diff options
Diffstat (limited to 'docshell')
29 files changed, 367 insertions, 87 deletions
diff --git a/docshell/base/crashtests/914521.html b/docshell/base/crashtests/914521.html index 9ae18b860..eb0a43749 100644 --- a/docshell/base/crashtests/914521.html +++ b/docshell/base/crashtests/914521.html @@ -20,6 +20,14 @@ function f() finish(); } +function init() +{ + SpecialPowers.pushPrefEnv({"set": [ + ["security.data_uri.block_toplevel_data_uri_navigations", false], + ]}, start); + +} + function start() { var html = "<script>" + f + "<\/script><body onload=f()>"; @@ -29,5 +37,5 @@ function start() </script> </head> -<body onload="start();"></body> +<body onload="init();"></body> </html> diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index bd2a8a433..b3e26da33 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -1644,7 +1644,7 @@ nsDocShell::LoadStream(nsIInputStream* aStream, nsIURI* aURI, uri, aStream, triggeringPrincipal, - nsILoadInfo::SEC_NORMAL, + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nsIContentPolicy::TYPE_OTHER, aContentType, aContentCharset); @@ -4732,7 +4732,7 @@ nsDocShell::LoadURI(const char16_t* aURI, { return LoadURIWithOptions(aURI, aLoadFlags, aReferringURI, mozilla::net::RP_Default, aPostStream, - aHeaderStream, nullptr); + aHeaderStream, nullptr, nullptr); } NS_IMETHODIMP @@ -4742,7 +4742,8 @@ nsDocShell::LoadURIWithOptions(const char16_t* aURI, uint32_t aReferrerPolicy, nsIInputStream* aPostStream, nsIInputStream* aHeaderStream, - nsIURI* aBaseURI) + nsIURI* aBaseURI, + nsIPrincipal* aTriggeringPrincipal) { NS_ASSERTION((aLoadFlags & 0xf) == 0, "Unexpected flags"); @@ -4861,6 +4862,7 @@ nsDocShell::LoadURIWithOptions(const char16_t* aURI, loadInfo->SetReferrerPolicy(aReferrerPolicy); loadInfo->SetHeadersStream(aHeaderStream); loadInfo->SetBaseURI(aBaseURI); + loadInfo->SetTriggeringPrincipal(aTriggeringPrincipal); loadInfo->SetForceAllowDataURI(forceAllowDataURI); if (fixupInfo) { @@ -5687,6 +5689,11 @@ nsDocShell::LoadPage(nsISupports* aPageDescriptor, uint32_t aDisplayType) } shEntry->SetURI(newUri); shEntry->SetOriginalURI(nullptr); + // shEntry's current triggering principal is whoever loaded that page initially. + // But now we're doing another load of the page, via an API that is only exposed + // to system code. The triggering principal for this load should be the system + // principal. + shEntry->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal()); } rv = LoadHistoryEntry(shEntry, LOAD_HISTORY); @@ -9145,8 +9152,13 @@ nsDocShell::CreateContentViewer(const nsACString& aContentType, // Make sure we have a URI to set currentURI. nsCOMPtr<nsIURI> failedURI; + nsCOMPtr<nsIPrincipal> triggeringPrincipal; if (failedChannel) { NS_GetFinalChannelURI(failedChannel, getter_AddRefs(failedURI)); + } else { + // if there is no failed channel we have to explicitly provide + // a triggeringPrincipal for the history entry. + triggeringPrincipal = nsContentUtils::GetSystemPrincipal(); } if (!failedURI) { @@ -9167,7 +9179,8 @@ nsDocShell::CreateContentViewer(const nsACString& aContentType, // Create an shistory entry for the old load. if (failedURI) { bool errorOnLocationChangeNeeded = OnNewURI( - failedURI, failedChannel, nullptr, nullptr, mLoadType, false, false, false); + failedURI, failedChannel, triggeringPrincipal, + nullptr, mLoadType, false, false, false); if (errorOnLocationChangeNeeded) { FireOnLocationChange(this, failedChannel, failedURI, @@ -10394,10 +10407,13 @@ nsDocShell::InternalLoad(nsIURI* aURI, * call OnNewURI() so that, this traversal will be * recorded in session and global history. */ - nsCOMPtr<nsIPrincipal> triggeringPrincipal, principalToInherit; + nsCOMPtr<nsIPrincipal> newURITriggeringPrincipal, newURIPrincipalToInherit; if (mOSHE) { - mOSHE->GetTriggeringPrincipal(getter_AddRefs(triggeringPrincipal)); - mOSHE->GetPrincipalToInherit(getter_AddRefs(principalToInherit)); + mOSHE->GetTriggeringPrincipal(getter_AddRefs(newURITriggeringPrincipal)); + mOSHE->GetPrincipalToInherit(getter_AddRefs(newURIPrincipalToInherit)); + } else { + newURITriggeringPrincipal = aTriggeringPrincipal; + newURIPrincipalToInherit = doc->NodePrincipal(); } // Pass true for aCloneSHChildren, since we're not // changing documents here, so all of our subframes are @@ -10407,7 +10423,7 @@ nsDocShell::InternalLoad(nsIURI* aURI, // flag on firing onLocationChange(...). // Anyway, aCloneSHChildren param is simply