mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 835055 - Make sure that a script can't use an unsanitized value while the user is typing in a field. r=smaug 

--HG--
rename : content/html/content/test/forms/test_input_number_value.html => content/html/content/test/forms/test_input_typing_sanitization.html
This commit is contained in:
Mounir Lamouri 2013-01-31 23:05:48 +00:00
Родитель 121c77e2f7
Коммит 7823655184
4 изменённых файлов: 234 добавлений и 141 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

12
content/html/content/src/nsHTMLInputElement.cpp
Просмотреть файл

@ -1007,8 +1007,8 @@ nsHTMLInputElement::GetValue(nsAString& aValue)
{
nsresult rv = GetValueInternal(aValue);
// Don't return non-sanitized value for number inputs.
if (mType == NS_FORM_INPUT_NUMBER) {
// Don't return non-sanitized value for types that are experimental on mobile.
if (IsExperimentalMobileType(mType)) {
SanitizeValue(aValue);
}
@ -2482,8 +2482,10 @@ nsHTMLInputElement::PreHandleEvent(nsEventChainPreVisitor& aVisitor)
// Fire onchange (if necessary), before we do the blur, bug 357684.
if (aVisitor.mEvent->message == NS_BLUR_CONTENT) {
// In number inputs we can't allow the user to set an invalid value.
if (mType == NS_FORM_INPUT_NUMBER) {
// Experimental mobile types rely on the system UI to prevent users to not
// set invalid values but we have to be extra-careful. Especially if the
// option has been enabled on desktop.
if (IsExperimentalMobileType(mType)) {
nsAutoString aValue;
GetValueInternal(aValue);
SetValueInternal(aValue, false, false);
@ -2773,7 +2775,7 @@ nsHTMLInputElement::PostHandleEvent(nsEventChainPostVisitor& aVisitor)
keyEvent->keyCode == NS_VK_ENTER) &&
(IsSingleLineTextControl(false, mType) ||
IsExperimentalMobileType(mType))) {
FireChangeEventIfNeeded();
FireChangeEventIfNeeded();
rv = MaybeSubmitForm(aVisitor.mPresContext);
NS_ENSURE_SUCCESS(rv, rv);
}

2
content/html/content/test/forms/Makefile.in
Просмотреть файл

@ -48,7 +48,7 @@ MOCHITEST_FILES = \
test_stepup_stepdown.html \
test_valueasnumber_attribute.html \
test_experimental_forms_pref.html \
test_input_number_value.html \
test_input_typing_sanitization.html \
test_input_sanitization.html \
test_valueasdate_attribute.html \
test_input_file_b2g_disabled.html \

135
content/html/content/test/forms/test_input_number_value.html
Просмотреть файл

@ -1,135 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=765772
-->
<head>
<title>Test for Bug 765772</title>
<script type="application/javascript" src="/MochiKit/packed.js"></script>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=">Mozilla Bug 765772</a>
<p id="display"></p>
<iframe name="submit_frame" style="visibility: hidden;"></iframe>
<div id="content">
<form id='f' target="submit_frame" action="foo">
<input name=i id="i" step='any' >
</form>
</div>
<pre id="test">
<script type="application/javascript">
var input = document.getElementById('i');
var form = document.getElementById('f');
var submitFrame = document.getElementsByTagName('iframe')[0];
var testData = [];
var validData =
[
"42",
"-42", // should work for negative values
"42.1234",
"123.12345678912345", // double precision
"1e2", // e should be usable
"2e1",
"1e-1", // value after e can be negative
"1E2", // E can be used instead of e
];
var invalidData =
[
"e",
"e2",
"1e0.1",
"foo",
"42,13", // comma can't be used as a decimal separator
];
function submitForm() {
form.submit();
}
function sendKeyEventToSubmitForm() {
sendKey("return");
}
function checkValueSubmittedIsValid()
{
is(frames['submit_frame'].location.href,
'http://mochi.test:8888/tests/content/html/content/test/forms/foo?i='
+ validData[valueIndex++],
"The submitted value should not have been sanitized");
input.value = "";
if (valueIndex >= validData.length) {
valueIndex = 0;
submitFrame.onload = checkValueSubmittedIsInvalid;
testData = invalidData;
}
submitNextValue();
}
function checkValueSubmittedIsInvalid()
{
is(frames['submit_frame'].location.href,
'http://mochi.test:8888/tests/content/html/content/test/forms/foo?i=',
"The submitted value should have been sanitized");
valueIndex++;
input.value = "";
if (valueIndex >= invalidData.length) {
if (submitMethod == sendKeyEventToSubmitForm) {
SimpleTest.finish();
return;
}
valueIndex = 0;
submitMethod = sendKeyEventToSubmitForm;
submitFrame.onload = checkValueSubmittedIsValid;
testData = validData;
}
submitNextValue();
}
function submitNextValue() {
SpecialPowers.focus(input);
sendString(testData[valueIndex]);
submitMethod();
}
var valueIndex = 0;
var submitMethod = submitForm;
SimpleTest.waitForExplicitFinish();
addLoadEvent(function () {
SpecialPowers.pushPrefEnv({'set': [["dom.experimental_forms", true]]}, function() {
input.type = "number";
for (data of validData) {
input.value = "";
SpecialPowers.focus(input);
sendString(data);
input.blur();
is(input.value, data, "valid user input should not be sanitized");
}
for (data of invalidData) {
input.value = "";
SpecialPowers.focus(input);
sendString(data);
input.blur();
is(input.value, "", "invalid user input should be sanitized");
}
testData = validData;
submitFrame.onload = checkValueSubmittedIsValid;
submitNextValue();
});
});
</script>
</pre>
</body>
</html>

