Bug 911547 - Test CSP enforcement in session-restored documents. r=ttaubert

--HG--
extra : rebase_source : a794cee6cc797f5acc67989bd17f755bae5ce0c3
This commit is contained in:
Sid Stamm 2014-01-23 15:34:56 -08:00
Родитель f6b4704ae8
Коммит 72fb052774
4 изменённых файлов: 92 добавлений и 0 удалений

Просмотреть файл

@ -41,6 +41,8 @@ support-files =
browser_597315_c2.html
browser_662743_sample.html
browser_739531_sample.html
browser_911547_sample.html
browser_911547_sample.html^headers^
#NB: the following are disabled
# browser_464620_a.html
@ -184,3 +186,4 @@ skip-if = os == "mac"
[browser_625016.js]
skip-if = os == "mac"
[browser_911547.js]

Просмотреть файл

@ -0,0 +1,70 @@
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
// This tests that session restore component does restore the right content
// security policy with the document.
// The policy being tested disallows inline scripts
function test() {
TestRunner.run();
}
function runTests() {
// create a tab that has a CSP
let testURL = "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html";
let tab = gBrowser.selectedTab = gBrowser.addTab(testURL);
gBrowser.selectedTab = tab;
let browser = tab.linkedBrowser;
yield waitForLoad(browser);
// this is a baseline to ensure CSP is active
// attempt to inject and run a script via inline (pre-restore, allowed)
injectInlineScript(browser,'document.getElementById("test_id").value = "fail";');
is(browser.contentDocument.getElementById("test_id").value, "ok",
"CSP should block the inline script that modifies test_id");
// attempt to click a link to a data: URI (will inherit the CSP of the
// origin document) and navigate to the data URI in the link.
browser.contentDocument.getElementById("test_data_link").click();
yield waitForLoad(browser);
is(browser.contentDocument.getElementById("test_id2").value, "ok",
"CSP should block the script loaded by the clicked data URI");
// close the tab
gBrowser.removeTab(tab);
// open new tab and recover the state
tab = ss.undoCloseTab(window, 0);
yield waitForTabRestored(tab);
browser = tab.linkedBrowser;
is(browser.contentDocument.getElementById("test_id2").value, "ok",
"CSP should block the script loaded by the clicked data URI after restore");
// clean up
gBrowser.removeTab(tab);
}
function waitForLoad(aElement) {
aElement.addEventListener("load", function onLoad() {
aElement.removeEventListener("load", onLoad, true);
executeSoon(next);
}, true);
}
function waitForTabRestored(aElement) {
aElement.addEventListener("SSTabRestored", function tabRestored(e) {
aElement.removeEventListener("SSTabRestored", tabRestored, true);
executeSoon(next);
}, true);
}
// injects an inline script element (with a text body)
function injectInlineScript(browser, scriptText) {
let scriptElt = browser.contentDocument.createElement("script");
scriptElt.type = 'text/javascript';
scriptElt.text = scriptText;
browser.contentDocument.body.appendChild(scriptElt);
}

Просмотреть файл

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html>
<head>
<title>Test 911547</title>
</head>
<body>
<!--
this element gets modified by an injected script;
that script should be blocked by CSP.
Inline scripts can modify it, but not data uris.
-->
<input type="text" id="test_id" value="ok">
<a id="test_data_link" href="data:text/html,<input type='text' id='test_id2' value='ok'/> <script>document.getElementById('test_id2').value = 'fail';</script>">Test Link</a>
</body>
</html>

Просмотреть файл

@ -0,0 +1 @@
Content-Security-Policy: script-src 'self'