reflecting // doShortCircuitedLoad in this scope. - OnNewURI(aURI, nullptr, triggeringPrincipal, principalToInherit, + OnNewURI(aURI, nullptr, newURITriggeringPrincipal, newURIPrincipalToInherit, mLoadType, true, true, true); nsCOMPtr<nsIInputStream> postData; @@ -10606,7 +10622,7 @@ nsDocShell::InternalLoad(nsIURI* aURI, } bool shouldLoad; rv = browserChrome3->ShouldLoadURI(this, uriForShouldLoadCheck, aReferrer, - &shouldLoad); + aTriggeringPrincipal, &shouldLoad); if (NS_SUCCEEDED(rv) && !shouldLoad) { return NS_OK; } @@ -10961,7 +10977,8 @@ nsDocShell::DoURILoad(nsIURI* aURI, } nsLoadFlags loadFlags = mDefaultLoadFlags; - nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL; + nsSecurityFlags securityFlags = + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL; if (aFirstParty) { // tag first party URL loads @@ -12123,7 +12140,9 @@ nsDocShell::AddState(JS::Handle<JS::Value> aData, const nsAString& aTitle, // Since we're not changing which page we have loaded, pass // true for aCloneChildren. - rv = AddToSessionHistory(newURI, nullptr, nullptr, nullptr, true, + rv = AddToSessionHistory(newURI, nullptr, + document->NodePrincipal(), // triggeringPrincipal + nullptr, true, getter_AddRefs(newSHEntry)); NS_ENSURE_SUCCESS(rv, rv); @@ -12399,11 +12418,6 @@ nsDocShell::AddToSessionHistory(nsIURI* aURI, nsIChannel* aChannel, discardLayoutState = ShouldDiscardLayoutState(httpChannel); } - // XXX Bug 1286838: Replace channel owner with loadInfo triggeringPrincipal - nsCOMPtr<nsISupports> owner; - aChannel->GetOwner(getter_AddRefs(owner)); - triggeringPrincipal = do_QueryInterface(owner); - nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); if (loadInfo) { if (!triggeringPrincipal) { @@ -12649,10 +12663,6 @@ nsDocShell::LoadHistoryEntry(nsISHEntry* aEntry, uint32_t aLoadType) srcdoc = NullString(); } - // If there is no triggeringPrincipal we can fall back to using the - // SystemPrincipal as the triggeringPrincipal for loading the history - // entry, since the history entry can only end up in history if security - // checks passed in the initial loading phase. if (!triggeringPrincipal) { triggeringPrincipal = nsContentUtils::GetSystemPrincipal(); } @@ -13917,7 +13927,8 @@ public: const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted); + bool aIsTrusted, + nsIPrincipal* aTriggeringPrincipal); NS_IMETHOD Run() override { @@ -13933,7 +13944,7 @@ public: mHandler->OnLinkClickSync(mContent, mURI, mTargetSpec.get(), mFileName, mPostDataStream, mHeadersDataStream, - nullptr, nullptr); + nullptr, nullptr, mTriggeringPrincipal); } return NS_OK; } @@ -13948,6 +13959,7 @@ private: nsCOMPtr<nsIContent> mContent; PopupControlState mPopupState; bool mIsTrusted; + nsCOMPtr<nsIPrincipal> mTriggeringPrincipal; }; OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler, @@ -13957,7 +13969,8 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler, const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted) + bool aIsTrusted, + nsIPrincipal* aTriggeringPrincipal) : mHandler(aHandler) , mURI(aURI) , mTargetSpec(aTargetSpec) @@ -13967,6 +13980,7 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler, , mContent(aContent) , mPopupState(mHandler->mScriptGlobal->GetPopupControlState()) , mIsTrusted(aIsTrusted) + , mTriggeringPrincipal(aTriggeringPrincipal) { } @@ -13977,7 +13991,8 @@ nsDocShell::OnLinkClick(nsIContent* aContent, const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted) + bool aIsTrusted, + nsIPrincipal* aTriggeringPrincipal) { NS_ASSERTION(NS_IsMainThread(), "wrong thread"); @@ -14016,7 +14031,8 @@ nsDocShell::OnLinkClick(nsIContent* aContent, nsCOMPtr<nsIRunnable> ev = new OnLinkClickEvent(this, aContent, aURI, target.get(), aFileName, - aPostDataStream, aHeadersDataStream, aIsTrusted); + aPostDataStream, aHeadersDataStream, + aIsTrusted, aTriggeringPrincipal); return NS_DispatchToCurrentThread(ev); } @@ -14028,7 +14044,8 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, nsIDocShell** aDocShell, - nsIRequest** aRequest) + nsIRequest** aRequest, + nsIPrincipal* aTriggeringPrincipal) { // Initialize the DocShell / Request if (aDocShell) { @@ -14151,13 +14168,18 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent, return NS_ERROR_OUT_OF_MEMORY; } + // if the triggeringPrincipal is not passed explicitly, then we + // fall back to using doc->NodePrincipal() as the triggeringPrincipal. + nsCOMPtr<nsIPrincipal> triggeringPrincipal = + aTriggeringPrincipal ? aTriggeringPrincipal + : aContent->NodePrincipal(); + nsresult rv = InternalLoad(clonedURI, // New URI nullptr, // Original URI false, // LoadReplace referer, // Referer URI refererPolicy, // Referer policy - aContent->NodePrincipal(), // Triggering is our node's - // principal + triggeringPrincipal, aContent->NodePrincipal(), flags, target, // Window target diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h index 63a4e3358..f510a15b0 100644 --- a/docshell/base/nsDocShell.h +++ b/docshell/base/nsDocShell.h @@ -201,7 +201,8 @@ public: const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted) override; + bool aIsTrusted, + nsIPrincipal* aTriggeringPrincipal) override; NS_IMETHOD OnLinkClickSync(nsIContent* aContent, nsIURI* aURI, const char16_t* aTargetSpec, @@ -209,7 +210,8 @@ public: nsIInputStream* aPostDataStream = 0, nsIInputStream* aHeadersDataStream = 0, nsIDocShell** aDocShell = 0, - nsIRequest** aRequest = 0) override; + nsIRequest** aRequest = 0, + nsIPrincipal* aTriggeringPrincipal = nullptr) override; NS_IMETHOD OnOverLink(nsIContent* aContent, nsIURI* aURI, const char16_t* aTargetSpec) override; diff --git a/docshell/base/nsILinkHandler.h b/docshell/base/nsILinkHandler.h index 7cdcd566d..7069f1f1d 100644 --- a/docshell/base/nsILinkHandler.h +++ b/docshell/base/nsILinkHandler.h @@ -37,6 +37,8 @@ public: * @param aFileName non-null when the link should be downloaded as the given file * @param aHeadersDataStream ??? * @param aIsTrusted false if the triggerer is an untrusted DOM event. + * @param aTriggeringPrincipal, if not passed explicitly we fall back to + * the document's principal. */ NS_IMETHOD OnLinkClick(nsIContent* aContent, nsIURI* aURI, @@ -44,7 +46,8 @@ public: const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted) = 0; + bool aIsTrusted, + nsIPrincipal* aTriggeringPrincipal) = 0; /** * Process a click on a link. @@ -61,6 +64,8 @@ public: * @param aHeadersDataStream ??? * @param aDocShell (out-param) the DocShell that the request was opened on * @param aRequest the request that was opened + * @param aTriggeringPrincipal, if not passed explicitly we fall back to + * the document's principal. */ NS_IMETHOD OnLinkClickSync(nsIContent* aContent, nsIURI* aURI, @@ -69,7 +74,8 @@ public: nsIInputStream* aPostDataStream = 0, nsIInputStream* aHeadersDataStream = 0, nsIDocShell** aDocShell = 0, - nsIRequest** aRequest = 0) = 0; + nsIRequest** aRequest = 0, + nsIPrincipal* aTriggeringPrincipal = nullptr) = 0; /** * Process a mouse-over a link. diff --git a/docshell/base/nsIWebNavigation.idl b/docshell/base/nsIWebNavigation.idl index 241d0731c..c3e2fc550 100644 --- a/docshell/base/nsIWebNavigation.idl +++ b/docshell/base/nsIWebNavigation.idl @@ -9,6 +9,7 @@ interface nsIDOMDocument; interface nsIInputStream; interface nsISHistory; interface nsIURI; +interface nsIPrincipal; /** * The nsIWebNavigation interface defines an interface for navigating the web. @@ -288,14 +289,20 @@ interface nsIWebNavigation : nsISupports * that at present this argument is only used with view-source aURIs * and cannot be used to resolve aURI. * This parameter is optional and may be null. - */ - void loadURIWithOptions(in wstring aURI, - in unsigned long aLoadFlags, - in nsIURI aReferrer, - in unsigned long aReferrerPolicy, - in nsIInputStream aPostData, - in nsIInputStream aHeaders, - in nsIURI aBaseURI); + * @param aTriggeringPrincipal + * The principal that initiated the load of aURI. If omitted docShell + * tries to create a codeBasePrincipal from aReferrer if not null. If + * aReferrer is also null docShell peforms a load using the + * SystemPrincipal as the triggeringPrincipal. + */ + void loadURIWithOptions(in wstring aURI, + in unsigned long aLoadFlags, + in nsIURI aReferrer, + in unsigned long aReferrerPolicy, + in nsIInputStream aPostData, + in nsIInputStream aHeaders, + in nsIURI aBaseURI, + [optional] in nsIPrincipal aTriggeringPrincipal); /** * Tells the Object to reload the current page. There may be cases where the diff --git a/docshell/shistory/nsSHEntry.cpp b/docshell/shistory/nsSHEntry.cpp index 9d972136f..6b0b066d9 100644 --- a/docshell/shistory/nsSHEntry.cpp +++ b/docshell/shistory/nsSHEntry.cpp @@ -416,6 +416,9 @@ nsSHEntry::Create(nsIURI* aURI, const nsAString& aTitle, uint64_t aDocShellID, bool aDynamicCreation) { + MOZ_ASSERT(aTriggeringPrincipal, + "need a valid triggeringPrincipal