectLoadingContent.TYPE_NULL) {
+      //object loaded
+      parent.postMessage({"test": "object", "msg": "insecure object loaded"}, "http://mochi.test:8888");
+    }
+    else {
+      if(objectCount < MAX_COUNT) {
+        objectCount++;
+        setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
+      }
+      else {
+        //After we have called setTimeout the maximum number of times, assume object is blocked
+        parent.postMessage({"test": "object", "msg": "insecure object blocked"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  // object does not have onload and onerror events. Hence we need a setTimeout to check the object's status
+  setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
+
+  // Test 1b: insecure script
+  var script = document.createElement("script");
+  var scriptLoad = false;
+  var scriptCount = 0;
+  script.src = baseUrl + "?type=script";
+  script.onload = function() {
+    parent.postMessage({"test": "script", "msg": "insecure script loaded"}, "http://mochi.test:8888");
+    scriptLoad = true;
+  }
+  testContent.appendChild(script);
+
+  function scriptStatus(script)
+  {
+    if(scriptLoad) {
+      return;
+    }
+    else {
+      if(scriptCount < MAX_COUNT) {
+        scriptCount++;
+        setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
+      }
+      else {
+        //After we have called setTimeout the maximum number of times, assume script is blocked
+        parent.postMessage({"test": "script", "msg": "insecure script blocked"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  // scripts blocked by Content Policy's do not have onerror events (see bug 789856).  Hence we need a setTimeout to check the script's status
+  setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
+
+
+  // Test 1c: insecure stylesheet
+  var cssStyleSheet = document.createElement("link");
+  cssStyleSheet.rel = "stylesheet";
+  cssStyleSheet.href = baseUrl + "?type=stylesheet";
+  cssStyleSheet.type = "text/css";
+  testContent.appendChild(cssStyleSheet);
+
+  var styleCount = 0;
+
+  function styleStatus(cssStyleSheet) {
+    if( cssStyleSheet.sheet || cssStyleSheet.styleSheet || cssStyleSheet.innerHTML ) {
+      parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet loaded"}, "http://mochi.test:8888");
+    } 
+    else {
+      if(styleCount < MAX_COUNT) {
+        styleCount++;
+        setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
+      }
+      else {
+        //After we have called setTimeout the maximum number of times, assume stylesheet is blocked
+        parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet blocked"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  // link does not have onload and onerror events. Hence we need a setTimeout to check the link's status
+  window.setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
+
+  // Test 1d: insecure iframe
+  var iframe = document.createElement("iframe");
+  iframe.src = baseUrl + "?type=iframe";
+  iframe.onload = function() {
+    parent.postMessage({"test": "iframe", "msg": "insecure iframe loaded"}, "http://mochi.test:8888");
+  }
+  iframe.onerror = function() {
+    parent.postMessage({"test": "iframe", "msg": "insecure iframe blocked"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe);
+
+
+  // Test 1e: insecure xhr
+  var xhr = new XMLHttpRequest;
+  try {
+    xhr.open("GET", baseUrl + "?type=xhr", true);
+    xhr.send();
+    xhr.onloadend = function (oEvent) {
+      if (xhr.status == 200) {
+        parent.postMessage({"test": "xhr", "msg": "insecure xhr loaded"}, "http://mochi.test:8888");
+      }
+      else {
+        parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
+      }
+    }
+  } catch(ex) {
+     parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
+  }
+
+  /* Part 2: Mixed Display tests */
+
+  // Shorthand for all image test variants
+  function imgHandlers(img, test) {
+    img.onload = function () {
+      parent.postMessage({"test": test, "msg": "insecure image loaded"}, "http://mochi.test:8888");
+    }
+    img.onerror = function() {
+      parent.postMessage({"test": test, "msg": "insecure image blocked"}, "http://mochi.test:8888");
+    }
+  }
+
+  // Test 2a: insecure image
+  var img = document.createElement("img");
+  img.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+  imgHandlers(img, "image");
+  // We don't need to append the image to the document. Doing so causes the image test to run twice.
