"use strict"; const WARNING_PATTERN = [{ key: "INSECURE_FORM_ACTION", msg: 'JavaScript Warning: "Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen."' }, { key: "INSECURE_PAGE", msg: 'JavaScript Warning: "Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen."' }]; add_task(function* testInsecurePasswordWarning() { let warningPatternHandler; function messageHandler(msgObj) { function findWarningPattern(msg) { return WARNING_PATTERN.find(patternPair => { return msg.indexOf(patternPair.msg) !== -1; }); } let warning = findWarningPattern(msgObj.message); // Only handle the insecure password related warning messages. if (warning) { // Prevent any unexpected or redundant matched warning message coming after // the test case is ended. ok(warningPatternHandler, "Invoke a valid warning message handler"); warningPatternHandler(warning, msgObj.message); } } Services.console.registerListener(messageHandler); registerCleanupFunction(function() { Services.console.unregisterListener(messageHandler); }); for (let [origin, testFile, expectWarnings] of [ ["http://127.0.0.1", "form_basic.html", []], ["http://127.0.0.1", "formless_basic.html", []], ["http://example.com", "form_basic.html", ["INSECURE_PAGE"]], ["http://example.com", "formless_basic.html", ["INSECURE_PAGE"]], ["https://example.com", "form_basic.html", []], ["https://example.com", "formless_basic.html", []], // For a form with customized action link in the same origin. ["http://127.0.0.1", "form_same_origin_action.html", []], ["http://example.com", "form_same_origin_action.html", ["INSECURE_PAGE"]], ["https://example.com", "form_same_origin_action.html", []], // For a form with an insecure (http) customized action link. ["http://127.0.0.1", "form_cross_origin_insecure_action.html", ["INSECURE_FORM_ACTION"]], ["http://example.com", "form_cross_origin_insecure_action.html", ["INSECURE_PAGE"]], ["https://example.com", "form_cross_origin_insecure_action.html", ["INSECURE_FORM_ACTION"]], // For a form with a secure (https) customized action link. ["http://127.0.0.1", "form_cross_origin_secure_action.html", []], ["http://example.com", "form_cross_origin_secure_action.html", ["INSECURE_PAGE"]], ["https://example.com", "form_cross_origin_secure_action.html", []], ]) { let testURL = origin + DIRECTORY_PATH + testFile; let promiseConsoleMessages = new Promise(resolve => { warningPatternHandler = function (warning, originMessage) { ok(warning, "Handling a warning pattern"); let fullMessage = `[${warning.msg} {file: "${testURL}" line: 0 column: 0 source: "0"}]`; is(originMessage, fullMessage, "Message full matched:" + originMessage); let index = expectWarnings.indexOf(warning.key); isnot(index, -1, "Found warning: " + warning.key + " for URL:" + testURL); if (index !== -1) { // Remove the shown message. expectWarnings.splice(index, 1); } if (expectWarnings.length === 0) { info("All warnings are shown for URL:" + testURL); resolve(); } }; }); yield BrowserTestUtils.withNewTab({ gBrowser, url: testURL }, function*() { if (expectWarnings.length === 0) { info("All warnings are shown for URL:" + testURL); return Promise.resolve(); } return promiseConsoleMessages; }); // Remove warningPatternHandler to stop handling the matched warning pattern // and the task should not get any warning anymore. warningPatternHandler = null; } });