to create a session history entry"); + mURI = aURI; mTitle = aTitle; mPostData = aInputStream; diff --git a/docshell/shistory/nsSHistory.cpp b/docshell/shistory/nsSHistory.cpp index 7c148ffcc..9443b92bc 100644 --- a/docshell/shistory/nsSHistory.cpp +++ b/docshell/shistory/nsSHistory.cpp @@ -1582,7 +1582,8 @@ nsSHistory::LoadURIWithOptions(const char16_t* aURI, uint32_t aReferrerPolicy, nsIInputStream* aPostStream, nsIInputStream* aExtraHeaderStream, - nsIURI* aBaseURI) + nsIURI* aBaseURI, + nsIPrincipal* aTriggeringPrincipal) { return NS_OK; } diff --git a/docshell/test/browser/browser.ini b/docshell/test/browser/browser.ini index 9211092a4..300caff1a 100644 --- a/docshell/test/browser/browser.ini +++ b/docshell/test/browser/browser.ini @@ -1,5 +1,6 @@ [DEFAULT] support-files = + dummy_page.html favicon_bug655270.ico file_bug234628-1-child.html file_bug234628-1.html @@ -45,6 +46,7 @@ support-files = browser_timelineMarkers-frame-05.js head.js frame-head.js + file_click_link_within_view_source.html [browser_bug1206879.js] [browser_bug1309900_crossProcessHistoryNavigation.js] @@ -91,3 +93,4 @@ skip-if = true # Bug 1220415 [browser_timelineMarkers-04.js] [browser_timelineMarkers-05.js] [browser_ua_emulation.js] +[browser_click_link_within_view_source.js] diff --git a/docshell/test/browser/browser_click_link_within_view_source.js b/docshell/test/browser/browser_click_link_within_view_source.js new file mode 100644 index 000000000..84cfc1f0f --- /dev/null +++ b/docshell/test/browser/browser_click_link_within_view_source.js @@ -0,0 +1,60 @@ +"use strict"; + +/** + * Test for Bug 1359204 + * + * Loading a local file, then view-source on that file. Make sure that + * clicking a link within that view-source page is not blocked by security checks. + */ + +add_task(function* test_click_link_within_view_source() { + let TEST_FILE = "file_click_link_within_view_source.html"; + let TEST_FILE_URI = getChromeDir(getResolvedURI(gTestPath)); + TEST_FILE_URI.append(TEST_FILE); + TEST_FILE_URI = Services.io.newFileURI(TEST_FILE_URI).spec; + + let DUMMY_FILE = "dummy_page.html"; + let DUMMY_FILE_URI = getChromeDir(getResolvedURI(gTestPath)); + DUMMY_FILE_URI.append(DUMMY_FILE); + DUMMY_FILE_URI = Services.io.newFileURI(DUMMY_FILE_URI).spec; + + yield BrowserTestUtils.withNewTab(TEST_FILE_URI, function*(aBrowser) { + let tabSpec = gBrowser.selectedBrowser.currentURI.spec; + info("loading: " + tabSpec); + ok(tabSpec.startsWith("file://") && tabSpec.endsWith(TEST_FILE), + "sanity check to make sure html loaded"); + + info("click view-source of html"); + let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser); + document.getElementById("View:PageSource").doCommand(); + + let tab = yield tabPromise; + tabSpec = gBrowser.selectedBrowser.currentURI.spec; + info("loading: " + tabSpec); + ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(TEST_FILE), + "loading view-source of html succeeded"); + + info("click testlink within view-source page"); + let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, url => url.endsWith("dummy_page.html")); + yield ContentTask.spawn(gBrowser.selectedBrowser, {}, function*() { + if (content.document.readyState != "complete") { + yield ContentTaskUtils.waitForEvent(content.document, "readystatechange", false, () => + content.document.readyState == "complete"); + } + // document.getElementById() does not work on a view-source page, hence we use document.links + let linksOnPage = content.document.links; + is (linksOnPage.length, 1, "sanity check: make sure only one link is present on page"); + let myLink = content.document.links[0]; + myLink.click(); + }); + + yield loadPromise; + + tabSpec = gBrowser.selectedBrowser.currentURI.spec; + info("loading: " + tabSpec); + ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(DUMMY_FILE), + "loading view-source of html succeeded"); + + yield BrowserTestUtils.removeTab(tab); + }); +}); diff --git a/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js b/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js new file mode 100644 index 000000000..96908bbc2 --- /dev/null +++ b/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js @@ -0,0 +1,50 @@ +"use strict"; + +const TEST_PATH = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "http://example.com"); +const HTML_URI = TEST_PATH + "dummy_page.html"; +const VIEW_SRC_URI = "view-source:" + HTML_URI; + +add_task(function*() { + info("load