summaryrefslogtreecommitdiffstats
path: root/dom/security/test/hsts/file_priming-top.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/hsts/file_priming-top.html')
-rw-r--r--dom/security/test/hsts/file_priming-top.html84
1 files changed, 84 insertions, 0 deletions
diff --git a/dom/security/test/hsts/file_priming-top.html b/dom/security/test/hsts/file_priming-top.html
new file mode 100644
index 000000000..b1d1bfa40
--- /dev/null
+++ b/dom/security/test/hsts/file_priming-top.html
@@ -0,0 +1,84 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1246540</title>
+ <meta http-equiv='content-type' content="text/html;charset=utf-8" />
+</head>
+<body>
+ <p id="display"></p>
+ <div id="content" style="visibility: hidden">
+ </div>
+
+<script type="text/javascript">
+/*
+ * Description of the test:
+ * Attempt to load an insecure resource. If the resource responds to HSTS
+ * priming with an STS header, the load should continue securely.
+ * If it does not, the load should continue be blocked or continue insecurely.
+ */
+
+function parse_query_string() {
+ var q = {};
+ document.location.search.substr(1).
+ split('&').forEach(function (item, idx, ar) {
+ let [k, v] = item.split('=');
+ q[k] = unescape(v);
+ });
+ return q;
+}
+
+var args = parse_query_string();
+
+var subresources = {
+ css: { mimetype: 'text/css', file: 'file_stylesheet.css' },
+ img: { mimetype: 'image/png', file: 'file_1x1.png' },
+ script: { mimetype: 'text/javascript', file: 'file_priming.js' },
+};
+
+function handler(ev) {
+ console.log("HSTS_PRIMING: Blocked "+args.id);
+}
+
+function loadCss(src) {
+ let head = document.getElementsByTagName("head")[0];
+ let link = document.createElement("link");
+ link.setAttribute("rel", "stylesheet");
+ link.setAttribute("type", subresources[args.type].mimetype);
+ link.setAttribute("href", src);
+ head.appendChild(link);
+}
+
+function loadResource(src) {
+ let content = document.getElementById("content");
+ let testElem = document.createElement(args.type);
+ testElem.setAttribute("id", args.id);
+ testElem.setAttribute("charset", "UTF-8");
+ testElem.onerror = handler;
+ content.appendChild(testElem);
+ testElem.src = src;
+}
+
+function loadTest() {
+ let subresource = subresources[args.type];
+
+ let src = "http://"
+ + args.host
+ + "/browser/dom/security/test/hsts/file_testserver.sjs"
+ + "?file=" +escape("browser/dom/security/test/hsts/" + subresource.file)
+ + "&primer=" + escape(args.id)
+ + "&mimetype=" + escape(subresource.mimetype)
+ ;
+ if (args.type == 'css') {
+ loadCss(src);
+ return;
+ }
+
+ loadResource(src);
+}
+
+// start running the tests
+loadTest();
+
+</script>
+</body>
+</html>