summaryrefslogtreecommitdiffstats
path: root/dom/security/test/hsts/file_priming-top.html
blob: b1d1bfa402ba8dd2b475c33880039da7051f5f32 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<!DOCTYPE HTML>
<html>
<head>
  <title>Bug 1246540</title>
  <meta http-equiv='content-type' content="text/html;charset=utf-8" />
</head>
<body>
  <p id="display"></p>
  <div id="content" style="visibility: hidden">
  </div>

<script type="text/javascript">
/*
 * Description of the test:
 * Attempt to load an insecure resource. If the resource responds to HSTS
 * priming with an STS header, the load should continue securely.
 * If it does not, the load should continue be blocked or continue insecurely.
 */

function parse_query_string() {
  var q = {};
  document.location.search.substr(1).
    split('&').forEach(function (item, idx, ar) {
      let [k, v] = item.split('=');
      q[k] = unescape(v);
    });
  return q;
}

var args = parse_query_string();

var subresources = {
  css: { mimetype: 'text/css', file: 'file_stylesheet.css' },
  img: { mimetype: 'image/png', file: 'file_1x1.png' },
  script: { mimetype: 'text/javascript', file: 'file_priming.js' },
};

function handler(ev) {
  console.log("HSTS_PRIMING: Blocked "+args.id);
}

function loadCss(src) {
  let head = document.getElementsByTagName("head")[0];
  let link = document.createElement("link");
  link.setAttribute("rel", "stylesheet");
  link.setAttribute("type", subresources[args.type].mimetype);
  link.setAttribute("href", src);
  head.appendChild(link);
}

function loadResource(src) {
  let content = document.getElementById("content");
  let testElem = document.createElement(args.type);
  testElem.setAttribute("id", args.id);
  testElem.setAttribute("charset", "UTF-8");
  testElem.onerror = handler;
  content.appendChild(testElem);
  testElem.src = src;
}

function loadTest() {
  let subresource = subresources[args.type];

  let src = "http://"
    + args.host
    + "/browser/dom/security/test/hsts/file_testserver.sjs"
    + "?file=" +escape("browser/dom/security/test/hsts/" + subresource.file)
    + "&primer=" + escape(args.id)
    + "&mimetype=" + escape(subresource.mimetype)
    ;
  if (args.type == 'css') {
    loadCss(src);
    return;
  }

  loadResource(src);
}

// start running the tests
loadTest();

</script>
</body>
</html>