summaryrefslogtreecommitdiffstats
path: root/dom/security/test/general/test_block_toplevel_data_navigation.html
blob: fc91f2ec0a5e2ab8e6bee67e64cfafbd3fe4fc72 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title>Bug 1331351 - Block top level window data: URI navigations</title>
  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script class="testbody" type="text/javascript">
SpecialPowers.setBoolPref("security.data_uri.block_toplevel_data_uri_navigations", true);
SimpleTest.registerCleanupFunction(() => {
  SpecialPowers.clearUserPref("security.data_uri.block_toplevel_data_uri_navigations");
});

SimpleTest.waitForExplicitFinish();
SimpleTest.requestFlakyTimeout("have to test that top level data: URI navgiation is blocked");

function test1() {
  // simple data: URI click navigation should be prevented
  let TEST_FILE = "file_block_toplevel_data_navigation.html";
  let win1 = window.open(TEST_FILE);
  var readyStateCheckInterval = setInterval(function() {
    let state = win1.document.readyState;
    if (state === "interactive" || state === "complete") {
      clearInterval(readyStateCheckInterval);
      ok(win1.document.body.innerHTML.indexOf("test1:") !== -1,
         "toplevel data: URI navigation through click() should be blocked");
      win1.close();
      test2();
    }
  }, 200);
}

function test2() {
  // data: URI in iframe which opens data: URI in _blank should be blocked 
  let win2 = window.open("file_block_toplevel_data_navigation2.html");
  window.addEventListener("message", receiveMessage);
  function receiveMessage(event) {
    window.removeEventListener("message", receiveMessage);
    is(event.data, "blocked",
      "data: URI navigation using _blank from data: URI should be blocked");
    win2.close();
    test3();
  }
}

function test3() {
  // navigating to a data: URI using window.location.href should be blocked
  let win3 = window.open("file_block_toplevel_data_navigation3.html");
  setTimeout(function () {
    ok(win3.document.body.innerHTML.indexOf("test3:") !== -1,
      "data: URI navigation through win.loc.href should be blocked");
    win3.close();
    test4();
  }, 1000);
}

function test4() {
  // navigating to a data: URI using window.open() should be blocked
  let win4 = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>");
  setTimeout(function () {
    // Please note that the data: URI will be displayed in the URL-Bar but not
    // loaded, hence we rather rely on document.body than document.location
    is(win4.document.body.innerHTML, "",
      "navigating to a data: URI using window.open() should be blocked");
    test5();
  }, 1000);
}

function test5() {
  // navigating to a URI which redirects to a data: URI using window.open() should be blocked
  let win5 = window.open("file_block_toplevel_data_redirect.sjs");
  setTimeout(function () {
    // Please note that the data: URI will be displayed in the URL-Bar but not
    // loaded, hence we rather rely on document.body than document.location
    is(SpecialPowers.wrap(win5).document.body.innerHTML, "",
      "navigating to URI which redirects to a data: URI using window.open() should be blocked");
    win5.close();
    SimpleTest.finish();
  }, 1000);
}

// fire up the tests
test1();

</script>
</body>
</html>