+
+  // Test 2b: insecure media
+  var media = document.createElement("video");
+  media.src = "http://mochi.test:8888/tests/dom/media/test/320x240.ogv?" + Math.floor((Math.random()*1000)+1);
+  media.width = "320";
+  media.height = "200";
+  media.type = "video/ogg";
+  media.onloadeddata = function() {
+    parent.postMessage({"test": "media", "msg": "insecure media loaded"}, "http://mochi.test:8888");
+  }
+  media.onerror = function() {
+    parent.postMessage({"test": "media", "msg": "insecure media blocked"}, "http://mochi.test:8888");
+  }
+  // We don't need to append the video to the document. Doing so causes the image test to run twice.
+
+  /* Part 3: Mixed Active Tests for Image srcset */
+
+  // Test 3a: image with srcset
+  var imgA = document.createElement("img");
+  imgA.srcset = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+  imgHandlers(imgA, "imageSrcset");
+
+  // Test 3b: image with srcset, using fallback from src, should still use imageset policy
+  var imgB = document.createElement("img");
+  imgB.srcset = " ";
+  imgB.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+  imgHandlers(imgB, "imageSrcsetFallback");
+
+  // Test 3c: image in <picture>
+  var imgC = document.createElement("img");
+  var pictureC = document.createElement("picture");
+  var sourceC = document.createElement("source");
+  sourceC.srcset = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+  pictureC.appendChild(sourceC);
+  pictureC.appendChild(imgC);
+  imgHandlers(imgC, "imagePicture");
+
+  // Test 3d: Loaded basic image switching to a <picture>, loading
+  //          same source, should still redo the request with new
+  //          policy.
+  var imgD = document.createElement("img");
+  imgD.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+  imgD.onload = imgD.onerror = function() {
+    // Whether or not it loads, we want to now append it to a picture and observe
+    var pictureD = document.createElement("picture");
+    var sourceD = document.createElement("source");
+    sourceD.srcset = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+    pictureD.appendChild(sourceD);
+    pictureD.appendChild(imgD);
+    imgHandlers(imgD, "imageJoinPicture");
+  }
+
+  // Test 3e: img load from <picture> source reverts to img.src as it
+  //          is removed -- the new request should revert to mixed
+  //          display policy
+  var imgE = document.createElement("img");
+  var pictureE = document.createElement("picture");
+  var sourceE = document.createElement("source");
+  sourceE.srcset = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+  pictureE.appendChild(sourceE);
+  pictureE.appendChild(imgE);
+  imgE.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
+  imgE.onload = imgE.onerror = function() {
+    // Whether or not it loads, remove it from the picture and observe
+    pictureE.removeChild(imgE)
+    imgHandlers(imgE, "imageLeavePicture");
+  }
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_main_bug803225.html b/dom/security/test/mixedcontentblocker/file_main_bug803225.html
new file mode 100644
index 000000000..e657be256
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_main_bug803225.html
@@ -0,0 +1,182 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Allowed Protocols
+https://bugzilla.mozilla.org/show_bug.cgi?id=803225
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 62178</title>
+  <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
+</head>
+<body>
+<div id="testContent"></div>
+
+<!-- Test additional schemes the Mixed Content Blocker should not block
+     "about" protocol URIs that are URI_SAFE_FOR_UNTRUSTED_CONTENT (moz-safe-about; see nsAboutProtocolHandler::NewURI
+     "data",
+     "javascript",
+     "mailto",
+     "resource",
+     "moz-icon",
+     "wss"
+-->
+
+<script>
+
+  //For tests that require setTimeout, set the timeout interval
+  var TIMEOUT_INTERVAL = 100;
+
+  var testContent = document.getElementById("testContent");
+
+  // Test 1 & 2: about and javascript protcols within an iframe
+  var data = Array(2,2);
+  var protocols = [
+                    ["about", ""], //When no source is specified, the frame gets a source of about:blank
+                    ["javascript", "javascript:document.open();document.write='<h1>SUCCESS</h1>';document.close();"],
+                  ];
+  for(var i=0; i < protocols.length; i++)
+  {
+    var generic_frame = document.createElement("iframe");
+    generic_frame.src = protocols[i][1];
+    generic_frame.name="generic_protocol";
+
+    generic_frame.onload = function(i) {
+      data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol loaded"};
+      parent.postMessage(data, "http://mochi.test:8888");
+    }.bind(generic_frame, i)
+
+    generic_frame.onerror = function(i) {
+      data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol did not load"};
+      parent.postMessage(data, "http://mochi.test:8888");
+    }.bind(generic_frame, i);
+
+    testContent.appendChild(generic_frame, i);
+  }
+
+  // Test 3: for resource within a script tag
+  // Note: the script we load throws an exception, but the script element's
+  // onload listener is called after we successfully fetch the script,
+  // independently of whether it throws an exception.
