summaryrefslogtreecommitdiffstats
path: root/dom/base/test/test_bug704320_policyset.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/base/test/test_bug704320_policyset.html')
-rw-r--r--dom/base/test/test_bug704320_policyset.html104
1 files changed, 104 insertions, 0 deletions
diff --git a/dom/base/test/test_bug704320_policyset.html b/dom/base/test/test_bug704320_policyset.html
new file mode 100644
index 000000000..8188a9480
--- /dev/null
+++ b/dom/base/test/test_bug704320_policyset.html
@@ -0,0 +1,104 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+This checks if the right policies are applied from a given string (including whitespace, invalid policy strings, etc). It doesn't do a complete check for all load types; that's done in another test.
+https://bugzilla.mozilla.org/show_bug.cgi?id=704320
+-->
+
+<head>
+ <meta charset="utf-8">
+ <title>Test policies for Bug 704320</title>
+ <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="application/javascript" src="referrerHelper.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+<script type="application/javascript;version=1.7">
+
+SimpleTest.waitForExplicitFinish();
+var advance = function() { tests.next(); };
+
+/**
+ * This is the main test routine -- serialized by use of a generator.
+ * It resets the counter, then performs two tests in sequence using
+ * the same iframe.
+ */
+var tests = (function() {
+ var iframe = document.getElementById("testframe");
+ const sjs = "/tests/dom/base/test/bug704320.sjs?action=generate-policy-test";
+
+
+ // basic calibration check
+ // reset the counter
+ yield resetCounter();
+
+ // load the first test frame
+ // it will call back into this function via postMessage when it finishes loading.
+ // and continue beyond the yield.
+ yield iframe.src = sjs + "&policy=" + escape('default');
+
+ // check the first test (two images, no referrers)
+ yield checkIndividualResults("default", ["full"]);
+
+ // check invalid policy
+ // According to the spec section Determine token's Policy,if there is a policy
+ // token and it is not one of the expected tokens, Empty string should be the
+ // policy used.
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape('invalid-policy');
+ yield checkIndividualResults("invalid", ["full"]);
+
+ // whitespace checks.
+ // according to the spec section 4.1, the content attribute's value
+ // is fed to the token policy algorithm after stripping leading and
+ // trailing whitespace.
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape('default ');
+ yield checkIndividualResults("trailing whitespace", ["full"]);
+
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape(' origin\f');
+ yield checkIndividualResults("trailing form feed", ["origin"]);
+
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape('\f origin');
+ yield checkIndividualResults("leading form feed", ["origin"]);
+
+ // origin when cross-origin (trimming whitespace)
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape(' origin-when-cross-origin');
+ yield checkIndividualResults("origin-when-cross-origin", ["origin", "full"]);
+
+ // according to the spec section 4.1:
+ // "If the meta element lacks a content attribute, or if that attribute’s
+ // value is the empty string, then abort these steps."
+ // This means empty or missing content attribute means to ignore the meta
+ // tag and use default policy.
+ // Whitespace here is space, tab, LF, FF and CR.
+ // http://www.w3.org/html/wg/drafts/html/CR/infrastructure.html#space-character
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape(' \t ');
+ yield checkIndividualResults("basic whitespace only policy", ["full"]);
+
+ // and double-check that no-referrer works.
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape('no-referrer');
+ yield checkIndividualResults("no-referrer", ["none"]);
+
+ // Case insensitive
+ yield resetCounter();
+ yield iframe.src = sjs + "&policy=" + escape('\f OrigIn');
+ yield checkIndividualResults("origin case insensitive", ["origin"]);
+
+ // complete. Be sure to yield so we don't call this twice.
+ yield SimpleTest.finish();
+})();
+
+</script>
+</head>
+
+<body onload="tests.next();">
+ <iframe id="testframe"></iframe>
+
+</body>
+</html>
+