summaryrefslogtreecommitdiffstats
path: root/dom/security/test/general/test_block_script_wrong_mime.html
blob: 34d4b621bce216d64ab883c082c8bbefea1b74bd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<!DOCTYPE HTML>
<html>
<head>
  <title>Bug 1288361 - Block scripts with incorrect MIME type</title>
  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>

<script class="testbody" type="text/javascript">

const MIMETypes = [
  ["application/javascript", true],
  ["text/javascript", true],

  ["audio/mpeg", false],
  ["audio/", false],
  ["image/jpeg", false],
  ["image/", false],
  ["video/mpeg", false],
  ["video/", false],
  ["text/csv", false],
];

// <script src="">
function testScript([mime, shouldLoad]) {
  return new Promise((resolve, reject) => {
    let script = document.createElement("script");
    script.onload = () => {
      document.body.removeChild(script);
      ok(shouldLoad, `script with mime '${mime}' should load`);
      resolve();
    };
    script.onerror = () => {
      document.body.removeChild(script);
      ok(!shouldLoad, `script with wrong mime '${mime}' should be blocked`);
      resolve();
    };
    script.src = "file_block_script_wrong_mime_server.sjs?type=script&mime="+mime;
    document.body.appendChild(script);
  });
}

// new Worker()
function testWorker([mime, shouldLoad]) {
  return new Promise((resolve, reject) => {
    let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker&mime="+mime);
    worker.onmessage = (event) => {
      ok(shouldLoad, `worker with mime '${mime}' should load`)
      is(event.data, "worker-loaded", "worker should send correct message");
      resolve();
    };
    worker.onerror = (error) => {
      ok(!shouldLoad, `worker with wrong mime '${mime}' should be blocked`);
      error.preventDefault();
      resolve();
    }
    worker.postMessage("dummy");
  });
}

// new Worker() with importScripts()
function testWorkerImportScripts([mime, shouldLoad]) {
  return new Promise((resolve, reject) => {
    let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker-import&mime="+mime);
    worker.onmessage = (event) => {
      ok(shouldLoad, `worker/importScripts with mime '${mime}' should load`)
      is(event.data, "worker-loaded", "worker should send correct message");
      resolve();
    };
    worker.onerror = (error) => {
      ok(!shouldLoad, `worker/importScripts with wrong mime '${mime}' should be blocked`);
      error.preventDefault();
      resolve();
    }
    worker.postMessage("dummy");
  });
}

SimpleTest.waitForExplicitFinish();
SpecialPowers.pushPrefEnv({set: [["security.block_script_with_wrong_mime", true]]}, function() {
  Promise.all(MIMETypes.map(testScript)).then(() => {
    return Promise.all(MIMETypes.map(testWorker));
  }).then(() => {
    return Promise.all(MIMETypes.map(testWorkerImportScripts));
  }).then(() => {
    SpecialPowers.popPrefEnv(SimpleTest.finish);
  });
});

</script>
</body>
</html>