+  var resource_script=document.createElement("script");
+  resource_script.src = "resource://gre/modules/XPCOMUtils.jsm";
+  resource_script.name = "resource_protocol";
+  resource_script.onload = function() {
+    parent.postMessage({"test": "resource", "msg": "resource with resource protocol loaded"}, "http://mochi.test:8888");
+  }
+  resource_script.onerror = function() {
+    parent.postMessage({"test": "resource", "msg": "resource with resource protocol did not load"}, "http://mochi.test:8888");
+  }
+
+  testContent.appendChild(resource_script);
+
+  // Test 4: moz-icon within an img tag
+  var image=document.createElement("img");
+  image.src = "moz-icon://dummy.exe?size=16";
+  image.onload = function() {
+    parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol loaded"}, "http://mochi.test:8888");
+  }
+  image.onerror = function() {
+    parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol did not load"}, "http://mochi.test:8888");
+  }
+  // We don't need to append the image to the document. Doing so causes the image test to run twice.
+
+  // Test 5: about unsafe protocol within an iframe
+  var unsafe_about_frame = document.createElement("iframe");
+  unsafe_about_frame.src = "about:config";
+  unsafe_about_frame.name = "unsafe_about_protocol";
+  unsafe_about_frame.onload = function() {
+    parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol loaded"}, "http://mochi.test:8888");
+  }
+  unsafe_about_frame.onerror = function() {
+    parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol did not load"}, "http://mochi.test:8888");
+  }
+  testContent.appendChild(unsafe_about_frame);
+
+  // Test 6: data protocol within a script tag
+  var x = 2;
+  var newscript = document.createElement("script");
+  newscript.src= "data:text/javascript,var x = 4;";
+  newscript.onload = function() {
+    parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol loaded"}, "http://mochi.test:8888");
+  }
+  newscript.onerror = function() {
+    parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol did not load"}, "http://mochi.test:8888");
+  }
+  testContent.appendChild(newscript);
+
+  // Test 7: mailto protocol
+  let mm = SpecialPowers.loadChromeScript(function launchHandler() {
+    var { classes: Cc, interfaces: Ci } = Components;
+    var ioService = Cc["@mozilla.org/network/io-service;1"].
+                      getService(Ci.nsIIOService);
+
+    var webHandler = Cc["@mozilla.org/uriloader/web-handler-app;1"].
+                       createInstance(Ci.nsIWebHandlerApp);
+    webHandler.name = "Web Handler";
+    webHandler.uriTemplate = "http://example.com/tests/dom/security/test/mixedcontentblocker/file_bug803225_test_mailto.html?s=%";
+
+    Components.utils.import("resource://gre/modules/Services.jsm");
+    Services.ppmm.addMessageListener("Test:content-ready", function contentReadyListener() {
+      Services.ppmm.removeMessageListener("Test:content-ready", contentReadyListener);
+      sendAsyncMessage("Test:content-ready-forward");
+      Services.ppmm.removeDelayedProcessScript(pScript);
+    })
+
+    var pScript = "data:,new " + function () {
+      var os = Components.classes["@mozilla.org/observer-service;1"]
+        .getService(Components.interfaces.nsIObserverService);
+      var observer = {
+        observe: function(subject, topic, data) {
+          if (topic == "content-document-global-created" && data == "http://example.com") {
+             sendAsyncMessage("Test:content-ready");
+             os.removeObserver(observer, "content-document-global-created");
+          }
+        }
+      };
+      os.addObserver(observer, "content-document-global-created", false);
+    }
+
+    Services.ppmm.loadProcessScript(pScript, true);
+
+    var uri = ioService.newURI("mailto:foo@bar.com", null, null);
+    webHandler.launchWithURI(uri);
+  });
+
+  var mailto = false;
+
+  mm.addMessageListener("Test:content-ready-forward", function contentReadyListener() {
+    mm.removeMessageListener("Test:content-ready-forward", contentReadyListener);
+    mailto = true;
+    parent.postMessage({"test": "mailto", "msg": "resource with mailto protocol loaded"}, "http://mochi.test:8888");
+  });
+
+  function mailtoProtocolStatus() {
+    if(!mailto) {
+      //There is no onerror event associated with the WebHandler, and hence we need a setTimeout to check the status
+      setTimeout(mailtoProtocolStatus, TIMEOUT_INTERVAL);
+    }
+  }
+
+  mailtoProtocolStatus();
+
+  // Test 8: wss protocol
+  var wss;
+  wss = new WebSocket("wss://example.com/tests/dom/security/test/mixedcontentblocker/file_main_bug803225_websocket");
+
+  var status_wss = "started";
+  wss.onopen = function(e) {
+     status_wss = "opened";
+     wss.close();
+  }
+  wss.onclose = function(e) {
+    if(status_wss == "opened") {
+      parent.postMessage({"test": "wss", "msg": "resource with wss protocol loaded"}, "http://mochi.test:8888");
+    } else {
+      parent.postMessage({"test": "wss", "msg": "resource with wss protocol did not load"}, "http://mochi.test:8888");
+    }
+  }
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/file_main_bug803225_websocket_wsh.py b/dom/security/test/mixedcontentblocker/file_main_bug803225_websocket_wsh.py
new file mode 100644
index 000000000..8c33c6b10
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_main_bug803225_websocket_wsh.py
@@ -0,0 +1,7 @@
+from mod_pywebsocket import msgutil
+
+def web_socket_do_extra_handshake(request):
+  pass
+
+def web_socket_transfer_data(request):
+  resp = ""
diff --git a/dom/security/test/mixedcontentblocker/file_server.sjs b/dom/security/test/mixedcontentblocker/file_server.sjs
new file mode 100644
index 000000000..58dffc565
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/file_server.sjs
@@ -0,0 +1,45 @@
+
+function handleRequest(request, response)
+{
+  // get the Content-Type to serve from the query string
+  var contentType = null;
+  request.queryString.split('&').forEach( function (val) {
+     var [name, value] = val.split('=');
+       if (name == "type") {
+         contentType = unescape(value);
+       }
+  });
+
+  // avoid confusing cache behaviors
+  response.setHeader("Cache-Control", "no-cache", false);
+
+  switch (contentType) {
+    case "iframe":
+      response.setHeader("Content-Type", "text/html", false);
+      response.write("frame content");
+      break;
+
+    case "script":
+      response.setHeader("Content-Type", "application/javascript", false);
+      break;
+
+    case "stylesheet":
+      response.setHeader("Content-Type", "text/css", false);
+      break;
+
+    case "object":
+      response.setHeader("Content-Type", "application/x-test", false);
+      break;
+
+   case "xhr":
+      response.setHeader("Content-Type", "text/xml", false);
+      response.setHeader("Access-Control-Allow-Origin", "https://example.com");
+      response.write('<?xml version="1.0" encoding="UTF-8" ?><test></test>');
+      break;
+
+    default:
+      response.setHeader("Content-Type", "text/html", false);
+      response.write("<html><body>Hello World</body></html>");
+      break;
+  }
+}
diff --git a/dom/security/test/mixedcontentblocker/mochitest.ini b/dom/security/test/mixedcontentblocker/mochitest.ini
new file mode 100644
index 000000000..94c17f9b4
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/mochitest.ini
@@ -0,0 +1,23 @@
+[DEFAULT]
+tags = mcb
+support-files =
+  file_bug803225_test_mailto.html
+  file_frameNavigation.html
+  file_frameNavigation_blankTarget.html
+  file_frameNavigation_grandchild.html
+  file_frameNavigation_innermost.html
+  file_frameNavigation_secure.html