baseline html in new tab"); + yield BrowserTestUtils.withNewTab(HTML_URI, function*(aBrowser) { + is(gBrowser.selectedBrowser.currentURI.spec, HTML_URI, + "sanity check to make sure html loaded"); + + info("right-click -> view-source of html"); + let vSrcCtxtMenu = document.getElementById("contentAreaContextMenu"); + let popupPromise = BrowserTestUtils.waitForEvent(vSrcCtxtMenu, "popupshown"); + BrowserTestUtils.synthesizeMouseAtCenter("body", { type: "contextmenu", button: 2 }, aBrowser); + yield popupPromise; + let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser, VIEW_SRC_URI); + let vSrcItem = vSrcCtxtMenu.getElementsByAttribute("id", "context-viewsource")[0]; + vSrcItem.click(); + vSrcCtxtMenu.hidePopup(); + let tab = yield tabPromise; + is(gBrowser.selectedBrowser.currentURI.spec, VIEW_SRC_URI, + "loading view-source of html succeeded"); + + info ("load html file again before going .back()"); + let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, HTML_URI); + yield ContentTask.spawn(tab.linkedBrowser, HTML_URI, HTML_URI => { + content.document.location = HTML_URI; + }); + yield loadPromise; + is(gBrowser.selectedBrowser.currentURI.spec, HTML_URI, + "loading html another time succeeded"); + + info("click .back() to view-source of html again and make sure the history entry has a triggeringPrincipal"); + let backCtxtMenu = document.getElementById("contentAreaContextMenu"); + popupPromise = BrowserTestUtils.waitForEvent(backCtxtMenu, "popupshown"); + BrowserTestUtils.synthesizeMouseAtCenter("body", { type: "contextmenu", button: 2 }, aBrowser); + yield popupPromise; + loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, VIEW_SRC_URI); + let backItem = backCtxtMenu.getElementsByAttribute("id", "context-back")[0]; + backItem.click(); + backCtxtMenu.hidePopup(); + yield loadPromise; + is(gBrowser.selectedBrowser.currentURI.spec, VIEW_SRC_URI, + "clicking .back() to view-source of html succeeded"); + + yield BrowserTestUtils.removeTab(tab); + }); +}); diff --git a/docshell/test/browser/dummy_page.html b/docshell/test/browser/dummy_page.html new file mode 100644 index 000000000..59bf2a5f8 --- /dev/null +++ b/docshell/test/browser/dummy_page.html @@ -0,0 +1,6 @@ +<html> +<head> <meta charset="utf-8"> </head> + <body> + just a dummy html file + </body> +</html> diff --git a/docshell/test/browser/file_click_link_within_view_source.html b/docshell/test/browser/file_click_link_within_view_source.html new file mode 100644 index 000000000..d78e4ba0f --- /dev/null +++ b/docshell/test/browser/file_click_link_within_view_source.html @@ -0,0 +1,6 @@ +<html> +<head> <meta charset="utf-8"> </head> + <body> + <a id="testlink" href="dummy_page.html">clickme</a> + </body> +</html> diff --git a/docshell/test/chrome/test_bug364461.xul b/docshell/test/chrome/test_bug364461.xul index 85154f9d7..9e45ce971 100644 --- a/docshell/test/chrome/test_bug364461.xul +++ b/docshell/test/chrome/test_bug364461.xul @@ -29,9 +29,15 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=364461 /** Test for Bug 364461 **/ SimpleTest.waitForExplicitFinish(); -window.open("bug364461_window.xul", "bug364461", - "chrome,width=600,height=600"); +SpecialPowers.pushPrefEnv({ + "set":[["security.data_uri.block_toplevel_data_uri_navigations", false]] +}, runTests); + +function runTests() { + window.open("bug364461_window.xul", "bug364461", + "chrome,width=600,height=600"); +} ]]> </script> diff --git a/docshell/test/dummy_page.html b/docshell/test/dummy_page.html new file mode 100644 index 000000000..59bf2a5f8 --- /dev/null +++ b/docshell/test/dummy_page.html @@ -0,0 +1,6 @@ +<html> +<head> <meta charset="utf-8"> </head> + <body> + just a dummy html file + </body> +</html> diff --git a/docshell/test/file_bug598895_1.html b/docshell/test/file_bug598895_1.html new file mode 100644 index 000000000..6fbb13a02 --- /dev/null +++ b/docshell/test/file_bug598895_1.html @@ -0,0 +1 @@ +<script>window.onload = function() { opener.postMessage('loaded', '*'); }</script><body>Should show</body> diff --git a/docshell/test/file_bug598895_2.html b/docshell/test/file_bug598895_2.html new file mode 100644 index 000000000..0822c566b --- /dev/null +++ b/docshell/test/file_bug598895_2.html @@ -0,0 +1 @@ +<script>window.onload = function() { opener.postMessage('loaded', '*'); }</script><body></body> diff --git a/docshell/test/file_bug637644_1.html b/docshell/test/file_bug637644_1.html new