dom/security/test/mixedcontentblocker/test_main.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

<!DOCTYPE HTML>
<html>
<!--
Tests for Mixed Content Blocker
https://bugzilla.mozilla.org/show_bug.cgi?id=62178
-->
<head>
  <meta charset="utf-8">
  <title>Tests for Bug 62178</title>
  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>

  <script>
  SpecialPowers.setTestPluginEnabledState(SpecialPowers.Ci.nsIPluginTag.STATE_ENABLED, "Test Plug-in");

  var counter = 0;
  var settings = [ [true, true], [true, false], [false, true], [false, false] ];

  var blockActive;
  var blockDisplay;

  //Cycle through 4 different preference settings.
  function changePrefs(otherPrefs, callback) {
    let basePrefs = [["security.mixed_content.block_display_content", settings[counter][0]],
                     ["security.mixed_content.block_active_content", settings[counter][1]]];
    let newPrefs = basePrefs.concat(otherPrefs);

    SpecialPowers.pushPrefEnv({"set": newPrefs}, function () {
      blockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
      blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
      counter++;
      callback();
    });
  }

  var testsToRun = {
    iframe: false,
    image: false,
    imageSrcset: false,
    imageSrcsetFallback: false,
    imagePicture: false,
    imageJoinPicture: false,
    imageLeavePicture: false,
    script: false,
    stylesheet: false,
    object: false,
    media: false,
    xhr: false,
  };

  function log(msg) {
    document.getElementById("log").textContent += "\n" + msg;
  }

  function reloadFrame() {
    document.getElementById('framediv').innerHTML = '<iframe id="testHarness" src="https://example.com/tests/dom/security/test/mixedcontentblocker/file_main.html"></iframe>';
  }

  function checkTestsCompleted() {
    for (var prop in testsToRun) {
      // some test hasn't run yet so we're not done
      if (!testsToRun[prop])
        return;
    }
    //if the testsToRun are all completed, chnage the pref and run the tests again until we have cycled through all the prefs.
    if(counter < 4) {
       for (var prop in testsToRun) {
         testsToRun[prop] = false;
       }
      //call to change the preferences
      changePrefs([], function() {
        log("\nblockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+".");
        reloadFrame();
      });
    }
    else {
      SimpleTest.finish();
    }
  }

  var firstTest = true;

  function receiveMessage(event) {
    if(firstTest) {
      log("blockActive set to "+blockActive+", blockDisplay set to "+blockDisplay+".");
      firstTest = false;
    }

    log("test: "+event.data.test+", msg: "+event.data.msg + " logging message.");
    // test that the load type matches the pref for this type of content
    // (i.e. active vs. display)

    switch(event.data.test) {

      /* Mixed Script tests */
      case "iframe":
        ok(blockActive == (event.data.msg == "insecure iframe blocked"), "iframe did not follow block_active_content pref");
        testsToRun["iframe"] = true;
        break;

      case "object":
        ok(blockActive == (event.data.msg == "insecure object blocked"), "object did not follow block_active_content pref");
        testsToRun["object"] = true;
        break;

      case "script":
        ok(blockActive == (event.data.msg == "insecure script blocked"), "script did not follow block_active_content pref");
        testsToRun["script"] = true;
        break;

      case "stylesheet":
        ok(blockActive == (event.data.msg == "insecure stylesheet blocked"), "stylesheet did not follow block_active_content pref");
        testsToRun["stylesheet"] = true;
        break;

      case "xhr":
        ok(blockActive == (event.data.msg == "insecure xhr blocked"), "xhr did not follow block_active_content pref");
        testsToRun["xhr"] = true;
        break;

      /* Mixed Display tests */
      case "image":
        //test that the image load matches the pref for display content
        ok(blockDisplay == (event.data.msg == "insecure image blocked"), "image did not follow block_display_content pref");
        testsToRun["image"] = true;
        break;

      case "media":
        ok(blockDisplay == (event.data.msg == "insecure media blocked"), "media did not follow block_display_content pref");
        testsToRun["media"] = true;
        break;

      /* Images using the "imageset" policy, from <img srcset> and <picture>, do not get the mixed display exception */
      case "imageSrcset":
        ok(blockActive == (event.data.msg == "insecure image blocked"), "imageSrcset did not follow block_active_content pref");
        testsToRun["imageSrcset"] = true;
        break;

      case "imageSrcsetFallback":
        ok(blockActive == (event.data.msg == "insecure image blocked"), "imageSrcsetFallback did not follow block_active_content pref");
        testsToRun["imageSrcsetFallback"] = true;
        break;

      case "imagePicture":
        ok(blockActive == (event.data.msg == "insecure image blocked"), "imagePicture did not follow block_active_content pref");
        testsToRun["imagePicture"] = true;
        break;

      case "imageJoinPicture":
        ok(blockActive == (event.data.msg == "insecure image blocked"), "imageJoinPicture did not follow block_active_content pref");
        testsToRun["imageJoinPicture"] = true;
        break;

      // Should return to mixed display mode
      case "imageLeavePicture":
        ok(blockDisplay == (event.data.msg == "insecure image blocked"), "imageLeavePicture did not follow block_display_content pref");
        testsToRun["imageLeavePicture"] = true;
        break;

    }
    checkTestsCompleted();
  }

  function startTest() {
    // Set prefs to use mixed-content before HSTS
    SpecialPowers.pushPrefEnv({'set': [["security.mixed_content.use_hsts", false],
                                       ["security.mixed_content.send_hsts_priming", false]]});
    //Set the first set of mixed content settings and increment the counter.
    changePrefs([], function() {
      //listen for a messages from the mixed content test harness
      window.addEventListener("message", receiveMessage, false);

      //Kick off test
      reloadFrame();
    });
  }

  SimpleTest.waitForExplicitFinish();

  </script>
</head>

<body onload='startTest()'>
  <div id="framediv"></div>
  <pre id="log"></pre>
</body>
</html>