diff options
Diffstat (limited to 'dom')
-rw-r--r-- | dom/security/nsCSPUtils.cpp | 4 | ||||
-rw-r--r-- | dom/security/test/csp/file_punycode_host_src.js | 2 | ||||
-rw-r--r-- | dom/security/test/csp/file_punycode_host_src.sjs | 45 | ||||
-rw-r--r-- | dom/security/test/csp/mochitest.ini | 3 | ||||
-rw-r--r-- | dom/security/test/csp/test_punycode_host_src.html | 81 | ||||
-rw-r--r-- | dom/security/test/gtest/TestCSPParser.cpp | 2 |
6 files changed, 135 insertions, 2 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp index b074a980c..0ca8f520e 100644 --- a/dom/security/nsCSPUtils.cpp +++ b/dom/security/nsCSPUtils.cpp @@ -270,7 +270,7 @@ CSP_CreateHostSrcFromURI(nsIURI* aURI) { // Create the host first nsCString host; - aURI->GetHost(host); + aURI->GetAsciiHost(host); nsCSPHostSrc *hostsrc = new nsCSPHostSrc(NS_ConvertUTF8toUTF16(host)); // Add the scheme. @@ -643,7 +643,7 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected // Before we can check if the host matches, we have to // extract the host part from aUri. nsAutoCString uriHost; - nsresult rv = aUri->GetHost(uriHost); + nsresult rv = aUri->GetAsciiHost(uriHost); NS_ENSURE_SUCCESS(rv, false); nsString decodedUriHost; diff --git a/dom/security/test/csp/file_punycode_host_src.js b/dom/security/test/csp/file_punycode_host_src.js new file mode 100644 index 000000000..3505faf70 --- /dev/null +++ b/dom/security/test/csp/file_punycode_host_src.js @@ -0,0 +1,2 @@ +const LOADED = true; +parent.postMessage({result: 'script-allowed'}, "*");
\ No newline at end of file diff --git a/dom/security/test/csp/file_punycode_host_src.sjs b/dom/security/test/csp/file_punycode_host_src.sjs new file mode 100644 index 000000000..3189cc063 --- /dev/null +++ b/dom/security/test/csp/file_punycode_host_src.sjs @@ -0,0 +1,45 @@ +// custom *.sjs for Bug 1224225 +// Punycode in CSP host sources + +const HTML_PART1 = + "<!DOCTYPE HTML>" + + "<html><head><meta charset=\"utf-8\">" + + "<title>Bug 1224225 - CSP source matching should work for punycoded domain names</title>" + + "</head>" + + "<body>" + + "<script id='script' src='"; + +const TESTCASE1 = "http://sub2.ält.example.org/"; +const TESTCASE2 = "http://sub2.xn--lt-uia.example.org/" + +const HTML_PART2 = "tests/dom/security/test/csp/file_punycode_host_src.js'></script>" + + "</body>" + + "</html>"; + +function handleRequest(request, response) +{ + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + + Components.utils.importGlobalProperties(["URLSearchParams"]); + const query = new URLSearchParams(request.queryString); + + + if (query.get("csp")) { + response.setHeader("Content-Security-Policy", query.get("csp"), false); + } + if (query.get("action") == "script-unicode-csp-punycode") { + response.write(HTML_PART1 + TESTCASE1 + HTML_PART2); + return + } + if (query.get("action") == "script-punycode-csp-punycode") { + response.write(HTML_PART1 + TESTCASE2 + HTML_PART2); + return + } + + + // we should never get here, but just in case + // return something unexpected + response.write("do'h"); +} diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini index d3cabc16d..8d44e9b0b 100644 --- a/dom/security/test/csp/mochitest.ini +++ b/dom/security/test/csp/mochitest.ini @@ -213,6 +213,8 @@ support-files = file_upgrade_insecure_navigation.sjs file_image_nonce.html file_image_nonce.html^headers^ + file_punycode_host_src.sjs + file_punycode_host_src.js [test_base-uri.html] [test_blob_data_schemes.html] @@ -308,3 +310,4 @@ support-files = file_sandbox_allow_scripts.html^headers^ [test_ignore_xfo.html] [test_image_nonce.html] +[test_punycode_host_src.html] diff --git a/dom/security/test/csp/test_punycode_host_src.html b/dom/security/test/csp/test_punycode_host_src.html new file mode 100644 index 000000000..8d891725c --- /dev/null +++ b/dom/security/test/csp/test_punycode_host_src.html @@ -0,0 +1,81 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1224225 - CSP source matching should work for punycoded domain names</title> + <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<iframe style="width:100%;" id="testframe"></iframe> + +<script class="testbody" type="text/javascript"> + +/* Description of the test: + * We load scripts within an iframe and make sure that the + * CSP matching is same for punycode domain names as well as IDNA. + */ + +SimpleTest.waitForExplicitFinish(); + + +var curTest; +var counter = -1; + +const tests = [ + { // test 1 + description: "loads script as sub2.ält.example.org, but whitelist in CSP as sub2.xn--lt-uia.example.org", + action: "script-unicode-csp-punycode", + csp: "script-src http://sub2.xn--lt-uia.example.org;", + expected: "script-allowed", + + }, + { // test 2 + description: "loads script as sub2.xn--lt-uia.example.org, and whitelist in CSP as sub2.xn--lt-uia.example.org", + action: "script-punycode-csp-punycode", + csp: "script-src http://sub2.xn--lt-uia.example.org;", + expected: "script-allowed", + + }, + { // test 3 + description: "loads script as sub2.xn--lt-uia.example.org, and whitelist in CSP as sub2.xn--lt-uia.example.org", + action: "script-punycode-csp-punycode", + csp: "script-src *.xn--lt-uia.example.org;", + expected: "script-allowed", + + }, + +]; + +function finishTest() { + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); +} + +function checkResults(result) { + is(result, curTest.expected, curTest.description); + loadNextTest(); +} + +window.addEventListener("message", receiveMessage); +function receiveMessage(event) { + checkResults(event.data.result); +} + +function loadNextTest() { + counter++; + if (counter == tests.length) { + finishTest(); + return; + } + curTest = tests[counter]; + var testframe = document.getElementById("testframe"); + testframe.src = `file_punycode_host_src.sjs?action=${curTest.action}&csp=${curTest.csp}`; +} + +loadNextTest(); + +</script> +</body> +</html> diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp index fafa7b5d9..8d168d81c 100644 --- a/dom/security/test/gtest/TestCSPParser.cpp +++ b/dom/security/test/gtest/TestCSPParser.cpp @@ -204,6 +204,8 @@ TEST(CSPParser, Directives) { static const PolicyTest policies[] = { + { "connect-src xn--mnchen-3ya.de", + "connect-src http://xn--mnchen-3ya.de"}, { "default-src http://www.example.com", "default-src http://www.example.com" }, { "script-src http://www.example.com", |