file mode 100644 index 000000000..6fbb13a02 --- /dev/null +++ b/docshell/test/file_bug637644_1.html @@ -0,0 +1 @@ +<script>window.onload = function() { opener.postMessage('loaded', '*'); }</script><body>Should show</body> diff --git a/docshell/test/file_bug637644_2.html b/docshell/test/file_bug637644_2.html new file mode 100644 index 000000000..0822c566b --- /dev/null +++ b/docshell/test/file_bug637644_2.html @@ -0,0 +1 @@ +<script>window.onload = function() { opener.postMessage('loaded', '*'); }</script><body></body> diff --git a/docshell/test/mochitest.ini b/docshell/test/mochitest.ini index 7b27908fb..d2e378928 100644 --- a/docshell/test/mochitest.ini +++ b/docshell/test/mochitest.ini @@ -11,6 +11,7 @@ support-files = bug668513_redirect.html bug668513_redirect.html^headers^ bug691547_frame.html + dummy_page.html file_anchor_scroll_after_document_open.html file_bug385434_1.html file_bug385434_2.html @@ -20,9 +21,13 @@ support-files = file_bug540462.html file_bug580069_1.html file_bug580069_2.sjs + file_bug598895_1.html + file_bug598895_2.html file_bug590573_1.html file_bug590573_2.html file_bug634834.html + file_bug637644_1.html + file_bug637644_2.html file_bug640387.html file_bug653741.html file_bug660404 @@ -94,3 +99,4 @@ skip-if = toolkit == 'android' # bug 784321 support-files = file_framedhistoryframes.html [test_pushState_after_document_open.html] [test_windowedhistoryframes.html] +[test_triggeringprincipal_location_seturi.html] diff --git a/docshell/test/navigation/NavigationUtils.js b/docshell/test/navigation/NavigationUtils.js index c90ea74d5..72bea7dde 100644 --- a/docshell/test/navigation/NavigationUtils.js +++ b/docshell/test/navigation/NavigationUtils.js @@ -9,10 +9,10 @@ /////////////////////////////////////////////////////////////////////////// var body = "This frame was navigated."; -var target_url = "data:text/html,<html><body>" + body + "</body></html>"; +var target_url = "navigation_target_url.html" var popup_body = "This is a popup"; -var target_popup_url = "data:text/html,<html><body>" + popup_body + "</body></html>"; +var target_popup_url = "navigation_target_popup_url.html"; /////////////////////////////////////////////////////////////////////////// // Functions that navigate frames @@ -58,7 +58,7 @@ function navigateByHyperlink(name) { function isNavigated(wnd, message) { var result = null; try { - result = SpecialPowers.wrap(wnd).document.body.innerHTML; + result = SpecialPowers.wrap(wnd).document.body.innerHTML.trim(); } catch(ex) { result = ex; } @@ -68,7 +68,7 @@ function isNavigated(wnd, message) { function isBlank(wnd, message) { var result = null; try { - result = wnd.document.body.innerHTML; + result = wnd.document.body.innerHTML.trim(); } catch(ex) { result = ex; } @@ -146,7 +146,9 @@ function xpcGetFramesByName(name) { function xpcCleanupWindows() { xpcEnumerateContentWindows(function(win) { - if (win.location && win.location.protocol == "data:") + if (win.location && + (win.location.href.endsWith(target_url) || + win.location.href.endsWith(target_popup_url))) { win.close(); }); } @@ -177,12 +179,12 @@ function xpcWaitForFinishedFrames(callback, numFrames) { } function searchForFinishedFrames(win) { - if ((escape(unescape(win.location)) == escape(target_url) || - escape(unescape(win.location)) == escape(target_popup_url)) && + if ((win.location.href.endsWith(target_url) || + win.location.href.endsWith(target_popup_url)) && win.document && win.document.body && - (win.document.body.textContent == body || - win.document.body.textContent == popup_body) && + (win.document.body.textContent.trim() == body || + win.document.body.textContent.trim() == popup_body) && win.document.readyState == "complete") { var util = win.QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor) diff --git a/docshell/test/navigation/file_scrollRestoration.html b/docshell/test/navigation/file_scrollRestoration.html index 92e43d7fb..766949d13 100644 --- a/docshell/test/navigation/file_scrollRestoration.html +++ b/docshell/test/navigation/file_scrollRestoration.html @@ -40,7 +40,7 @@ document.getElementById("bottom").scrollIntoView(); window.onunload = null; // Should get bfcache behavior. opener.setTimeout("testWindow.history.back();", 250); - window.location.href = 'data:text/html,'; + window.location.href = 'about:blank'; break; } case 4: { @@ -57,7 +57,7 @@ opener.is(history.scrollRestoration, "manual", "Should have the same