summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/mochitest/mixedcontent
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests/mochitest/mixedcontent')
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js5
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs6
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/backward.html18
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js7
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html29
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html30
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/download.auto1
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^2
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs5
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs13
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/iframe.html13
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html14
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html8
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs5
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs5
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs5
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs5
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js204
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini62
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpgbin0 -> 52159 bytes
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/moz.build8
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs4
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs5
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css4
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html37
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html102
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html35
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html47
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html35
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html39
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html43
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html42
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html47
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html38
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html40
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html48
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html49
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html45
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html45
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html46
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html37
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html40
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html42
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html40
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html35
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html43
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html37
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html36
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html39
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html37
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html37
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html38
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html38
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html35
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html21
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html37
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html37
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html9
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html35
59 files changed, 1869 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js
new file mode 100644
index 000000000..d61bb2044
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js
@@ -0,0 +1,5 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+ "extends": "../../../../../../testing/mochitest/mochitest.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
new file mode 100644
index 000000000..8e9afb098
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
@@ -0,0 +1,6 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 200, "OK");
+ response.setHeader("Access-Control-Allow-Origin", "*");
+ response.write("<html><body>hello!</body></html>");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/backward.html b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
new file mode 100644
index 000000000..825c2aa80
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <script type="text/javascript">
+ "use strict";
+ window.onload = function()
+ {
+ window.setTimeout(function()
+ {
+ SpecialPowers.wrap(window).QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor)
+ .getInterface(SpecialPowers.Ci.nsIWebNavigation)
+ .goBack();
+ }, 100);
+ };
+
+ </script>
+</head>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
new file mode 100644
index 000000000..fd888504a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
@@ -0,0 +1,7 @@
+/* import-globals-from mixedContentTest.js */
+"use strict";
+
+document.open();
+document.write("This is insecure XSS script " + document.cookie);
+isSecurityState("broken", "security broken after document write from unsecure script");
+finish();
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
new file mode 100644
index 000000000..c2ebce364
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
@@ -0,0 +1,29 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 383369 test, step 2</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/does_not_exist.css">
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ window.onload = function runTest() {
+ window.setTimeout(function () {
+ window.location =
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html?runtest";
+ }, 0);
+ };
+
+ function afterNavigationTest()
+ {
+ }
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
new file mode 100644
index 000000000..1acafcd2f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
@@ -0,0 +1,30 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 383369 test, final step</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("secure", "secure page after insecure download and insecure subcontent still secure");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("secure", "still secure after back/forward");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
new file mode 100644
index 000000000..4d2fb7d5a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
@@ -0,0 +1 @@
+Temporary file for security/mixedconent tests \ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
new file mode 100644
index 000000000..9c3159e15
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
@@ -0,0 +1,2 @@
+Content-disposition: "attachment"
+Content-type: application/x-auto-download
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
new file mode 100644
index 000000000..5cce2826f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 200, "OK");
+ //response.setHeader("Content-type", "image/gif");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
new file mode 100644
index 000000000..20d9dea82
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
@@ -0,0 +1,13 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 200, "OK");
+ response.setHeader("Content-type", "image/bitmap");
+
+ let bmpheader = "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+ let bmpdatapiece = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+ response.bodyOutputStream.write(bmpheader, 54);
+ // Fill 640*480*3 nulls
+ for (let i = 0; i < (640 * 480 * 3) / 64; ++i)
+ response.bodyOutputStream.write(bmpdatapiece, 64);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
new file mode 100644
index 000000000..d67eb6a7a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+ This is frame 1:
+ <script>
+ "use strict";
+ document.write(location.href);
+ </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
new file mode 100644
index 000000000..048ed811b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+ This is frame 2:
+ <script>
+ "use strict";
+ document.write(location.href);
+ </script>
+ <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
new file mode 100644
index 000000000..d033f5b00
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
@@ -0,0 +1,8 @@
+<!DOCTYPE HTML>
+<META http-equiv="Refresh"
+ Content="0; URL=http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html">
+<html>
+ <body>
+ Redirecting by meta tag...