+  file_frameNavigation_secure_grandchild.html
+  file_main.html
+  file_main_bug803225.html
+  file_main_bug803225_websocket_wsh.py
+  file_server.sjs
+  !/dom/media/test/320x240.ogv
+  !/image/test/mochitest/blue.png
+
+[test_main.html]
+skip-if = toolkit == 'android' #TIMED_OUT
+[test_bug803225.html]
+skip-if = toolkit == 'android' #TIMED_OUT
+[test_frameNavigation.html]
+skip-if = toolkit == 'android' #TIMED_OUT
diff --git a/dom/security/test/mixedcontentblocker/test_bug803225.html b/dom/security/test/mixedcontentblocker/test_bug803225.html
new file mode 100644
index 000000000..13c52762d
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/test_bug803225.html
@@ -0,0 +1,152 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Testing Whitelist of Resource Scheme for Mixed Content Blocker
+https://bugzilla.mozilla.org/show_bug.cgi?id=803225
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 803225</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+  <script>
+  var counter = 0;
+  var settings = [ [true, true], [true, false], [false, true], [false, false] ];
+
+  var blockActive;
+  var blockDisplay;
+
+  //Cycle through 4 different preference settings.
+  function changePrefs(callback) {
+    let newPrefs = [["security.mixed_content.block_display_content", settings[counter][0]],
+                    ["security.mixed_content.block_active_content", settings[counter][1]]];
+
+    SpecialPowers.pushPrefEnv({"set": newPrefs}, function () {
+      blockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
+      blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+      counter++;
+      callback();
+    });
+  }
+
+  var testsToRun = {
+    /* https - Tests already run as part of bug 62178. */
+    about: false,
+    mozicon: false,
+    resource: false,
+    unsafe_about: false,
+    data_protocol: false,
+    javascript: false,
+    mailto: false,
+    wss: false,
+  };
+
+  function log(msg) {
+    document.getElementById("log").textContent += "\n" + msg;
+  }
+
+  function reloadFrame() {
+    document.getElementById('framediv').innerHTML = '<iframe id="testHarness" src="https://example.com/tests/dom/security/test/mixedcontentblocker/file_main_bug803225.html"></iframe>';
+  }
+
+  function checkTestsCompleted() {
+    for (var prop in testsToRun) {
+      // some test hasn't run yet so we're not done
+      if (!testsToRun[prop])
+        return;
+    }
+    //if the testsToRun are all completed, change the pref and run the tests again until we have cycled through all the prefs.
+    if(counter < 4) {
+       for (var prop in testsToRun) {
+         testsToRun[prop] = false;
+       }
+      //call to change the preferences
+      changePrefs(function() {
+        log("\nblockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+".");
+        reloadFrame();
+      });
+    }
+    else {
+      SimpleTest.finish();
+    }
+  }
+
+  var firstTest = true;
+
+  function receiveMessage(event) {
+    if(firstTest) {
+      log("blockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+".");
+      firstTest = false;
+    }
+
+    log("test: "+event.data.test+", msg: "+event.data.msg + " logging message.");
+    // test that the load type matches the pref for this type of content
+    // (i.e. active vs. display)
+
+    switch(event.data.test) {
+
+      /* Mixed Script tests */
+      case "about":
+        ok(event.data.msg == "resource with about protocol loaded", "resource with about protocol did not load");
+        testsToRun["about"] = true;
+        break;
+
+      case "resource":
+        ok(event.data.msg == "resource with resource protocol loaded", "resource with resource protocol did not load");
+        testsToRun["resource"] = true;
+        break;
+
+      case "mozicon":
+        ok(event.data.msg == "resource with mozicon protocol loaded", "resource with mozicon protocol did not load");
+        testsToRun["mozicon"] = true;
+        break;
+
+      case "unsafe_about":
+        // This one should not load
+        ok(event.data.msg == "resource with unsafe about protocol did not load", "resource with unsafe about protocol loaded");
+        testsToRun["unsafe_about"] = true;
+        break;
+
+      case "data_protocol":
+        ok(event.data.msg == "resource with data protocol loaded", "resource with data protocol did not load");
+        testsToRun["data_protocol"] = true;
+        break;
+
+      case "javascript":
+        ok(event.data.msg == "resource with javascript protocol loaded", "resource with javascript protocol did not load");
+        testsToRun["javascript"] = true;
+        break;
+
+      case "wss":
+        ok(event.data.msg == "resource with wss protocol loaded", "resource with wss protocol did not load");
+        testsToRun["wss"] = true;
+        break;
+
+      case "mailto":
+        ok(event.data.msg == "resource with mailto protocol loaded", "resource with mailto protocol did not load");
+        testsToRun["mailto"] = true;
+        break;
+    }
+    checkTestsCompleted();
+  }
+
+  function startTest() {
+    //Set the first set of settings (true, true) and increment the counter.
+    changePrefs(function() {
+      // listen for a messages from the mixed content test harness
+      window.addEventListener("message", receiveMessage, false);
+
+      reloadFrame();
+    });
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  </script>
+</head>
+
+<body onload='startTest()'>
+  <div id="framediv"></div>
+  <pre id="log"></pre>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/test_frameNavigation.html b/dom/security/test/mixedcontentblocker/test_frameNavigation.html
new file mode 100644
index 000000000..5b3ae50b0
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/test_frameNavigation.html
@@ -0,0 +1,127 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 840388</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+  <script>
+  var counter = 0;
+  var origBlockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+
+  SpecialPowers.setBoolPref("security.mixed_content.block_active_content", true);
+  var blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+
+
+  var testsToRunInsecure = {
+    insecurePage_navigate_child: false,
+    insecurePage_navigate_grandchild: false,
+  };
+
+  var testsToRunSecure = {
+    securePage_navigate_child: false,
+    blankTarget: false,
+  };
+
+  function log(msg) {
+    document.getElementById("log").textContent += "\n" + msg;
+  }
+
+  var secureTestsStarted = false;
+  function checkTestsCompleted() {
+    for (var prop in testsToRunInsecure) {
+      // some test hasn't run yet so we're not done
+      if (!testsToRunInsecure[prop])
+        return;
+    }
+    // If we are here, all the insecure tests have run.
+    // If we haven't changed the iframe to run the secure tests, change it now.
+    if (!secureTestsStarted) {
+      document.getElementById('testing_frame').src = "https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_secure.html";
+      secureTestsStarted = true;
+    }
+    for (var prop in testsToRunSecure) {
+      // some test hasn't run yet so we're not done
+      if (!testsToRunSecure[prop])
+        return;
+    }
+    //if the secure and insecure testsToRun are all completed, change the block mixed active content pref and run the tests again.
