1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
|
var gTestRoot = getRootDirectory(gTestPath).replace("chrome://mochitests/content/", "http://127.0.0.1:8888/");
var gTestBrowser = null;
var gPluginHost = Components.classes["@mozilla.org/plugin/host;1"].getService(Components.interfaces.nsIPluginHost);
function updateAllTestPlugins(aState) {
setTestPluginEnabledState(aState, "Test Plug-in");
setTestPluginEnabledState(aState, "Second Test Plug-in");
}
add_task(function* () {
registerCleanupFunction(Task.async(function*() {
clearAllPluginPermissions();
updateAllTestPlugins(Ci.nsIPluginTag.STATE_ENABLED);
Services.prefs.clearUserPref("plugins.click_to_play");
Services.prefs.clearUserPref("extensions.blocklist.suppressUI");
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockNoPlugins.xml", gTestBrowser);
resetBlocklist();
gBrowser.removeCurrentTab();
window.focus();
gTestBrowser = null;
}));
});
add_task(function* () {
gBrowser.selectedTab = gBrowser.addTab();
gTestBrowser = gBrowser.selectedBrowser;
updateAllTestPlugins(Ci.nsIPluginTag.STATE_CLICKTOPLAY);
Services.prefs.setBoolPref("extensions.blocklist.suppressUI", true);
Services.prefs.setBoolPref("plugins.click_to_play", true);
// Prime the content process
yield promiseTabLoadEvent(gBrowser.selectedTab, "data:text/html,<html>hi</html>");
// Make sure the blocklist service(s) are running
Components.classes["@mozilla.org/extensions/blocklist;1"]
.getService(Components.interfaces.nsIBlocklistService);
let exmsg = yield promiseInitContentBlocklistSvc(gBrowser.selectedBrowser);
ok(!exmsg, "exception: " + exmsg);
});
add_task(function* () {
// enable hard blocklisting for the next test
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockPluginHard.xml", gTestBrowser);
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
yield promisePopupNotification("click-to-play-plugins");
let notification = PopupNotifications.getNotification("click-to-play-plugins");
ok(notification.dismissed, "Test 5: The plugin notification should be dismissed by default");
yield promiseForNotificationShown(notification);
let pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_BLOCKLISTED, "Test 5, plugin fallback type should be PLUGIN_BLOCKLISTED");
is(notification.options.pluginData.size, 1, "Test 5: Only the blocked plugin should be present in the notification");
ok(PopupNotifications.panel.firstChild._buttonContainer.hidden, "Part 5: The blocked plugins notification should not have any buttons visible.");
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockNoPlugins.xml", gTestBrowser);
});
// Tests a vulnerable, updatable plugin
add_task(function* () {
// enable hard blocklisting of test
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockPluginVulnerableUpdatable.xml", gTestBrowser);
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
yield promisePopupNotification("click-to-play-plugins");
let pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_VULNERABLE_UPDATABLE,
"Test 18a, plugin fallback type should be PLUGIN_VULNERABLE_UPDATABLE");
ok(!pluginInfo.activated, "Test 18a, Plugin should not be activated");
yield ContentTask.spawn(gTestBrowser, null, function* () {
let doc = content.document;
let plugin = doc.getElementById("test");
let overlay = doc.getAnonymousElementByAttribute(plugin, "anonid", "main");
Assert.ok(overlay && overlay.classList.contains("visible"),
"Test 18a, Plugin overlay should exist, not be hidden");
let updateLink = doc.getAnonymousElementByAttribute(plugin, "anonid", "checkForUpdatesLink");
Assert.ok(updateLink.style.visibility != "hidden",
"Test 18a, Plugin should have an update link");
});
let promise = waitForEvent(gBrowser.tabContainer, "TabOpen", null, true);
yield ContentTask.spawn(gTestBrowser, {}, function* () {
let doc = content.document;
let plugin = doc.getElementById("test");
let updateLink = doc.getAnonymousElementByAttribute(plugin, "anonid", "checkForUpdatesLink");
let bounds = updateLink.getBoundingClientRect();
let left = (bounds.left + bounds.right) / 2;
let top = (bounds.top + bounds.bottom) / 2;
let utils = content.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
.getInterface(Components.interfaces.nsIDOMWindowUtils);
utils.sendMouseEvent("mousedown", left, top, 0, 1, 0, false, 0, 0);
utils.sendMouseEvent("mouseup", left, top, 0, 1, 0, false, 0, 0);
});
yield promise;
promise = waitForEvent(gBrowser.tabContainer, "TabClose", null, true);