+ </body>
+</html> \ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
new file mode 100644
index 000000000..ea93b80b7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+ response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
new file mode 100644
index 000000000..937e29954
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+ response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
new file mode 100644
index 000000000..7af6116e1
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+ response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
new file mode 100644
index 000000000..a8eb26642
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+ response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
new file mode 100644
index 000000000..74c592e59
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -0,0 +1,204 @@
+"use strict";
+
+/**
+ * Helper script for mixed content testing. It opens a new top-level window
+ * from a secure origin and '?runtest' query. That tells us to run the test
+ * body, function runTest(). Then we wait for call of finish(). On its first
+ * call it loads helper page 'backward.html' that immediately navigates
+ * back to the test secure test. This checks the bfcache. We got second call
+ * to onload and this time we call afterNavigationTest() function to let the
+ * test check security state after re-navigation back. Then we again wait for
+ * finish() call, that this time finishes completelly the test.
+ */
+
+// Tells the framework if to load the test in an insecure page (http://)
+var loadAsInsecure = false;
+// Set true to bypass the navigation forward/back test
+var bypassNavigationTest = false;
+// Set true to do forward/back navigation over an http:// page, test state leaks
+var navigateToInsecure = false;
+// Open the test in two separate windows, test requests sharing among windows
+var openTwoWindows = false;
+// Override the name of the test page to load, useful e.g. to prevent load
+// of images or other content before the test starts; this is actually
+// a 'redirect' to a different test page.
+var testPage = "";
+// Assign a function to this variable to have a clean up at the end
+var testCleanUp = null;
+// Contains mixed active content that needs to load to run the test
+var hasMixedActiveContent = false;
+
+
+// Internal variables
+var _windowCount = 0;
+
+window.onload = function onLoad() {
+ if (location.search == "?runtest") {
+ try {
+ if (history.length == 1) {
+ // Each test that includes this helper file is supposed to define
+ // runTest(). See the top level comment.
+ runTest(); // eslint-disable-line no-undef
+ } else {
+ // Each test that includes this helper file is supposed to define
+ // afterNavigationTest(). See the top level comment.
+ afterNavigationTest(); // eslint-disable-line no-undef
+ }
+ } catch (ex) {
+ ok(false, "Exception thrown during test: " + ex);
+ finish();
+ }
+ } else {
+ window.addEventListener("message", onMessageReceived, false);
+
+ let secureTestLocation = loadAsInsecure ? "http://example.com"
+ : "https://example.com";
+ secureTestLocation += location.pathname;
+ if (testPage != "") {
+ let array = secureTestLocation.split("/");
+ array.pop();
+ array.push(testPage);
+ secureTestLocation = array.join("/");
+ }
+ secureTestLocation += "?runtest";
+
+ if (hasMixedActiveContent) {
+ SpecialPowers.pushPrefEnv(
+ {"set": [["security.mixed_content.block_active_content", false]]},
+ null);
+ }
+ if (openTwoWindows) {
+ _windowCount = 2;
+ window.open(secureTestLocation, "_new1", "");
+ window.open(secureTestLocation, "_new2", "");
+ } else {
+ _windowCount = 1;
+ window.open(secureTestLocation);
+ }
+ }
+};
+
+function onMessageReceived(event)
+{
+ switch (event.data) {
+ // Indication of all test parts finish (from any of the frames)
+ case "done":
+ if (--_windowCount == 0) {
+ if (testCleanUp) {
+ testCleanUp();
+ }
+ if (hasMixedActiveContent) {
+ SpecialPowers.popPrefEnv(null);
+ }
+
+ SimpleTest.finish();
+ }
+ break;
+
+ // Any other message is an error or success message of a test.
+ default:
+ SimpleTest.ok(!event.data.match(/^FAILURE/), event.data);
+ break;
+ }
+}
+
+function postMsg(message)
+{
+ opener.postMessage(message, "http://mochi.test:8888");
+}
+
+function finish()
+{
+ if (history.length == 1 && !bypassNavigationTest) {
+ window.setTimeout(() => {
+ window.location.assign(navigateToInsecure ?
