diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-04-23 11:46:21 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-23 11:46:21 +0200 |
commit | 8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch) | |
tree | 5c6953fd44fddb74891ddd96613f1ef949c85fd7 /dom/security/test/general/browser_test_toplevel_data_navigations.js | |
parent | 8ffac11aa6eb32be75ff049787191e12476586d3 (diff) | |
parent | ccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff) | |
download | UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.lz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.xz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.zip |
Merge pull request #231 from janekptacijarabaci/security_blocking_data_1
moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs
Diffstat (limited to 'dom/security/test/general/browser_test_toplevel_data_navigations.js')
-rw-r--r-- | dom/security/test/general/browser_test_toplevel_data_navigations.js | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/dom/security/test/general/browser_test_toplevel_data_navigations.js b/dom/security/test/general/browser_test_toplevel_data_navigations.js new file mode 100644 index 000000000..a13a6350e --- /dev/null +++ b/dom/security/test/general/browser_test_toplevel_data_navigations.js @@ -0,0 +1,54 @@ +/* eslint-disable mozilla/no-arbitrary-setTimeout */ + +"use strict"; + +const kDataBody = "toplevel navigation to data: URI allowed"; +const kDataURI = "data:text/html,<body>" + kDataBody + "</body>"; +const kTestPath = getRootDirectory(gTestPath) + .replace("chrome://mochitests/content", "http://example.com") +const kRedirectURI = kTestPath + "file_toplevel_data_navigations.sjs"; +const kMetaRedirectURI = kTestPath + "file_toplevel_data_meta_redirect.html"; + +add_task(async function test_nav_data_uri() { + await SpecialPowers.pushPrefEnv({ + "set": [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + await BrowserTestUtils.withNewTab(kDataURI, async function(browser) { + await ContentTask.spawn(gBrowser.selectedBrowser, {kDataBody}, async function({kDataBody}) { // eslint-disable-line + is(content.document.body.innerHTML, kDataBody, + "data: URI navigation from system should be allowed"); + }); + }); +}); + +add_task(async function test_nav_data_uri_redirect() { + await SpecialPowers.pushPrefEnv({ + "set": [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + let tab = BrowserTestUtils.addTab(gBrowser, kRedirectURI); + registerCleanupFunction(async function() { + await BrowserTestUtils.removeTab(tab); + }); + // wait to make sure data: URI did not load before checking that it got blocked + await new Promise(resolve => setTimeout(resolve, 500)); + await ContentTask.spawn(gBrowser.selectedBrowser, {}, async function() { + is(content.document.body.innerHTML, "", + "data: URI navigation after server redirect should be blocked"); + }); +}); + +add_task(async function test_nav_data_uri_meta_redirect() { + await SpecialPowers.pushPrefEnv({ + "set": [["security.data_uri.block_toplevel_data_uri_navigations", true]], + }); + let tab = BrowserTestUtils.addTab(gBrowser, kMetaRedirectURI); + registerCleanupFunction(async function() { + await BrowserTestUtils.removeTab(tab); + }); + // wait to make sure data: URI did not load before checking that it got blocked + await new Promise(resolve => setTimeout(resolve, 500)); + await ContentTask.spawn(gBrowser.selectedBrowser, {}, async function() { + is(content.document.body.innerHTML, "", + "data: URI navigation after meta redirect should be blocked"); + }); +}); |