summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_shouldprocess.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/test_shouldprocess.html')
-rw-r--r--dom/security/test/csp/test_shouldprocess.html98
1 files changed, 98 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_shouldprocess.html b/dom/security/test/csp/test_shouldprocess.html
new file mode 100644
index 000000000..5d0925167
--- /dev/null
+++ b/dom/security/test/csp/test_shouldprocess.html
@@ -0,0 +1,98 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=908933
+-->
+<head>
+ <title>Test Bug 908933</title>
+ <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8">
+</head>
+<body>
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * We load variations of 'objects' and make sure all the
+ * resource loads are correctly blocked by CSP.
+ * For all the testing we use a CSP with "object-src 'none'"
+ * so that all the loads are either blocked by
+ * shouldProcess or shouldLoad.
+ */
+
+const POLICY = "default-src http://mochi.test:8888; object-src 'none'";
+const TESTFILE = "tests/dom/security/test/csp/file_shouldprocess.html";
+
+SimpleTest.waitForExplicitFinish();
+
+var tests = [
+ // Note that the files listed below don't actually exist.
+ // Since loading of them should be blocked by shouldProcess, we don't
+ // really need these files.
+
+ // blocked by shouldProcess
+ "http://mochi.test:8888/tests/dom/security/test/csp/test1",
+ "http://mochi.test:8888/tests/dom/security/test/csp/test2",
+ "http://mochi.test:8888/tests/dom/security/test/csp/test3",
+ "http://mochi.test:8888/tests/dom/security/test/csp/test4",
+ "http://mochi.test:8888/tests/dom/security/test/csp/test5",
+ "http://mochi.test:8888/tests/dom/security/test/csp/test6",
+ // blocked by shouldLoad
+ "http://mochi.test:8888/tests/dom/security/test/csp/test7.class",
+ "http://mochi.test:8888/tests/dom/security/test/csp/test8.class",
+];
+
+function checkResults(aURI) {
+ var index = tests.indexOf(aURI);
+ if (index > -1) {
+ tests.splice(index, 1);
+ ok(true, "ShouldLoad or ShouldProcess blocks TYPE_OBJECT with uri: " + aURI + "!");
+ }
+ else {
+ ok(false, "ShouldLoad or ShouldProcess incorreclty blocks TYPE_OBJECT with uri: " + aURI + "!");
+ }
+ if (tests.length == 0) {
+ window.examiner.remove();
+ SimpleTest.finish();
+ }
+}
+
+// used to watch that shouldProcess blocks TYPE_OBJECT
+function examiner() {
+ SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
+}
+examiner.prototype = {
+ observe: function(subject, topic, data) {
+ if (topic === "csp-on-violate-policy") {
+ var asciiSpec =
+ SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
+ checkResults(asciiSpec);
+ }
+ },
+ remove: function() {
+ SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+ }
+}
+window.examiner = new examiner();
+
+function loadFrame() {
+ var src = "file_testserver.sjs";
+ // append the file that should be served
+ src += "?file=" + escape(TESTFILE);
+ // append the CSP that should be used to serve the file
+ src += "&csp=" + escape(POLICY);
+
+ var iframe = document.createElement("iframe");
+ iframe.src = src;
+ document.body.appendChild(iframe);
+}
+
+SpecialPowers.pushPrefEnv(
+ { "set": [['plugin.java.mime', 'application/x-java-test']] },
+ loadFrame);
+
+</script>
+</pre>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 07:05:29 +0000