+ "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html" :
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html");
+ }, 0);
+ } else {
+ postMsg("done");
+ window.close();
+ }
+}
+
+function ok(a, message)
+{
+ if (!a) {
+ postMsg("FAILURE: " + message);
+ } else {
+ postMsg(message);
+ }
+}
+
+function is(a, b, message)
+{
+ if (a != b) {
+ postMsg(`FAILURE: ${message}, expected ${b} got ${a}`);
+ } else {
+ postMsg(`${message}, expected ${b} got ${a}`);
+ }
+}
+
+function isSecurityState(expectedState, message, test)
+{
+ if (!test) {
+ test = ok;
+ }
+
+ let ui = SpecialPowers.wrap(window)
+ .QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor)
+ .getInterface(SpecialPowers.Ci.nsIWebNavigation)
+ .QueryInterface(SpecialPowers.Ci.nsIDocShell)
+ .securityUI;
+
+ let isInsecure = !ui ||
+ (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE);
+ let isBroken = ui &&
+ (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN);
+ let isEV = ui &&
+ (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
+
+ let gotState = "secure";
+ if (isInsecure) {
+ gotState = "insecure";
+ } else if (isBroken) {
+ gotState = "broken";
+ } else if (isEV) {
+ gotState = "EV";
+ }
+
+ test(gotState == expectedState, (message || "") + ", " + "expected " + expectedState + " got " + gotState);
+
+ switch (expectedState) {
+ case "insecure":
+ test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || ""));
+ break;
+ case "broken":
+ test(ui && !isInsecure && isBroken && !isEV, "for 'broken' expected flags [0,1,0], " + (message || ""));
+ break;
+ case "secure":
+ test(ui && !isInsecure && !isBroken && !isEV, "for 'secure' expected flags [0,0,0], " + (message || ""));
+ break;
+ case "EV":
+ test(ui && !isInsecure && !isBroken && isEV, "for 'EV' expected flags [0,0,1], " + (message || ""));
+ break;
+ default:
+ throw new Error("Invalid isSecurityState state");
+ }
+}
+
+function waitForSecurityState(expectedState, callback)
+{
+ let roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
+ let interval = window.setInterval(() => {
+ isSecurityState(expectedState, "", isok => {
+ if (isok) {
+ roundsLeft = 0;
+ }
+ });
+ if (!roundsLeft--) {
+ window.clearInterval(interval);
+ callback();
+ }
+ }, 100);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
new file mode 100644
index 000000000..c7a352eb8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
@@ -0,0 +1,62 @@
+[DEFAULT]
+skip-if = toolkit == 'android' #TIMED_OUT
+support-files =
+ alloworigin.sjs
+ backward.html
+ bug329869.js
+ bug383369step2.html
+ bug383369step3.html
+ download.auto
+ download.auto^headers^
+ emptyimage.sjs
+ hugebmp.sjs
+ iframe.html
+ iframe2.html
+ iframeMetaRedirect.html
+ iframesecredirect.sjs
+ iframeunsecredirect.sjs
+ imgsecredirect.sjs
+ imgunsecredirect.sjs
+ mixedContentTest.js
+ moonsurface.jpg
+ nocontent.sjs
+ redirecttoemptyimage.sjs
+ somestyle.css
+ unsecureIframe.html
+ unsecurePictureDup.html
+
+[test_bug329869.html]
+[test_bug383369.html]
+[test_bug455367.html]
+[test_bug472986.html]
+[test_bug477118.html]
+[test_bug521461.html]
+[test_cssBefore1.html]
+[test_cssContent1.html]
+[test_cssContent2.html]
+[test_documentWrite1.html]
+[test_documentWrite2.html]
+[test_dynDelayedUnsecurePicture.html]
+[test_dynDelayedUnsecureXHR.html]
+[test_dynUnsecureBackground.html]
+[test_dynUnsecureIframeRedirect.html]
+[test_dynUnsecurePicture.html]
+[test_dynUnsecurePicturePreload.html]
+# [test_dynUnsecureRedirect.html]
+# intermitently fails, quite often, bug 487402
+[test_innerHtmlDelayedUnsecurePicture.html]
+[test_innerHtmlUnsecurePicture.html]
+[test_javascriptPicture.html]
+[test_secureAll.html]
+[test_securePicture.html]
+[test_unsecureBackground.html]
+[test_unsecureCSS.html]
+[test_unsecureIframe.html]
+[test_unsecureIframe2.html]
+# [test_unsecureIframeMetaRedirect.html]
+# intermittently fails, less often, bug 487632
+[test_unsecureIframeRedirect.html]
+[test_unsecurePicture.html]
+[test_unsecurePictureDup.html]
+[test_unsecurePictureInIframe.html]
+[test_unsecureRedirect.html]
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
new file mode 100644
index 000000000..c0ffca256
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
Binary files differ
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moz.build b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
new file mode 100644
index 000000000..8e5cb5d71
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
@@ -0,0 +1,8 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ['mochitest.ini']
+
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
new file mode 100644
index 000000000..53fa4bc0c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
@@ -0,0 +1,4 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 204, "No Content");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
new file mode 100644
index 000000000..4d85e1658
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+ response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+ response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
new file mode 100644
index 000000000..9867e3c41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
@@ -0,0 +1,4 @@
+body
+{
+ background-color: lightBlue;
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
new file mode 100644
index 000000000..3b8fae25e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>dymanic script load</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ window.setTimeout(function () {
