<!DOCTYPE HTML> <html> <!-- This checks if the right policies are applied from a given string (including whitespace, invalid policy strings, etc). It doesn't do a complete check for all load types; that's done in another test. https://bugzilla.mozilla.org/show_bug.cgi?id=704320 --> <head> <meta charset="utf-8"> <title>Test policies for Bug 704320</title> <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> <script type="application/javascript" src="referrerHelper.js"></script> <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> <script type="application/javascript;version=1.7"> SimpleTest.waitForExplicitFinish(); var advance = function() { tests.next(); }; /** * This is the main test routine -- serialized by use of a generator. * It resets the counter, then performs two tests in sequence using * the same iframe. */ var tests = (function() { var iframe = document.getElementById("testframe"); const sjs = "/tests/dom/base/test/bug704320.sjs?action=generate-policy-test"; // basic calibration check // reset the counter yield resetCounter(); // load the first test frame // it will call back into this function via postMessage when it finishes loading. // and continue beyond the yield. yield iframe.src = sjs + "&policy=" + escape('default'); // check the first test (two images, no referrers) yield checkIndividualResults("default", ["full"]); // check invalid policy // According to the spec section Determine token's Policy,if there is a policy // token and it is not one of the expected tokens, Empty string should be the // policy used. yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape('invalid-policy'); yield checkIndividualResults("invalid", ["full"]); // whitespace checks. // according to the spec section 4.1, the content attribute's value // is fed to the token policy algorithm after stripping leading and // trailing whitespace. yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape('default '); yield checkIndividualResults("trailing whitespace", ["full"]); yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape(' origin\f'); yield checkIndividualResults("trailing form feed", ["origin"]); yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape('\f origin'); yield checkIndividualResults("leading form feed", ["origin"]); // origin when cross-origin (trimming whitespace) yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape(' origin-when-cross-origin'); yield checkIndividualResults("origin-when-cross-origin", ["origin", "full"]); // according to the spec section 4.1: // "If the meta element lacks a content attribute, or if that attribute’s // value is the empty string, then abort these steps." // This means empty or missing content attribute means to ignore the meta // tag and use default policy. // Whitespace here is space, tab, LF, FF and CR. // http://www.w3.org/html/wg/drafts/html/CR/infrastructure.html#space-character yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape(' \t '); yield checkIndividualResults("basic whitespace only policy", ["full"]); // and double-check that no-referrer works. yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape('no-referrer'); yield checkIndividualResults("no-referrer", ["none"]); // Case insensitive yield resetCounter(); yield iframe.src = sjs + "&policy=" + escape('\f OrigIn'); yield checkIndividualResults("origin case insensitive", ["origin"]); // complete. Be sure to yield so we don't call this twice. yield SimpleTest.finish(); })(); </script> </head> <body onload="tests.next();"> <iframe id="testframe"></iframe> </body> </html>