226
content/html/content/test/forms/test_input_typing_sanitization.html Normal file
Просмотреть файл

@ -0,0 +1,226 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=765772
-->
<head>
<title>Test for Bug 765772</title>
<script type="application/javascript" src="/MochiKit/packed.js"></script>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=">Mozilla Bug 765772</a>
<p id="display"></p>
<iframe name="submit_frame" style="visibility: hidden;"></iframe>
<div id="content">
<form id='f' target="submit_frame" action="foo">
<input name=i id="i" step='any' >
</form>
</div>
<pre id="test">
<script type="application/javascript;version=1.7">
/*
* This test checks that when a user types in some input types, it will not be
* in a state where the value will be un-sanitized and usable (by a script).
*/
var input = document.getElementById('i');
var form = document.getElementById('f');
var submitFrame = document.getElementsByTagName('iframe')[0];
var testData = [];
var gValidData = [];
var gInvalidData = [];
function submitForm() {
form.submit();
}
function sendKeyEventToSubmitForm() {
sendKey("return");
}
function urlify(aStr) {
return aStr.replace(':', '%3A', 'g');
}
function checkValueSubmittedIsValid()
{
is(frames['submit_frame'].location.href,
'http://mochi.test:8888/tests/content/html/content/test/forms/foo?i='
+ urlify(gValidData[valueIndex++]),
"The submitted value should not have been sanitized");
input.value = "";
if (valueIndex >= gValidData.length) {
valueIndex = 0;
submitFrame.onload = checkValueSubmittedIsInvalid;
testData = gInvalidData;
}
testSubmissions();
}
function checkValueSubmittedIsInvalid()
{
is(frames['submit_frame'].location.href,
'http://mochi.test:8888/tests/content/html/content/test/forms/foo?i=',
"The submitted value should have been sanitized");
valueIndex++;
input.value = "";
if (valueIndex >= gInvalidData.length) {
if (submitMethod == sendKeyEventToSubmitForm) {
try {
testRunner.next();
} catch (e) {
if (e.toString() == '[object StopIteration]') {
SimpleTest.finish();
} else {
throw StopIteration;
}
}
return;
}
valueIndex = 0;
submitMethod = sendKeyEventToSubmitForm;
submitFrame.onload = checkValueSubmittedIsValid;
testData = gValidData;
}
testSubmissions();
}
function testSubmissions() {
SpecialPowers.focus(input);
sendString(testData[valueIndex]);
submitMethod();
}
var valueIndex = 0;
var submitMethod = submitForm;
SimpleTest.waitForExplicitFinish();
function runTest()
{
var data = [
{
type: 'number',
validData: [
"42",
"-42", // should work for negative values
"42.1234",
"123.12345678912345", // double precision
"1e2", // e should be usable
"2e1",
"1e-1", // value after e can be negative
"1E2", // E can be used instead of e
],
invalidData: [
"e",
"e2",
"1e0.1",
"foo",
"42,13", // comma can't be used as a decimal separator
]
},
{
type: 'date',
validData: [
'0001-01-01',
'2012-12-21',
'2013-01-28',
'100000-01-01',
],
invalidData: [
'1-01-01',
'a',
'-',
'2012-01',
'2013-01-1',
'1011-23-21',
'1000-12-99',
]
},
{
type: 'time',
validData: [
'00:00',
'09:09:00',
'08:23:23.1',
'21:43:56.12',
'23:12:45.100',
],
invalidData: [
'00:',
'00:00:',
'25:00',
'-00:00',
'00:00:00.',
'00:60',
'10:58:99',
':19:10',
'23:08:09.1012',
]
},
{ type: 'week', todo: true },
{ type: 'month', todo: true },
{ type: 'datetime', todo: true },
{ type: 'datetime-local', todo: true },
{ type: 'color', todo: true },
];
for (test of data) {
if (test.todo) {
input.type = test.type;
todo_is(input.type, test.type, test.type + " is not implemented");
continue;
}
input.type = test.type;
gValidData = test.validData;
gInvalidData = test.invalidData;
for (data of gValidData) {
input.value = "";
SpecialPowers.focus(input);
sendString(data);
input.blur();
is(input.value, data, "valid user input should not be sanitized");
}
for (data of gInvalidData) {
input.value = "";
SpecialPowers.focus(input);
sendString(data);
input.blur();
is(input.value, "", "invalid user input should be sanitized");
}
input.value = '';
testData = gValidData;
valueIndex = 0;
submitFrame.onload = checkValueSubmittedIsValid;
testSubmissions();
yield;
}
}
var testRunner = runTest();
addLoadEvent(function () {
SpecialPowers.pushPrefEnv({'set': [["dom.experimental_forms", true]]},
function() {
testRunner.next();
}
);
});
</script>
</pre>
</body>
</html>