+ let newElement = document.createElement("script");
+ newElement.src = "http://example.org/tests/security/manager/ssl/tests/" +
+ "mochitest/mixedcontent/bug329869.js";
+ document.body.appendChild(newElement);
+ }, 0);
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
new file mode 100644
index 000000000..b68546d0a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
@@ -0,0 +1,102 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 383369 test</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* sendAsyncMessage isn't actually a global - this just mollifies eslint */
+ /* global sendAsyncMessage */
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ // We want to start this test from an insecure context
+ loadAsInsecure = true;
+ // We don't want to go through the navigation back/forward test
+ bypassNavigationTest = true;
+
+ function runTest() {
+ let script = SpecialPowers.loadChromeScript(function() {
+ const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
+ // Force download to be w/o user assistance for our testing mime type
+ const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+ let handlerInfo =
+ mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+ handlerInfo.preferredAction = Ci.nsIHandlerInfo.saveToDisk;
+ handlerInfo.alwaysAskBeforeHandling = false;
+ handlerInfo.preferredApplicationHandler = null;
+
+ const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+ .getService(Ci.nsIHandlerService);
+ handlerSvc.store(handlerInfo);
+
+ let dirProvider = Cc["@mozilla.org/file/directory_service;1"]
+ .getService(Ci.nsIProperties);
+ let profileDir = dirProvider.get("ProfDS", Ci.nsIFile);
+ profileDir.append("downloads");
+
+ let prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefService);
+ let prefBranch = prefs.getBranch("browser.download.");
+
+ prefBranch.setCharPref("dir", profileDir.path);
+ prefBranch.setBoolPref("useDownloadDir", true);
+ prefBranch.setIntPref("folderList", 2);
+ prefBranch.setBoolPref("manager.closeWhenDone", true);
+ prefBranch.setBoolPref("manager.showWhenStarting", false);
+
+ const { Downloads } =
+ Cu.import("resource://gre/modules/Downloads.jsm", {});
+ Downloads.getList(Downloads.PUBLIC).then(list => {
+ list.addView({
+ onDownloadAdded: function (aDownload) {
+ list.removeView(this);
+ aDownload.whenSucceeded().then(() => {
+ list.removeFinished();
+ sendAsyncMessage("navigate", "bug383369step2.html");
+ });
+ },
+ });
+ sendAsyncMessage("navigate", "download.auto");
+ }).then(null, Cu.reportError);
+ });
+ script.addMessageListener("navigate", function(url) {
+ window.location = url;
+ });
+ }
+
+ function afterNavigationTest() {}
+
+ testCleanUp = function cleanup() {
+ SpecialPowers.loadChromeScript(function() {
+ const { classes: Cc, interfaces: Ci } = Components;
+ const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+ let handlerInfo =
+ mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+
+ const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+ .getService(Ci.nsIHandlerService);
+ handlerSvc.remove(handlerInfo);
+
+ let prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefService);
+ let prefBranch = prefs.getBranch("browser.download.");
+
+ const prefKeys = ["dir", "useDownloadDir", "folderList",
+ "manager.closeWhenDone", "manager.showWhenStarting"];
+ for (let prefKey of prefKeys) {
+ if (prefBranch.prefHasUserValue(prefKey)) {
+ prefBranch.clearUserPref(prefKey);
+ }
+ }
+ });
+ };
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
new file mode 100644
index 000000000..ec2b8590a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>No content image doesn't break security</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("broken", "broken");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
new file mode 100644
index 000000000..b95cfcf65
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>img.src replace</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ SimpleTest.expectAssertions(0, 4);
+
+ // Clear the default onload assigned to test start because we must
+ // wait for replaced image to load and only after that test the security state
+ var onLoadFunction = window.onload;
+ window.onload = function()
+ {
+ let img1 = document.getElementById("img1");
+ img1.addEventListener("load", onLoadFunction, false);
+ img1.src = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+ };
+
+ function runTest()
+ {
+ isSecurityState("secure", "secure");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("secure", "secure after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img id="img1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
new file mode 100644
index 000000000..51a13a4b8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 477118</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("secure", "data <img> doesn't break security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("secure", "still secure after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1wAADdcBQiibeAAAAAd0SU1FB9kBDxIAOdxBIbcAAAI+SURBVDjLxZO7TxRhFMV/M/PN7EPYhS02yytggo+ERAgxERsNhYnGzsQojaHT3r9F0cTaUjs6NUQLBRKDi4I8FEwkLMgO+5rdeX3XAoVYiZWnP797cu69Bv8gqZ+0QTqIdRpl1VHGvnV884CJwQgwicVtoB/ku/H4ycOnURgP/Q1g21Fw4+r0RjbbNmaq4ayO35UkXp9S2UzHxK2bE4QNl82FVwD0D49jn+hERBCRgwTiIX7pvGUGYF/BlO327d3ENfV7wuL0AyjPICIsfPvAmev3qdVqlMtlCoUCGxurDPT1kEnPomQKkRTFpXOjh4DN4kvGLuSJ/JC38y/ouXyXYrGIiBDHMVtbu1SrvXTlbfp6HcQcoVwp5hRAaWedPXFYfL+E1lAKswSRy+joKEEQICLkcjm01hiGgRcksW0b4SMKYHb+OSt6ma+VffxWRF3S5OeeMX7pHkqpwy5EBK31H90ogFODF1lbm8OtlEhloDORpbdnhDAMaTabhwbbtkkkEkRRhGVZR4BCfojJO4+o1VwQAItEIolpmliWRVtbG7s/dlDKotGo47U8CvkuAEwA3/eJoxhE0WyGuO4+nucRBAHVahXDMKg3agRhQBAGVKsVtNZHCRzHwTAMcrnc0eX9it3e3g7A6cGzhx0AKHWwQOV5jdXXb2ZOaa3BOP5ffF5ZptVqflG+3xpbWv5kh2FolEo7dnmv7Lium6zXG0nf95MiguM4QTqd9jPZTCvX2eF393QHqVRKZ7KZkP+unzPGLX8Jr7F8AAAAAElFTkSuQmCC" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
new file mode 100644
index 000000000..523b97f59
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 521461</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ loadAsInsecure = true;
+
+ function runTest()
+ {
+ window.location = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs";
+ window.setTimeout(function() {
+ isSecurityState("insecure", "location.href doesn't effect the security state");
+ is(document.body.innerHTML, "This is an unsecure page!", "Document has not changed content");
+ finish();
+ }, 1000);
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("insecure", "still not secure after navigation");
+ is(document.body.innerHTML, "This is an unsecure page!", "Document has not changed content");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>This is an unsecure page!</body></html> \ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
new file mode 100644
index 000000000..72046e032
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>CSS :before styling 1</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+ <style type="text/css">
+ p:before
+ {
+ content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+ }
+ </style>
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure content added by :before styling breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <p>
+ There is a moon surface left to this text
+ </p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
new file mode 100644
index 000000000..364d652f4
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>CSS conent styling 1</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <style type="text/css">
+ p
+ {
+ content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+ }
+ </style>
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure content added by :before styling breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <p></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
new file mode 100644
index 000000000..c57410b74
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>CSS conent styling 2</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ if (navigator.platform.startsWith("Mac")) {
+ SimpleTest.expectAssertions(0, 1);
+ }
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ document.getElementById("para").style.content =
+ "url('http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg')";
+
+ waitForSecurityState("broken", function()
+ {
+ isSecurityState("broken", "insecure content added by styling breaks security");
+ finish();
+ });
+ }
+
+ function afterNavigationTest()
+ {
+ is(document.getElementById("para").style.content, "");
+ isSecurityState("secure", "security full after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <p id="para"></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
new file mode 100644
index 000000000..64eec0890
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>document.write('<img src="http://">')</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <img> written dynamically breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <script class="testbody" type="text/javascript">
+ document.write(
+ "<img src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />");
+ </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
new file mode 100644
index 000000000..41878d292
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>document.write('<iframe src="http://">')</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure iframe written dynamically breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <script class="testbody" type="text/javascript">
+ document.write(
+ "<iframe src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html'></iframe>");
+ </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
new file mode 100644
index 000000000..4f7305f41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>img.src changes to unsecure test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ window.setTimeout(function() {
+ // Don't do this synchronously from onload handler
+ document.getElementById("image1").src =
+ "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+ }, 0);
+
+ waitForSecurityState("broken", function()
+ {
+ isSecurityState("broken", "src='http://...' changed to broken");
+ finish();
+ });
+ }
+
+ function afterNavigationTest()
+ {
+ is(document.getElementById("image1").src,
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+ "img.src secure again");
+ isSecurityState("secure", "security full after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
new file mode 100644
index 000000000..7dbfdf4da
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -0,0 +1,49 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>unsecure XHR test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ window.setTimeout(() => {
+ try {
+ let req = new XMLHttpRequest();
+ req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
+ req.send(null);
+
+ // Change should be immediate, the request was sent synchronously
+ isSecurityState("broken", "security broken after insecure XHR");
+ } catch (ex) {
+ ok(false, ex);
+ }
+
+ finish();
+ }, 0);
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("secure", "security full after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
new file mode 100644
index 000000000..6d06f1a64
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>body.background changes to unsecure test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ document.body.background =
+ "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+ waitForSecurityState("broken", function () {
+ isSecurityState("broken", "document.body.background='http://...' changed to broken");
+ finish();
+ });
+ }
+
+ function afterNavigationTest()
+ {
+ is(document.body.background,
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+ "document backround secure again");
+ isSecurityState("secure", "secure after re-navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body background="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
new file mode 100644
index 000000000..f846f8919
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>iframe.src changes to unsecure redirect test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ let self = window;
+ let iframe = document.getElementById("iframe1");
+ iframe.onload = function() {
+ self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+ self.finish();
+ };
+
+ iframe.src =
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs";
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <iframe id="iframe1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
new file mode 100644
index 000000000..cbb5dccf8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>img.src changes to unsecure test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ document.getElementById("image1").src =
+ "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+ window.setTimeout(function() {
+ isSecurityState("broken", "src='http://...' changed to broken");
+ finish();
+ }, 500);
+ }
+
+ function afterNavigationTest()
+ {
+ is(document.getElementById("image1").src,
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+ "img.src secure again");
+ isSecurityState("secure", "security full after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
new file mode 100644
index 000000000..64a7a4abe
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>img.src changes to unsecure test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ (new Image()).src =
+ "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+ function runTest()
+ {
+ isSecurityState("broken", "(new Image()).src='http://...' changed to broken");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
new file mode 100644
index 000000000..c1af7b29d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>img.src changes to unsecure redirect test</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("secure");
+ document.getElementById("image1").src =
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs";
+
+ window.setTimeout(function() {
+ isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+ finish();
+ }, 500);
+ }
+
+ function afterNavigationTest()
+ {
+ is(document.getElementById("image1").src,
+ "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+ "img.src secure again");
+ isSecurityState("secure", "security full after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
new file mode 100644
index 000000000..5e408b2aa
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>innerHTML changes to unsecure test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("secure");
+
+ window.setTimeout(function () {
+ document.getElementById("buddy").innerHTML =
+ "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+ }, 1);
+
+ waitForSecurityState("broken", function () {
+ isSecurityState("broken", "innerHTML loading insecure changed to broken");
+ finish();
+ });
+ }
+
+ function afterNavigationTest()
+ {
+ is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
+ isSecurityState("secure");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body id="buddy"></body></html> \ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
new file mode 100644
index 000000000..ff3592542
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>innerHTML changes to unsecure test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("secure");
+
+ document.getElementById("buddy").innerHTML =
+ "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+
+ window.setTimeout(function() {
+ isSecurityState("broken", "innerHTML loading insecure changed to broken");
+ finish();
+ }, 500);
+ }
+
+ function afterNavigationTest()
+ {
+ is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
+ isSecurityState("secure");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body id="buddy"></body></html> \ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
new file mode 100644
index 000000000..1efbe4d73
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Secure img load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("secure", "javascript: <img> should not break security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("secure", "Still secure after renavigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="javascript:'Random data'" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
new file mode 100644
index 000000000..cd9f1d0d7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>All secure anti-regression check</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <link rel="stylesheet" type="text/css"
+ href="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ // Navigation test goes over an insecure page, test state leak
+ navigateToInsecure = true;
+
+ function runTest()
+ {
+ isSecurityState("secure", "insecure <img> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("secure", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+ <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs" />
+ <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
new file mode 100644
index 000000000..96ef9a3c7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Secure img load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ loadAsInsecure = true;
+
+ function runTest()
+ {
+ isSecurityState("insecure", "left insecure");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("insecure", "left insecure after renavigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
new file mode 100644
index 000000000..0f741f9b8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>background unsecure test</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+ function runTest()
+ {
+ isSecurityState("broken", "security broken");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body background="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
new file mode 100644
index 000000000..19d1379ea
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure css load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <link rel="stylesheet" type="text/css"
+ href="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <img> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
new file mode 100644
index 000000000..dd4bd2d8f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure iframe load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <iframe> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
new file mode 100644
index 000000000..cdd59ce15
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure iframe load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <iframe> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
new file mode 100644
index 000000000..288526437
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure redirect iframe load</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ window.setTimeout(function()
+ {
+ isSecurityState("broken", "insecure meta-tag <iframe> load breaks security");
+ finish();
+ }, 500);
+ }
+
+ function afterNavigationTest()
+ {
+ window.setTimeout(function()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }, 500);
+ }
+
+ </script>
+</head>
+
+<body>
+ <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html"></iframe>
+</body>
+</html>
+ \ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
new file mode 100644
index 000000000..1095c769f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure redirect iframe load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <iframe> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs"></iframe>
+</body>
+</html>
+
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
new file mode 100644
index 000000000..dc18efa29
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure img load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <img> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
new file mode 100644
index 000000000..5d02de95c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
@@ -0,0 +1,21 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure img load in two windows</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ openTwoWindows = true;
+ testPage = "unsecurePictureDup.html";
+
+ </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
new file mode 100644
index 000000000..2ece07342
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure img in iframe load</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <img> in an <iframe> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
new file mode 100644
index 000000000..a796b41b5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Redirect from secure to unsecure img</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ hasMixedActiveContent = true;
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <img> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
new file mode 100644
index 000000000..228267741
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+ <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
new file mode 100644
index 000000000..f53fb4830
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Unsecure img load in two windows</title>
+ <script type="text/javascript" src="/MochiKit/Base.js"></script>
+ <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+ <script type="text/javascript" src="/MochiKit/Style.js"></script>
+ <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="text/javascript" src="mixedContentTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+ <script class="testbody" type="text/javascript">
+ /* import-globals-from mixedContentTest.js */
+ "use strict";
+
+ function runTest()
+ {
+ isSecurityState("broken", "insecure <img> load breaks security");
+ finish();
+ }
+
+ function afterNavigationTest()
+ {
+ isSecurityState("broken", "security still broken after navigation");
+ finish();
+ }
+
+ </script>
+</head>
+
+<body>
+ <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>