scrollRestoration mode as before fragment navigation."); window.onunload = function() {} // Disable bfcache. opener.setTimeout("is(testWindow.history.scrollRestoration, 'auto'); testWindow.history.back();", 250); - window.location.href = 'data:text/html,'; + window.location.href = 'about:blank'; break; } case 6: { diff --git a/docshell/test/navigation/mochitest.ini b/docshell/test/navigation/mochitest.ini index 764e400a8..1b5f33c7f 100644 --- a/docshell/test/navigation/mochitest.ini +++ b/docshell/test/navigation/mochitest.ini @@ -1,6 +1,8 @@ [DEFAULT] support-files = NavigationUtils.js + navigation_target_url.html + navigation_target_popup_url.html blank.html file_bug462076_1.html file_bug462076_2.html diff --git a/docshell/test/navigation/navigation_target_popup_url.html b/docshell/test/navigation/navigation_target_popup_url.html new file mode 100644 index 000000000..cfe6de009 --- /dev/null +++ b/docshell/test/navigation/navigation_target_popup_url.html @@ -0,0 +1 @@ +<html><body>This is a popup</body></html> diff --git a/docshell/test/navigation/navigation_target_url.html b/docshell/test/navigation/navigation_target_url.html new file mode 100644 index 000000000..a485e8133 --- /dev/null +++ b/docshell/test/navigation/navigation_target_url.html @@ -0,0 +1 @@ +<html><body>This frame was navigated.</body></html> diff --git a/docshell/test/navigation/open.html b/docshell/test/navigation/open.html index 1bb70f865..97eb9b76e 100644 --- a/docshell/test/navigation/open.html +++ b/docshell/test/navigation/open.html @@ -3,7 +3,7 @@ <script> var target = window.location.hash.substring(1); document.write("target=" + target); -window.open("data:text/html,<html><body>This is a popup</body></html>", target, "width=10,height=10"); +window.open("navigation_target_popup_url.html", target, "width=10,height=10"); </script> </body> </html> diff --git a/docshell/test/navigation/test_triggeringprincipal_window_open.html b/docshell/test/navigation/test_triggeringprincipal_window_open.html index d5d7f210b..dbee21777 100644 --- a/docshell/test/navigation/test_triggeringprincipal_window_open.html +++ b/docshell/test/navigation/test_triggeringprincipal_window_open.html @@ -13,8 +13,7 @@ /* We call window.open() using different URIs and make sure the triggeringPrincipal * loadingPrincipal are correct. * Test1: window.open(http:) - * Test2: window.open(data:) - * Test3: window.open(javascript:) + * Test2: window.open(javascript:) */ const TRIGGERING_PRINCIPAL_URI = @@ -22,7 +21,7 @@ const TRIGGERING_PRINCIPAL_URI = SimpleTest.waitForExplicitFinish(); -const NUM_TESTS = 3; +const NUM_TESTS = 2; var test_counter = 0; function checkFinish() { @@ -54,28 +53,7 @@ httpWin.onload = function() { } // ---------------------------------------------------------------------------- -// Test 2: window.open(data:) -var dataWin = window.open("data:text/html,<html><body>data</body></html>", "_blank", "width=10,height=10"); -dataWin.onload = function() { - var dataChannel = SpecialPowers.wrap(dataWin.document).docShell.currentDocumentChannel; - var dataTriggeringPrincipal = dataChannel.loadInfo.triggeringPrincipal.URI.asciiSpec; - var dataLoadingPrincipal = dataChannel.loadInfo.loadingPrincipal; - - is(dataTriggeringPrincipal, TRIGGERING_PRINCIPAL_URI, - "TriggeringPrincipal for window.open(data:) should be the principal of the document"); - - is(dataWin.document.referrer, "", - "Referrer for window.open(data:) should be empty"); - - is(dataLoadingPrincipal, null, - "LoadingPrincipal for window.open(data:) should be null"); - - dataWin.close(); - checkFinish(); -} - -// ---------------------------------------------------------------------------- -// Test 3: window.open(javascript:) +// Test 2: window.open(javascript:) var jsWin = window.open("javascript:'<html><body>js</body></html>';", "_blank", "width=10,height=10"); jsWin.onload = function() { var jsChannel = SpecialPowers.wrap(jsWin.document).docShell.currentDocumentChannel; diff --git a/docshell/test/test_bug598895.html b/docshell/test/test_bug598895.html index 52b9537be..5cc74e42c 100644 --- a/docshell/test/test_bug598895.html +++ b/docshell/test/test_bug598895.html @@ -43,9 +43,8 @@ window.onmessage = function (ev) { } } -var win2 = window.open("data:text/html,<script>window.onload = function() { opener.postMessage('loaded', '*'); }</" + "script><body>Should show</body>"); - -var win3 = window.open("data:text/html,<script>window.onload = function() { opener.postMessage('loaded', '*'); }</" + "script><body></body>"); +var win2 = window.open("file_bug598895_1.html"); +var win3 = window.open("file_bug598895_2.html"); }); </script> </pre> diff --git a/docshell/test/test_bug637644.html b/docshell/test/test_bug637644.html index d172ada4a..4192fae22 100644 --- a/docshell/test/test_bug637644.html +++ b/docshell/test/test_bug637644.html @@ -43,9 +43,8 @@ window.onmessage = function (ev) { } } -var win2 = window.open("data:text/html,<script>window.onload = function() { opener.postMessage('loaded', '*'); }</" + "script><body>Should show</body>", "", "height=500,width=500"); - -var win3 = window.open("data:text/html,<script>window.onload = function() { opener.postMessage('loaded', '*'); }</" + "script><body></body>", "", "height=500,width=500"); +var win2 = window.open("file_bug637644_1.html", "", "height=500,width=500"); +var win3 = window.open("file_bug637644_2.html", "", "height=500,width=500"); }); </script> </pre> diff --git a/docshell/test/test_triggeringprincipal_location_seturi.html b/docshell/test/test_triggeringprincipal_location_seturi.html new file mode 100644 index 000000000..3b0c7bac5 --- /dev/null +++ b/docshell/test/test_triggeringprincipal_location_seturi.html @@ -0,0 +1,102 @@ +<!DOCTYPE html> +<html> +<head> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + +<script type="text/javascript"> + +SimpleTest.waitForExplicitFinish(); + +const SAME_ORIGIN_URI = "http://mochi.test:8888/tests/docshell/test/dummy_page.html"; +const CROSS_ORIGIN_URI = "http://example.com/tests/docshell/test/dummy_page.html"; +const NUMBER_OF_TESTS = 3; +let testCounter = 0; + +function checkFinish() { + testCounter++; + if (testCounter < NUMBER_OF_TESTS) { + return; + } + SimpleTest.finish(); +} + +// ---- test 1 ---- + +let myFrame1 = document.createElement("iframe"); +myFrame1.src = SAME_ORIGIN_URI; +myFrame1.addEventListener("load", checkLoadFrame1); +document.documentElement.appendChild(myFrame1); + +function checkLoadFrame1() { + myFrame1.removeEventListener('load', checkLoadFrame1, false); + // window.location.href is no longer cross-origin accessible in gecko. + is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, SAME_ORIGIN_URI, + "initial same origin dummy loaded into frame1"); + + SpecialPowers.wrap(myFrame1.contentWindow).location.hash = "#bar"; + is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, SAME_ORIGIN_URI + "#bar", + "initial same origin dummy#bar loaded into iframe1"); + + myFrame1.addEventListener("load", checkNavFrame1); + myFrame1.src = CROSS_ORIGIN_URI; +} + +function checkNavFrame1() { + myFrame1.removeEventListener('load', checkNavFrame1, false); + is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, CROSS_ORIGIN_URI, + "cross origin dummy loaded into frame1"); + + myFrame1.addEventListener("load", checkBackNavFrame1); + myFrame1.src = SAME_ORIGIN_URI + "#bar"; +} + +function checkBackNavFrame1() { + myFrame1.removeEventListener('load', checkBackNavFrame1, false); + is(SpecialPowers.wrap(myFrame1.contentWindow).location.href, SAME_ORIGIN_URI + "#bar", + "navagiating back to same origin dummy for frame1"); + checkFinish(); +} + +// ---- test 2 ---- + +let myFrame2 = document.createElement("iframe"); +myFrame2.src = "about:blank"; +myFrame2.addEventListener("load", checkLoadFrame2); +document.documentElement.appendChild(myFrame2); + +function checkLoadFrame2() { + myFrame2.removeEventListener('load', checkLoadFrame2, false); + is(SpecialPowers.wrap(myFrame2.contentWindow).location.href, "about:blank", + "initial about:blank frame loaded"); + + myFrame2.contentWindow.location.hash = "#foo"; + is(SpecialPowers.wrap(myFrame2.contentWindow).location.href, "about:blank#foo", + "about:blank#foo frame loaded"); + + myFrame2.addEventListener('load', checkHistoryFrame2); + myFrame2.src = "about:blank"; +} + +function checkHistoryFrame2() { + myFrame2.removeEventListener('load', checkHistoryFrame2, false); + is(SpecialPowers.wrap(myFrame2.contentWindow).location.href, "about:blank", + "about:blank frame loaded again"); + checkFinish(); +} + +// ---- test 3 ---- + +let myFrame3 = document.createElement("frame"); +document.documentElement.appendChild(myFrame3); +myFrame3.contentWindow.location.hash = "#foo"; + +is(myFrame3.contentWindow.location.href, "about:blank#foo", + "created history entry with about:blank#foo"); +checkFinish(); + +</script> +</body> +</html> |