gBrowser.removeCurrentTab();
yield promise;
});
add_task(function* () {
// clicking the update link should not activate the plugin
let pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_VULNERABLE_UPDATABLE,
"Test 18a, plugin fallback type should be PLUGIN_VULNERABLE_UPDATABLE");
ok(!pluginInfo.activated, "Test 18b, Plugin should not be activated");
yield ContentTask.spawn(gTestBrowser, null, function* () {
let doc = content.document;
let plugin = doc.getElementById("test");
let overlay = doc.getAnonymousElementByAttribute(plugin, "anonid", "main");
Assert.ok(overlay && overlay.classList.contains("visible"),
"Test 18b, Plugin overlay should exist, not be hidden");
});
});
// Tests a vulnerable plugin with no update
add_task(function* () {
updateAllTestPlugins(Ci.nsIPluginTag.STATE_CLICKTOPLAY);
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockPluginVulnerableNoUpdate.xml", gTestBrowser);
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
let notification = PopupNotifications.getNotification("click-to-play-plugins", gTestBrowser);
ok(notification, "Test 18c, Should have a click-to-play notification");
let pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_VULNERABLE_NO_UPDATE,
"Test 18c, plugin fallback type should be PLUGIN_VULNERABLE_NO_UPDATE");
ok(!pluginInfo.activated, "Test 18c, Plugin should not be activated");
yield ContentTask.spawn(gTestBrowser, null, function* () {
let doc = content.document;
let plugin = doc.getElementById("test");
let overlay = doc.getAnonymousElementByAttribute(plugin, "anonid", "main");
Assert.ok(overlay && overlay.classList.contains("visible"),
"Test 18c, Plugin overlay should exist, not be hidden");
let updateLink = doc.getAnonymousElementByAttribute(plugin, "anonid", "checkForUpdatesLink");
Assert.ok(updateLink && updateLink.style.display != "block",
"Test 18c, Plugin should not have an update link");
});
// check that click "Always allow" works with blocked plugins
yield promiseForNotificationShown(notification);
PopupNotifications.panel.firstChild._primaryButton.click();
pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_VULNERABLE_NO_UPDATE,
"Test 18c, plugin fallback type should be PLUGIN_VULNERABLE_NO_UPDATE");
ok(pluginInfo.activated, "Test 18c, Plugin should be activated");
let enabledState = getTestPluginEnabledState();
ok(enabledState, "Test 18c, Plugin enabled state should be STATE_CLICKTOPLAY");
});
// continue testing "Always allow", make sure it sticks.
add_task(function* () {
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
let pluginInfo = yield promiseForPluginInfo("test");
ok(pluginInfo.activated, "Test 18d, Waited too long for plugin to activate");
clearAllPluginPermissions();
});
// clicking the in-content overlay of a vulnerable plugin should bring
// up the notification and not directly activate the plugin
add_task(function* () {
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
let notification = PopupNotifications.getNotification("click-to-play-plugins", gTestBrowser);
ok(notification, "Test 18f, Should have a click-to-play notification");
ok(notification.dismissed, "Test 18f, notification should start dismissed");
let pluginInfo = yield promiseForPluginInfo("test");
ok(!pluginInfo.activated, "Test 18f, Waited too long for plugin to activate");
var oldEventCallback = notification.options.eventCallback;
let promise = promiseForCondition(() => oldEventCallback == null);
notification.options.eventCallback = function() {
if (oldEventCallback) {
oldEventCallback();
}
oldEventCallback = null;
};
yield ContentTask.spawn(gTestBrowser, {}, function* () {
let doc = content.document;
let plugin = doc.getElementById("test");
let bounds = plugin.getBoundingClientRect();
let left = (bounds.left + bounds.right) / 2;
let top = (bounds.top + bounds.bottom) / 2;
let utils = content.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
.getInterface(Components.interfaces.nsIDOMWindowUtils);
utils.sendMouseEvent("mousedown", left, top, 0, 1, 0, false, 0, 0);
utils.sendMouseEvent("mouseup", left, top, 0, 1, 0, false, 0, 0);
});
yield promise;
ok(notification, "Test 18g, Should have a click-to-play notification");
ok(!notification.dismissed, "Test 18g, notification should be open");
pluginInfo = yield promiseForPluginInfo("test");
ok(!pluginInfo.activated, "Test 18g, Plugin should not be activated");
});
// Test that "always allow"-ing a plugin will not allow it when it becomes
// blocklisted.
