зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1251043 - Test form submission blocked by CSP. r=francois
This commit is contained in:
Родитель
ba26bfd31e
Коммит
20549b7fe0
|
@ -0,0 +1,33 @@
|
|||
// Custom *.sjs file specifically for the needs of Bug 1251043
|
||||
|
||||
const FRAME = `
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1251043 - Test form-action blocks URL</title>
|
||||
<meta http-equiv="Content-Security-Policy" content="form-action 'none';">
|
||||
</head>
|
||||
<body>
|
||||
CONTROL-TEXT
|
||||
<form action="file_form_action_server.sjs?formsubmission" method="GET">
|
||||
<input type="submit" id="submitButton" value="submit">
|
||||
</form>
|
||||
</body>
|
||||
</html>`;
|
||||
|
||||
function handleRequest(request, response)
|
||||
{
|
||||
// avoid confusing cache behaviors
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
|
||||
// PART 1: Return a frame including the FORM and the CSP
|
||||
if (request.queryString === "loadframe") {
|
||||
response.write(FRAME);
|
||||
return;
|
||||
}
|
||||
|
||||
// PART 2: We should never get here because the form
|
||||
// should not be submitted. Just in case; return
|
||||
// something unexpected so the test fails!
|
||||
response.write("do'h");
|
||||
}
|
|
@ -159,6 +159,7 @@ support-files =
|
|||
file_block_all_mcb.sjs
|
||||
file_block_all_mixed_content_frame_navigation1.html
|
||||
file_block_all_mixed_content_frame_navigation2.html
|
||||
file_form_action_server.sjs
|
||||
|
||||
[test_base-uri.html]
|
||||
[test_blob_data_schemes.html]
|
||||
|
@ -243,3 +244,4 @@ skip-if = toolkit == 'android' #investigate in bug 1250814
|
|||
tags = mcb
|
||||
[test_block_all_mixed_content_frame_navigation.html]
|
||||
tags = mcb
|
||||
[test_form_action_blocks_url.html]
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1251043 - Test form-action blocks URL</title>
|
||||
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<iframe id="testframe"></iframe>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
/*
|
||||
* Description of the test:
|
||||
* 1) Let's load a form into an iframe which uses a CSP of: form-action 'none';
|
||||
* 2) Let's hit the submit button and make sure the form is not submitted.
|
||||
*
|
||||
* Since a blocked form submission does not fire any event handler, we have to
|
||||
* use timeout triggered function that verifies that the form didn't get submitted.
|
||||
*/
|
||||
|
||||
SimpleTest.requestFlakyTimeout(
|
||||
"Form submission blocked by CSP does not fire any events " +
|
||||
"hence we have to check back after 300ms to make sure the form " +
|
||||
"is not submitted");
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
const FORM_SUBMITTED = "form submission succeeded";
|
||||
var timeOutId;
|
||||
var testframe = document.getElementById("testframe");
|
||||
|
||||
// In case the form gets submitted, the test would receive an 'load'
|
||||
// event and would trigger the test to fail early.
|
||||
function logFormSubmittedError() {
|
||||
clearTimeout(timeOutId);
|
||||
testframe.removeEventListener('load', logFormSubmittedError, false);
|
||||
ok(false, "form submission should be blocked");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
// After 300ms we verify the form did not get submitted.
|
||||
function verifyFormNotSubmitted() {
|
||||
clearTimeout(timeOutId);
|
||||
var frameContent = testframe.contentWindow.document.body.innerHTML;
|
||||
isnot(frameContent.indexOf("CONTROL-TEXT"), -1,
|
||||
"form should not be submitted and still contain the control text");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
function submitForm() {
|
||||
// Part 1: The form has loaded in the testframe
|
||||
// unregister the current event handler
|
||||
testframe.removeEventListener('load', submitForm, false);
|
||||
|
||||
// Part 2: Register a new load event handler. In case the
|
||||
// form gets submitted, this load event fires and we can
|
||||
// fail the test right away.
|
||||
testframe.addEventListener("load", logFormSubmittedError, false);
|
||||
|
||||
// Part 3: Since blocking the form does not throw any kind of error;
|
||||
// Firefox just logs the CSP error to the console we have to register
|
||||
// this timeOut function which then verifies that the form didn't
|
||||
// get submitted.
|
||||
timeOutId = setTimeout(verifyFormNotSubmitted, 300);
|
||||
|
||||
// Part 4: We are ready, let's hit the submit button of the form.
|
||||
var submitButton = testframe.contentWindow.document.getElementById('submitButton');
|
||||
submitButton.click();
|
||||
}
|
||||
|
||||
testframe.addEventListener("load", submitForm, false);
|
||||
testframe.src = "file_form_action_server.sjs?loadframe";
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче