summaryrefslogtreecommitdiffstats
path: root/toolkit/components/webextensions/test/mochitest/test_ext_content_security_policy.html
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-03-06 12:30:20 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-03-06 12:30:20 +0100
commite25ad543952b5afc13181aaebef9c5951fc27be0 (patch)
tree456a1359b3e5f810319edd423dd5cc5a1e22ada5 /toolkit/components/webextensions/test/mochitest/test_ext_content_security_policy.html
parent74533a843277c3687c749989ed1522354d1054d2 (diff)
parent5dba1ebe8498286762873fff0016f35f3e14d2d5 (diff)
downloadUXP-2019.03.08.tar
UXP-2019.03.08.tar.gz
UXP-2019.03.08.tar.lz
UXP-2019.03.08.tar.xz
UXP-2019.03.08.zip
Merge branch 'master' into Basilisk-releasev2019.03.08
Diffstat (limited to 'toolkit/components/webextensions/test/mochitest/test_ext_content_security_policy.html')
-rw-r--r--toolkit/components/webextensions/test/mochitest/test_ext_content_security_policy.html162
1 files changed, 0 insertions, 162 deletions
diff --git a/toolkit/components/webextensions/test/mochitest/test_ext_content_security_policy.html b/toolkit/components/webextensions/test/mochitest/test_ext_content_security_policy.html
deleted file mode 100644
index a36f29563..000000000
--- a/toolkit/components/webextensions/test/mochitest/test_ext_content_security_policy.html
+++ /dev/null
@@ -1,162 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
- <title>WebExtension CSP test</title>
- <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
- <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
- <script type="text/javascript" src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
- <script type="text/javascript" src="head.js"></script>
- <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
-</head>
-<body>
-
-<script type="text/javascript">
-"use strict";
-
-/**
- * Tests that content security policies for an add-on are actually applied to *
- * documents that belong to it. This tests both the base policies and add-on
- * specific policies, and ensures that the parsed policies applied to the
- * document's principal match what was specified in the policy string.
- *
- * @param {object} [customCSP]
- */
-function* testPolicy(customCSP = null) {
- let baseURL;
-
- let baseCSP = {
- "object-src": ["blob:", "filesystem:", "https://*", "moz-extension:", "'self'"],
- "script-src": ["'unsafe-eval'", "'unsafe-inline'", "blob:", "filesystem:", "https://*", "moz-extension:", "'self'"],
- };
-
- let addonCSP = {
- "object-src": ["'self'"],
- "script-src": ["'self'"],
- };
-
- let content_security_policy = null;
-
- if (customCSP) {
- for (let key of Object.keys(customCSP)) {
- addonCSP[key] = customCSP[key].split(/\s+/);
- }
-
- content_security_policy = Object.keys(customCSP)
- .map(key => `${key} ${customCSP[key]}`)
- .join("; ");
- }
-
-
- function filterSelf(sources) {
- return sources.map(src => src == "'self'" ? baseURL : src);
- }
-
- function checkSource(name, policy, expected) {
- is(JSON.stringify(policy[name].sort()),
- JSON.stringify(filterSelf(expected[name]).sort()),
- `Expected value for ${name}`);
- }
-
- function checkCSP(csp, location) {
- let policies = csp["csp-policies"];
-
- info(`Base policy for ${location}`);
-
- is(policies[0]["report-only"], false, "Policy is not report-only");
- checkSource("object-src", policies[0], baseCSP);
- checkSource("script-src", policies[0], baseCSP);
-
- info(`Add-on policy for ${location}`);
-
- is(policies[1]["report-only"], false, "Policy is not report-only");
- checkSource("object-src", policies[1], addonCSP);
- checkSource("script-src", policies[1], addonCSP);
- }
-
-
- function getCSP(window) {
- let {cspJSON} = SpecialPowers.Cu.getObjectPrincipal(window);
- return JSON.parse(cspJSON);
- }
-
- function background(getCSPFn) {
- browser.test.sendMessage("base-url", browser.extension.getURL("").replace(/\/$/, ""));
-
- browser.test.sendMessage("background-csp", getCSPFn(window));
- }
-
- function tabScript(getCSPFn) {
- browser.test.sendMessage("tab-csp", getCSPFn(window));
- }
-
- let extension = ExtensionTestUtils.loadExtension({
- background: `(${background})(${getCSP})`,
-
- files: {
- "tab.html": `<html><head><meta charset="utf-8">
- <script src="tab.js"></${"script"}></head></html>`,
-
- "tab.js": `(${tabScript})(${getCSP})`,
-
- "content.html": `<html><head><meta charset="utf-8"></head></html>`,
- },
-
- manifest: {
- content_security_policy,
-
- web_accessible_resources: ["content.html", "tab.html"],
- },
- });
-
-
- info(`Testing CSP for policy: ${content_security_policy}`);
-
- yield extension.startup();
-
- baseURL = yield extension.awaitMessage("base-url");
-
-
- let win1 = window.open(`${baseURL}/tab.html`);
-
- let frame = document.createElement("iframe");
- frame.src = `${baseURL}/content.html`;
- document.body.appendChild(frame);
-
- yield new Promise(resolve => {
- frame.onload = resolve;
- });
-
-
- let backgroundCSP = yield extension.awaitMessage("background-csp");
- checkCSP(backgroundCSP, "background page");
-
- let tabCSP = yield extension.awaitMessage("tab-csp");
- checkCSP(tabCSP, "tab page");
-
- let contentCSP = getCSP(frame.contentWindow);
- checkCSP(contentCSP, "content frame");
-
-
- win1.close();
- frame.remove();
-
- yield extension.unload();
-}
-
-add_task(function* testCSP() {
- yield testPolicy(null);
-
- let hash = "'sha256-NjZhMDQ1YjQ1MjEwMmM1OWQ4NDBlYzA5N2Q1OWQ5NDY3ZTEzYTNmMzRmNjQ5NGU1MzlmZmQzMmMxYmIzNWYxOCAgLQo='";
-
- yield testPolicy({
- "object-src": "'self' https://*.example.com",
- "script-src": `'self' https://*.example.com 'unsafe-eval' ${hash}`,
- });
-
- yield testPolicy({
- "object-src": "'none'",
- "script-src": `'self'`,
- });
-});
-</script>
-</body>