mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/docshell/test/browser/browser_data_load_inherit_c...

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

83 строки
3.6 KiB
JavaScript
Исходник Обычный вид История

Bug 1515863, r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D15957 --HG-- extra : rebase_source : 748d4849050c3f2042f45f083cc7c99137963721
2019-01-08 18:59:21 +03:00
"use strict";
const TEST_PATH = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "http://example.com");
const HTML_URI = TEST_PATH + "file_data_load_inherit_csp.html";
const DATA_URI = "data:text/html;html,<html><body>foo</body></html>";
function setDataHrefOnLink(aBrowser, aDataURI) {
return ContentTask.spawn(aBrowser, aDataURI, function(uri) {
let link = content.document.getElementById("testlink");
link.href = uri;
});
};
function verifyCSP(aTestName, aBrowser, aDataURI) {
return ContentTask.spawn(aBrowser, {aTestName, aDataURI}, async function ({aTestName, aDataURI}) {
let channel = content.docShell.currentDocumentChannel;
is(channel.URI.spec, aDataURI, "testing CSP for " + aTestName);
let principal = channel.loadInfo.triggeringPrincipal;
let cspJSON = principal.cspJSON;
let cspOBJ = JSON.parse(cspJSON);
let policies = cspOBJ["csp-policies"];
is(policies.length, 1, "should be one policy");
let policy = policies[0];
is(policy['script-src'], "'unsafe-inline'", "script-src directive matches");
});
};
add_task(async function setup() {
// allow top level data: URI navigations, otherwise clicking data: link fails
await SpecialPowers.pushPrefEnv({
"set": [["security.data_uri.block_toplevel_data_uri_navigations", false]],
});
});
add_task(async function test_data_csp_inheritance_regular_click() {
await BrowserTestUtils.withNewTab(HTML_URI, async function(browser) {
let loadPromise = BrowserTestUtils.browserLoaded(browser, false, DATA_URI);
// set the data href + simulate click
await setDataHrefOnLink(gBrowser.selectedBrowser, DATA_URI);
BrowserTestUtils.synthesizeMouseAtCenter("#testlink", {},
gBrowser.selectedBrowser);
await loadPromise;
await verifyCSP("click()", gBrowser.selectedBrowser, DATA_URI);
});
});
add_task(async function test_data_csp_inheritance_ctrl_click() {
await BrowserTestUtils.withNewTab(HTML_URI, async function(browser) {
let loadPromise = BrowserTestUtils.waitForNewTab(gBrowser, DATA_URI);
// set the data href + simulate ctrl+click
await setDataHrefOnLink(gBrowser.selectedBrowser, DATA_URI);
BrowserTestUtils.synthesizeMouseAtCenter("#testlink",
{ ctrlKey: true, metaKey: true },
gBrowser.selectedBrowser);
let tab = await loadPromise;
gBrowser.selectTabAtIndex(2);
await verifyCSP("ctrl-click()", gBrowser.selectedBrowser, DATA_URI);
await BrowserTestUtils.removeTab(tab);
});
});
add_task(async function test_data_csp_inheritance_right_click_open_link_in_new_tab() {
await BrowserTestUtils.withNewTab(HTML_URI, async function(browser) {
let loadPromise = BrowserTestUtils.waitForNewTab(gBrowser, DATA_URI);
// set the data href + simulate right-click open link in tab
await setDataHrefOnLink(gBrowser.selectedBrowser, DATA_URI);
BrowserTestUtils.waitForEvent(document, "popupshown", false, event => {
// These are operations that must be executed synchronously with the event.
document.getElementById("context-openlinkintab").doCommand();
event.target.hidePopup();
return true;
});
BrowserTestUtils.synthesizeMouseAtCenter("#testlink",
{ type: "contextmenu", button: 2 },
gBrowser.selectedBrowser);
let tab = await loadPromise;
gBrowser.selectTabAtIndex(2);
await verifyCSP("right-click-open-in-new-tab()", gBrowser.selectedBrowser, DATA_URI);
await BrowserTestUtils.removeTab(tab);
});
});