+    if(counter < 1) {
+       for (var prop in testsToRunSecure) {
+         testsToRunSecure[prop] = false;
+       }
+       for (var prop in testsToRunInsecure) {
+         testsToRunInsecure[prop] = false;
+       }
+      //call to change the preferences
+      counter++;
+      SpecialPowers.setBoolPref("security.mixed_content.block_active_content", false);
+      blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+      log("blockActive set to "+blockActive+".");
+      secureTestsStarted = false;
+      document.getElementById('framediv').innerHTML = '<iframe src="http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation.html" id="testing_frame"></iframe>';
+    }
+    else {
+      //set the prefs back to what they were set to originally
+      SpecialPowers.setBoolPref("security.mixed_content.block_active_content", origBlockActive);
+      SimpleTest.finish();
+    }
+  }
+
+  var firstTestDebugMessage = true;
+
+  // listen for a messages from the mixed content test harness
+  window.addEventListener("message", receiveMessage, false);
+  function receiveMessage(event) {
+    if(firstTestDebugMessage) {
+      log("blockActive set to "+blockActive);
+      firstTestDebugMessage = false;
+    }
+
+    log("test: "+event.data.test+", msg: "+event.data.msg + ".");
+    // test that the load type matches the pref for this type of content
+    // (i.e. active vs. display)
+
+    switch(event.data.test) {
+
+      case "insecurePage_navigate_child":
+        is(event.data.msg, "navigated to insecure iframe on insecure page", "navigating to insecure iframe blocked on insecure page");
+        testsToRunInsecure["insecurePage_navigate_child"] = true;
+        break;
+
+      case "insecurePage_navigate_grandchild":
+        is(event.data.msg, "navigated to insecure grandchild iframe on insecure page", "navigating to insecure grandchild iframe blocked on insecure page");
+        testsToRunInsecure["insecurePage_navigate_grandchild"] = true;
+        break;
+
+      case "securePage_navigate_child":
+        ok(blockActive == (event.data.msg == "navigating to insecure iframe blocked on secure page"), "navigated to insecure iframe on secure page");
+        testsToRunSecure["securePage_navigate_child"] = true;
+        break;
+
+      case "blankTarget":
+        is(event.data.msg, "opened an http link with target=_blank from a secure page", "couldn't open an http link in a new window from a secure page");
+        testsToRunSecure["blankTarget"] = true;
+        break;
+
+    }
+    checkTestsCompleted();
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  </script>
+</head>
+
+<body>
+  <div id="framediv">
+    <iframe src="http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation.html" id="testing_frame"></iframe>
+  </div>
+
+  <pre id="log"></pre>
+</body>
+</html>
diff --git a/dom/security/test/mixedcontentblocker/test_main.html b/dom/security/test/mixedcontentblocker/test_main.html
new file mode 100644
index 000000000..d2bc9dc7e
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/test_main.html
@@ -0,0 +1,187 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker
+https://bugzilla.mozilla.org/show_bug.cgi?id=62178
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 62178</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+  <script>
+  SpecialPowers.setTestPluginEnabledState(SpecialPowers.Ci.nsIPluginTag.STATE_ENABLED, "Test Plug-in");
+
+  var counter = 0;
+  var settings = [ [true, true], [true, false], [false, true], [false, false] ];
+
+  var blockActive;
+  var blockDisplay;
+
+  //Cycle through 4 different preference settings.
+  function changePrefs(otherPrefs, callback) {
+    let basePrefs = [["security.mixed_content.block_display_content", settings[counter][0]],
+                     ["security.mixed_content.block_active_content", settings[counter][1]]];
+    let newPrefs = basePrefs.concat(otherPrefs);
+
+    SpecialPowers.pushPrefEnv({"set": newPrefs}, function () {
+      blockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
+      blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+      counter++;
+      callback();
+    });
+  }
+
+  var testsToRun = {
+    iframe: false,
+    image: false,
+    imageSrcset: false,
+    imageSrcsetFallback: false,
+    imagePicture: false,
+    imageJoinPicture: false,
+    imageLeavePicture: false,
+    script: false,
+    stylesheet: false,
+    object: false,
+    media: false,
+    xhr: false,
+  };
+
+  function log(msg) {
+    document.getElementById("log").textContent += "\n" + msg;
+  }
+
+  function reloadFrame() {
+    document.getElementById('framediv').innerHTML = '<iframe id="testHarness" src="https://example.com/tests/dom/security/test/mixedcontentblocker/file_main.html"></iframe>';
+  }
+
+  function checkTestsCompleted() {
+    for (var prop in testsToRun) {
+      // some test hasn't run yet so we're not done
+      if (!testsToRun[prop])
+        return;
+    }
+    //if the testsToRun are all completed, chnage the pref and run the tests again until we have cycled through all the prefs.