add_task(function* () {
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockNoPlugins.xml", gTestBrowser);
updateAllTestPlugins(Ci.nsIPluginTag.STATE_CLICKTOPLAY);
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
let notification = PopupNotifications.getNotification("click-to-play-plugins", gTestBrowser);
ok(notification, "Test 24a, Should have a click-to-play notification");
// Plugin should start as CTP
let pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_CLICK_TO_PLAY,
"Test 24a, plugin fallback type should be PLUGIN_CLICK_TO_PLAY");
ok(!pluginInfo.activated, "Test 24a, Plugin should not be active.");
// simulate "always allow"
yield promiseForNotificationShown(notification);
PopupNotifications.panel.firstChild._primaryButton.click();
pluginInfo = yield promiseForPluginInfo("test");
ok(pluginInfo.activated, "Test 24a, Plugin should be active.");
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockPluginVulnerableUpdatable.xml", gTestBrowser);
});
// the plugin is now blocklisted, so it should not automatically load
add_task(function* () {
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
let notification = PopupNotifications.getNotification("click-to-play-plugins", gTestBrowser);
ok(notification, "Test 24b, Should have a click-to-play notification");
let pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_VULNERABLE_UPDATABLE,
"Test 24b, plugin fallback type should be PLUGIN_VULNERABLE_UPDATABLE");
ok(!pluginInfo.activated, "Test 24b, Plugin should not be active.");
// simulate "always allow"
yield promiseForNotificationShown(notification);
PopupNotifications.panel.firstChild._primaryButton.click();
pluginInfo = yield promiseForPluginInfo("test");
ok(pluginInfo.activated, "Test 24b, Plugin should be active.");
clearAllPluginPermissions();
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockNoPlugins.xml", gTestBrowser);
});
// Plugin sync removal test. Note this test produces a notification drop down since
// the plugin we add has zero dims.
add_task(function* () {
updateAllTestPlugins(Ci.nsIPluginTag.STATE_CLICKTOPLAY);
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_syncRemoved.html");
// Maybe there some better trick here, we need to wait for the page load, then
// wait for the js to execute in the page.
yield waitForMs(500);
let notification = PopupNotifications.getNotification("click-to-play-plugins");
ok(notification, "Test 25: There should be a plugin notification even if the plugin was immediately removed");
ok(notification.dismissed, "Test 25: The notification should be dismissed by default");
yield promiseTabLoadEvent(gBrowser.selectedTab, "data:text/html,<html>hi</html>");
});
// Tests a page with a blocked plugin in it and make sure the infoURL property
// the blocklist file gets used.
add_task(function* () {
clearAllPluginPermissions();
yield asyncSetAndUpdateBlocklist(gTestRoot + "blockPluginInfoURL.xml", gTestBrowser);
yield promiseTabLoadEvent(gBrowser.selectedTab, gTestRoot + "plugin_test.html");
// Work around for delayed PluginBindingAttached
yield promiseUpdatePluginBindings(gTestBrowser);
let notification = PopupNotifications.getNotification("click-to-play-plugins");
// Since the plugin notification is dismissed by default, reshow it.
yield promiseForNotificationShown(notification);
let pluginInfo = yield promiseForPluginInfo("test");
is(pluginInfo.pluginFallbackType, Ci.nsIObjectLoadingContent.PLUGIN_BLOCKLISTED,
"Test 26, plugin fallback type should be PLUGIN_BLOCKLISTED");
yield ContentTask.spawn(gTestBrowser, null, function* () {
let plugin = content.document.getElementById("test");
let objLoadingContent = plugin.QueryInterface(Ci.nsIObjectLoadingContent);
Assert.ok(!objLoadingContent.activated, "Plugin should not be activated.");
});
const testUrl = "http://test.url.com/";
let firstPanelChild = PopupNotifications.panel.firstChild;
let infoLink = document.getAnonymousElementByAttribute(firstPanelChild, "anonid",
"click-to-play-plugins-notification-link");
is(infoLink.href, testUrl,
"Test 26, the notification URL needs to match the infoURL from the blocklist file.");
});
|