+    if(counter < 4) {
+       for (var prop in testsToRun) {
+         testsToRun[prop] = false;
+       }
+      //call to change the preferences
+      changePrefs([], function() {
+        log("\nblockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+".");
+        reloadFrame();
+      });
+    }
+    else {
+      SimpleTest.finish();
+    }
+  }
+
+  var firstTest = true;
+
+  function receiveMessage(event) {
+    if(firstTest) {
+      log("blockActive set to "+blockActive+", blockDisplay set to "+blockDisplay+".");
+      firstTest = false;
+    }
+
+    log("test: "+event.data.test+", msg: "+event.data.msg + " logging message.");
+    // test that the load type matches the pref for this type of content
+    // (i.e. active vs. display)
+
+    switch(event.data.test) {
+
+      /* Mixed Script tests */
+      case "iframe":
+        ok(blockActive == (event.data.msg == "insecure iframe blocked"), "iframe did not follow block_active_content pref");
+        testsToRun["iframe"] = true;
+        break;
+
+      case "object":
+        ok(blockActive == (event.data.msg == "insecure object blocked"), "object did not follow block_active_content pref");
+        testsToRun["object"] = true;
+        break;
+
+      case "script":
+        ok(blockActive == (event.data.msg == "insecure script blocked"), "script did not follow block_active_content pref");
+        testsToRun["script"] = true;
+        break;
+
+      case "stylesheet":
+        ok(blockActive == (event.data.msg == "insecure stylesheet blocked"), "stylesheet did not follow block_active_content pref");
+        testsToRun["stylesheet"] = true;
+        break;
+
+      case "xhr":
+        ok(blockActive == (event.data.msg == "insecure xhr blocked"), "xhr did not follow block_active_content pref");
+        testsToRun["xhr"] = true;
+        break;
+
+      /* Mixed Display tests */
+      case "image":
+        //test that the image load matches the pref for display content
+        ok(blockDisplay == (event.data.msg == "insecure image blocked"), "image did not follow block_display_content pref");
+        testsToRun["image"] = true;
+        break;
+
+      case "media":
+        ok(blockDisplay == (event.data.msg == "insecure media blocked"), "media did not follow block_display_content pref");
+        testsToRun["media"] = true;
+        break;
+
+      /* Images using the "imageset" policy, from <img srcset> and <picture>, do not get the mixed display exception */
+      case "imageSrcset":
+        ok(blockActive == (event.data.msg == "insecure image blocked"), "imageSrcset did not follow block_active_content pref");
+        testsToRun["imageSrcset"] = true;
+        break;
+
+      case "imageSrcsetFallback":
+        ok(blockActive == (event.data.msg == "insecure image blocked"), "imageSrcsetFallback did not follow block_active_content pref");
+        testsToRun["imageSrcsetFallback"] = true;
+        break;
+
+      case "imagePicture":
+        ok(blockActive == (event.data.msg == "insecure image blocked"), "imagePicture did not follow block_active_content pref");
+        testsToRun["imagePicture"] = true;
+        break;
+
+      case "imageJoinPicture":
+        ok(blockActive == (event.data.msg == "insecure image blocked"), "imageJoinPicture did not follow block_active_content pref");
+        testsToRun["imageJoinPicture"] = true;
+        break;
+
+      // Should return to mixed display mode
+      case "imageLeavePicture":
+        ok(blockDisplay == (event.data.msg == "insecure image blocked"), "imageLeavePicture did not follow block_display_content pref");
+        testsToRun["imageLeavePicture"] = true;
+        break;
+
+    }
+    checkTestsCompleted();
+  }
+
+  function startTest() {
+    // Set prefs to use mixed-content before HSTS
+    SpecialPowers.pushPrefEnv({'set': [["security.mixed_content.use_hsts", false],
+                                       ["security.mixed_content.send_hsts_priming", false]]});
+    //Set the first set of mixed content settings and increment the counter.
+    changePrefs([], function() {
+      //listen for a messages from the mixed content test harness
+      window.addEventListener("message", receiveMessage, false);
+
+      //Kick off test
+      reloadFrame();
+    });
+  }
+
+  SimpleTest.waitForExplicitFinish();
+
+  </script>
+</head>
+
+<body onload='startTest()'>
+  <div id="framediv"></div>
+  <pre id="log"></pre>
+</body>
+</html>
author	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
committer	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
commit	5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree	10027f336435511475e392454359edea8e25895d /dom/security/test/mixedcontentblocker
parent	49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download	UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip