зеркало из https://github.com/mozilla/gecko-dev.git
Bug 452401 - Create tests for mixed content, r=kaie
--HG-- rename : security/manager/ssl/tests/mochitest/test_bug413909.html => security/manager/ssl/tests/mochitest/bugs/test_bug413909.html
This commit is contained in:
Родитель
349c9e2873
Коммит
e35cf3d5b5
|
@ -241,9 +241,11 @@ user_pref("javascript.options.jit.content", true);
|
||||||
user_pref("gfx.color_management.force_srgb", true);
|
user_pref("gfx.color_management.force_srgb", true);
|
||||||
user_pref("network.manage-offline-status", false);
|
user_pref("network.manage-offline-status", false);
|
||||||
user_pref("security.default_personal_cert", "Select Automatically"); // Need to client auth test be w/o any dialogs
|
user_pref("security.default_personal_cert", "Select Automatically"); // Need to client auth test be w/o any dialogs
|
||||||
|
user_pref("security.warn_viewing_mixed", false);
|
||||||
|
|
||||||
user_pref("camino.warn_when_closing", false); // Camino-only, harmless to others
|
user_pref("camino.warn_when_closing", false); // Camino-only, harmless to others
|
||||||
"""
|
""" % { "downloadDir": (os.path.join(profileDir, "downloads")) }
|
||||||
|
|
||||||
prefs.append(part)
|
prefs.append(part)
|
||||||
|
|
||||||
# Increase the max script run time 10-fold for debug builds
|
# Increase the max script run time 10-fold for debug builds
|
||||||
|
|
|
@ -40,14 +40,11 @@ DEPTH = ../../../../..
|
||||||
topsrcdir = @top_srcdir@
|
topsrcdir = @top_srcdir@
|
||||||
srcdir = @srcdir@
|
srcdir = @srcdir@
|
||||||
VPATH = @srcdir@
|
VPATH = @srcdir@
|
||||||
relativesrcdir = security/ssl
|
|
||||||
|
|
||||||
include $(DEPTH)/config/autoconf.mk
|
MODULE = pipnss
|
||||||
|
DIRS = \
|
||||||
|
bugs \
|
||||||
|
mixedcontent \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
include $(topsrcdir)/config/rules.mk
|
include $(topsrcdir)/config/rules.mk
|
||||||
|
|
||||||
_CHROME_FILES = \
|
|
||||||
test_bug413909.html \
|
|
||||||
$(NULL)
|
|
||||||
|
|
||||||
libs:: $(_CHROME_FILES)
|
|
||||||
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
|
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
#
|
||||||
|
# ***** BEGIN LICENSE BLOCK *****
|
||||||
|
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
#
|
||||||
|
# The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
# the License. You may obtain a copy of the License at
|
||||||
|
# http://www.mozilla.org/MPL/
|
||||||
|
#
|
||||||
|
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
# for the specific language governing rights and limitations under the
|
||||||
|
# License.
|
||||||
|
#
|
||||||
|
# The Original Code is mozilla.org code.
|
||||||
|
#
|
||||||
|
# The Initial Developer of the Original Code is
|
||||||
|
# Mozilla Foundation.
|
||||||
|
# Portions created by the Initial Developer are Copyright (C) 2007
|
||||||
|
# the Initial Developer. All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Contributor(s):
|
||||||
|
# Jan Bambas <honzab@firemni.cz>
|
||||||
|
#
|
||||||
|
# Alternatively, the contents of this file may be used under the terms of
|
||||||
|
# either of the GNU General Public License Version 2 or later (the "GPL"),
|
||||||
|
# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
# of those above. If you wish to allow use of your version of this file only
|
||||||
|
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
# use your version of this file under the terms of the MPL, indicate your
|
||||||
|
# decision by deleting the provisions above and replace them with the notice
|
||||||
|
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
# the provisions above, a recipient may use your version of this file under
|
||||||
|
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
#
|
||||||
|
# ***** END LICENSE BLOCK *****
|
||||||
|
|
||||||
|
DEPTH = ../../../../../..
|
||||||
|
topsrcdir = @top_srcdir@
|
||||||
|
srcdir = @srcdir@
|
||||||
|
VPATH = @srcdir@
|
||||||
|
relativesrcdir = security/ssl
|
||||||
|
|
||||||
|
include $(DEPTH)/config/autoconf.mk
|
||||||
|
include $(topsrcdir)/config/rules.mk
|
||||||
|
|
||||||
|
_CHROME_FILES = \
|
||||||
|
test_bug413909.html \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
libs:: $(_CHROME_FILES)
|
||||||
|
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
|
|
@ -0,0 +1,106 @@
|
||||||
|
#
|
||||||
|
# ***** BEGIN LICENSE BLOCK *****
|
||||||
|
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
#
|
||||||
|
# The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
# the License. You may obtain a copy of the License at
|
||||||
|
# http://www.mozilla.org/MPL/
|
||||||
|
#
|
||||||
|
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
# for the specific language governing rights and limitations under the
|
||||||
|
# License.
|
||||||
|
#
|
||||||
|
# The Original Code is mozilla.org code.
|
||||||
|
#
|
||||||
|
# The Initial Developer of the Original Code is
|
||||||
|
# Mozilla Foundation.
|
||||||
|
# Portions created by the Initial Developer are Copyright (C) 2007
|
||||||
|
# the Initial Developer. All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Contributor(s):
|
||||||
|
# Jan Bambas <honzab@firemni.cz>
|
||||||
|
#
|
||||||
|
# Alternatively, the contents of this file may be used under the terms of
|
||||||
|
# either of the GNU General Public License Version 2 or later (the "GPL"),
|
||||||
|
# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
# of those above. If you wish to allow use of your version of this file only
|
||||||
|
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
# use your version of this file under the terms of the MPL, indicate your
|
||||||
|
# decision by deleting the provisions above and replace them with the notice
|
||||||
|
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
# the provisions above, a recipient may use your version of this file under
|
||||||
|
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
#
|
||||||
|
# ***** END LICENSE BLOCK *****
|
||||||
|
|
||||||
|
DEPTH = ../../../../../..
|
||||||
|
topsrcdir = @top_srcdir@
|
||||||
|
srcdir = @srcdir@
|
||||||
|
VPATH = @srcdir@
|
||||||
|
relativesrcdir = security/ssl/mixedcontent
|
||||||
|
|
||||||
|
include $(DEPTH)/config/autoconf.mk
|
||||||
|
include $(topsrcdir)/config/rules.mk
|
||||||
|
|
||||||
|
_TEST_FILES = \
|
||||||
|
alloworigin.sjs \
|
||||||
|
backward.html \
|
||||||
|
bug329869.js \
|
||||||
|
bug383369step2.html \
|
||||||
|
bug383369step3.html \
|
||||||
|
download.auto \
|
||||||
|
download.auto^headers^ \
|
||||||
|
emptyimage.sjs \
|
||||||
|
hugebmp.sjs \
|
||||||
|
iframe.html \
|
||||||
|
iframe2.html \
|
||||||
|
iframeMetaRedirect.html \
|
||||||
|
iframesecredirect.sjs \
|
||||||
|
iframeunsecredirect.sjs \
|
||||||
|
imgsecredirect.sjs \
|
||||||
|
imgunsecredirect.sjs \
|
||||||
|
mixedContentTest.js \
|
||||||
|
moonsurface.jpg \
|
||||||
|
redirecttoemptyimage.sjs \
|
||||||
|
somestyle.css \
|
||||||
|
test_bug383369.html \
|
||||||
|
test_bug455367.html \
|
||||||
|
test_bug472986.html \
|
||||||
|
test_cssBefore1.html \
|
||||||
|
test_cssContent1.html \
|
||||||
|
test_cssContent2.html \
|
||||||
|
test_documentWrite1.html \
|
||||||
|
test_documentWrite2.html \
|
||||||
|
test_dynDelayedUnsecurePicture.html \
|
||||||
|
test_dynDelayedUnsecureXHR.html \
|
||||||
|
test_dynUnsecureBackground.html \
|
||||||
|
test_dynUnsecureIframeRedirect.html \
|
||||||
|
test_dynUnsecurePicture.html \
|
||||||
|
test_dynUnsecurePicturePreload.html \
|
||||||
|
test_dynUnsecureRedirect.html \
|
||||||
|
test_innerHtmlDelayedUnsecurePicture.html \
|
||||||
|
test_innerHtmlUnsecurePicture.html \
|
||||||
|
test_secureAll.html \
|
||||||
|
test_securePicture.html \
|
||||||
|
test_unsecureBackground.html \
|
||||||
|
test_unsecureCSS.html \
|
||||||
|
test_unsecureIframe.html \
|
||||||
|
test_unsecureIframe2.html \
|
||||||
|
test_unsecureIframeMetaRedirect.html \
|
||||||
|
test_unsecureIframeRedirect.html \
|
||||||
|
test_unsecurePicture.html \
|
||||||
|
test_unsecurePictureDup.html \
|
||||||
|
test_unsecurePictureInIframe.html \
|
||||||
|
test_unsecureRedirect.html \
|
||||||
|
unsecureIframe.html \
|
||||||
|
unsecurePictureDup.html \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
# test_bug329869.html \ leaks, bug 452401
|
||||||
|
|
||||||
|
|
||||||
|
libs:: $(_TEST_FILES)
|
||||||
|
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
|
|
@ -0,0 +1,6 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 200, "OK");
|
||||||
|
response.setHeader("Access-Control-Allow-Origin", "*");
|
||||||
|
response.write("<html><body>hello!</body></html>");
|
||||||
|
}
|
|
@ -0,0 +1,20 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<script type="text/javascript">
|
||||||
|
|
||||||
|
window.onload = function()
|
||||||
|
{
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||||
|
|
||||||
|
window.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
|
||||||
|
.getInterface(Components.interfaces.nsIWebNavigation)
|
||||||
|
.goBack();
|
||||||
|
}, 100);
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
</html>
|
|
@ -0,0 +1,3 @@
|
||||||
|
document.write("This is insecure XSS script " + document.cookie);
|
||||||
|
todoSecurityState("broken", "security broken after document write from unsecure script");
|
||||||
|
finish();
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Bug 383369 test, step 2</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/does_not_exist.css">
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
window.onload = function runTest()
|
||||||
|
{
|
||||||
|
window.setTimeout(function ()
|
||||||
|
{
|
||||||
|
window.location =
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/bug383369step3.html?runtest";
|
||||||
|
}, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Bug 383369 test, final step</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "secure page after insecure download and insecure subcontent still secure");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "still secure after back/forward");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1 @@
|
||||||
|
Temporary file for security/mixedconent tests
|
|
@ -0,0 +1,2 @@
|
||||||
|
Content-disposition: "attachment"
|
||||||
|
Content-type: application/x-auto-download
|
|
@ -0,0 +1,5 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 200, "OK");
|
||||||
|
//response.setHeader("Content-type", "image/gif");
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 200, "OK");
|
||||||
|
response.setHeader("Content-type", "image/bitmap");
|
||||||
|
|
||||||
|
let bmpheader = "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
|
||||||
|
let bmpdatapiece = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
||||||
|
|
||||||
|
response.bodyOutputStream.write(bmpheader, 54);
|
||||||
|
// Fill 640*480*3 nulls
|
||||||
|
for (let i = 0; i < (640 * 480 * 3) / 64; ++i)
|
||||||
|
response.bodyOutputStream.write(bmpdatapiece, 64);
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
This is frame 1:
|
||||||
|
<script>
|
||||||
|
document.write(location.href);
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,13 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
This is frame 2:
|
||||||
|
<script>
|
||||||
|
document.write(location.href);
|
||||||
|
</script>
|
||||||
|
<iframe src="http://example.com/tests/security/ssl/mixedcontent/iframe.html"></iframe>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,8 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<META http-equiv="Refresh"
|
||||||
|
Content="0; URL=http://example.com/tests/security/ssl/mixedcontent/iframe.html">
|
||||||
|
<html>
|
||||||
|
<body>
|
||||||
|
Redirecting by meta tag...
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,5 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||||
|
response.setHeader("Location", "https://example.com/tests/security/ssl/mixedcontent/iframe.html");
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||||
|
response.setHeader("Location", "http://example.com/tests/security/ssl/mixedcontent/iframe.html");
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||||
|
response.setHeader("Location", "https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg");
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||||
|
response.setHeader("Location", "http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg");
|
||||||
|
}
|
|
@ -0,0 +1,210 @@
|
||||||
|
/**
|
||||||
|
* Helper script for mixed content testing. It opens a new top-level window
|
||||||
|
* from a secure origin and '?runtest' query. That tells us to run the test
|
||||||
|
* body, function runTest(). Then we wait for call of finish(). On its first
|
||||||
|
* call it loads helper page 'backward.html' that immediately navigates
|
||||||
|
* back to the test secure test. This checks the bfcache. We got second call
|
||||||
|
* to onload and this time we call afterNavigationTest() function to let the
|
||||||
|
* test check security state after re-navigation back. Then we again wait for
|
||||||
|
* finish() call, that this time finishes completelly the test.
|
||||||
|
*/
|
||||||
|
|
||||||
|
// Tells the framework if to load the test in an insecure page (http://)
|
||||||
|
var loadAsInsecure = false;
|
||||||
|
// Set true to bypass the navigation forward/back test
|
||||||
|
var bypassNavigationTest = false;
|
||||||
|
// Set true to do forward/back navigation over an http:// page, test state leaks
|
||||||
|
var navigateToInsecure = false;
|
||||||
|
// Open the test in two separate windows, test requests sharing among windows
|
||||||
|
var openTwoWindows = false;
|
||||||
|
// Override the name of the test page to load, useful e.g. to prevent load
|
||||||
|
// of images or other content before the test starts; this is actually
|
||||||
|
// a 'redirect' to a different test page.
|
||||||
|
var testPage = "";
|
||||||
|
// Assign a function to this variable to have a clean up at the end
|
||||||
|
var testCleanUp = null;
|
||||||
|
|
||||||
|
|
||||||
|
// Internal variables
|
||||||
|
var _windowCount = 0;
|
||||||
|
|
||||||
|
window.onload = function onLoad()
|
||||||
|
{
|
||||||
|
if (location.search == "?runtest")
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (history.length == 1)
|
||||||
|
runTest();
|
||||||
|
else
|
||||||
|
afterNavigationTest();
|
||||||
|
}
|
||||||
|
catch (ex)
|
||||||
|
{
|
||||||
|
ok(false, "Exception thrown during test: " + ex);
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
window.addEventListener("message", onMessageReceived, false);
|
||||||
|
|
||||||
|
var secureTestLocation;
|
||||||
|
if (loadAsInsecure)
|
||||||
|
secureTestLocation = "http://example.com";
|
||||||
|
else
|
||||||
|
secureTestLocation = "https://example.com";
|
||||||
|
secureTestLocation += location.pathname
|
||||||
|
if (testPage != "")
|
||||||
|
{
|
||||||
|
array = secureTestLocation.split("/");
|
||||||
|
array.pop();
|
||||||
|
array.push(testPage);
|
||||||
|
secureTestLocation = array.join("/");
|
||||||
|
}
|
||||||
|
secureTestLocation += "?runtest";
|
||||||
|
|
||||||
|
if (openTwoWindows)
|
||||||
|
{
|
||||||
|
_windowCount = 2;
|
||||||
|
window.open(secureTestLocation, "_new1", "");
|
||||||
|
window.open(secureTestLocation, "_new2", "");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
_windowCount = 1;
|
||||||
|
window.open(secureTestLocation);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function onMessageReceived(event)
|
||||||
|
{
|
||||||
|
switch (event.data)
|
||||||
|
{
|
||||||
|
// Indication of all test parts finish (from any of the frames)
|
||||||
|
case "done":
|
||||||
|
if (--_windowCount == 0)
|
||||||
|
{
|
||||||
|
if (testCleanUp)
|
||||||
|
testCleanUp();
|
||||||
|
|
||||||
|
SimpleTest.finish();
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// Any other message indicates error or succes message of a test
|
||||||
|
default:
|
||||||
|
var failureRegExp = new RegExp("^FAILURE");
|
||||||
|
var todoRegExp = new RegExp("^TODO");
|
||||||
|
if (event.data.match(todoRegExp))
|
||||||
|
SimpleTest.todo(false, event.data);
|
||||||
|
else
|
||||||
|
SimpleTest.ok(!event.data.match(failureRegExp), event.data);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function postMsg(message)
|
||||||
|
{
|
||||||
|
opener.postMessage(message, "http://localhost:8888");
|
||||||
|
}
|
||||||
|
|
||||||
|
function finish()
|
||||||
|
{
|
||||||
|
if (history.length == 1 && !bypassNavigationTest)
|
||||||
|
{
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
window.location.assign(navigateToInsecure ?
|
||||||
|
"http://example.com/tests/security/ssl/mixedcontent/backward.html" :
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/backward.html");
|
||||||
|
}, 0);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
postMsg("done");
|
||||||
|
window.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function ok(a, message)
|
||||||
|
{
|
||||||
|
if (!a)
|
||||||
|
postMsg("FAILURE: " + message);
|
||||||
|
else
|
||||||
|
postMsg(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
function is(a, b, message)
|
||||||
|
{
|
||||||
|
if (a != b)
|
||||||
|
postMsg("FAILURE: " + message + ", expected "+b+" got "+a);
|
||||||
|
else
|
||||||
|
postMsg(message + ", expected "+b+" got "+a);
|
||||||
|
}
|
||||||
|
|
||||||
|
function todo(a, message)
|
||||||
|
{
|
||||||
|
if (a)
|
||||||
|
postMsg("FAILURE: TODO works? " + message);
|
||||||
|
else
|
||||||
|
postMsg("TODO: " + message);
|
||||||
|
}
|
||||||
|
|
||||||
|
function todoSecurityState(expectedState, message)
|
||||||
|
{
|
||||||
|
isSecurityState(expectedState, message, todo);
|
||||||
|
}
|
||||||
|
|
||||||
|
function isSecurityState(expectedState, message, test)
|
||||||
|
{
|
||||||
|
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||||
|
|
||||||
|
if (!test)
|
||||||
|
test = ok;
|
||||||
|
|
||||||
|
// Quit nasty but working :)
|
||||||
|
var ui = window
|
||||||
|
.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
|
||||||
|
.getInterface(Components.interfaces.nsIWebNavigation)
|
||||||
|
.QueryInterface(Components.interfaces.nsIDocShell)
|
||||||
|
.securityUI;
|
||||||
|
|
||||||
|
var isInsecure = !ui ||
|
||||||
|
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_INSECURE);
|
||||||
|
var isBroken = ui &&
|
||||||
|
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_BROKEN);
|
||||||
|
var isEV = ui &&
|
||||||
|
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
|
||||||
|
|
||||||
|
var gotState;
|
||||||
|
if (isInsecure)
|
||||||
|
gotState = "insecure";
|
||||||
|
else if (isBroken)
|
||||||
|
gotState = "broken";
|
||||||
|
else if (isEV)
|
||||||
|
gotState = "EV";
|
||||||
|
else
|
||||||
|
gotState = "secure";
|
||||||
|
|
||||||
|
test(gotState == expectedState, (message || "") + ", " + "expected " + expectedState + " got " + gotState);
|
||||||
|
|
||||||
|
switch (expectedState)
|
||||||
|
{
|
||||||
|
case "insecure":
|
||||||
|
test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || ""));
|
||||||
|
break;
|
||||||
|
case "broken":
|
||||||
|
test(ui && !isInsecure && isBroken && !isEV, "for 'broken' expected flags [0,1,0], " + (message || ""));
|
||||||
|
break;
|
||||||
|
case "secure":
|
||||||
|
test(ui && !isInsecure && !isBroken && !isEV, "for 'secure' expected flags [0,0,0], " + (message || ""));
|
||||||
|
break;
|
||||||
|
case "EV":
|
||||||
|
test(ui && !isInsecure && !isBroken && isEV, "for 'EV' expected flags [0,0,1], " + (message || ""));
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw "Invalid isSecurityState state";
|
||||||
|
}
|
||||||
|
}
|
Двоичный файл не отображается.
После Ширина: | Высота: | Размер: 51 KiB |
|
@ -0,0 +1,5 @@
|
||||||
|
function handleRequest(request, response)
|
||||||
|
{
|
||||||
|
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||||
|
response.setHeader("Location", "http://example.com/tests/security/ssl/mixedcontent/emptyimage.sjs");
|
||||||
|
}
|
|
@ -0,0 +1,4 @@
|
||||||
|
body
|
||||||
|
{
|
||||||
|
background-color: lightBlue;
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>dymanic script load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
var newElement = document.createElement("script");
|
||||||
|
newElement.src= "http://example.org/tests/security/ssl/mixedcontent/bug329869.js";
|
||||||
|
document.body.appendChild(newElement);
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,91 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Bug 383369 test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
// We want to start this test from an insecure context
|
||||||
|
loadAsInsecure = true;
|
||||||
|
// We don't want to go through the navigation back/forward test
|
||||||
|
bypassNavigationTest = true;
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||||
|
|
||||||
|
// Force download to be w/o user assistance for our testing mime type
|
||||||
|
const mimeSvc = Components.classes["@mozilla.org/mime;1"]
|
||||||
|
.getService(Components.interfaces.nsIMIMEService);
|
||||||
|
var handlerInfo = mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
|
||||||
|
handlerInfo.preferredAction = Components.interfaces.nsIHandlerInfo.saveToDisk;
|
||||||
|
handlerInfo.alwaysAskBeforeHandling = false;
|
||||||
|
handlerInfo.preferredApplicationHandler = null;
|
||||||
|
|
||||||
|
const handlerSvc = Components.classes["@mozilla.org/uriloader/handler-service;1"]
|
||||||
|
.getService(Components.interfaces.nsIHandlerService);
|
||||||
|
handlerSvc.store(handlerInfo);
|
||||||
|
|
||||||
|
var dirProvider = Components.classes["@mozilla.org/file/directory_service;1"]
|
||||||
|
.getService(Components.interfaces.nsIProperties);
|
||||||
|
var profileDir = dirProvider.get("ProfDS", Components.interfaces.nsIFile);
|
||||||
|
profileDir.append("downloads");
|
||||||
|
|
||||||
|
var prefs = Components.classes["@mozilla.org/preferences-service;1"]
|
||||||
|
.getService(Components.interfaces.nsIPrefService);
|
||||||
|
prefs = prefs.getBranch("browser.download.");
|
||||||
|
|
||||||
|
prefs.setCharPref("dir", profileDir.path);
|
||||||
|
prefs.setIntPref("folderList", 2);
|
||||||
|
prefs.setBoolPref("manager.closeWhenDone", true);
|
||||||
|
prefs.setBoolPref("manager.showWhenStarting", false);
|
||||||
|
|
||||||
|
var downloadManager = Components.classes["@mozilla.org/download-manager;1"]
|
||||||
|
.getService(Components.interfaces.nsIDownloadManager);
|
||||||
|
var theWindow = window;
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||||
|
downloadManager.cleanUp();
|
||||||
|
theWindow.location = "bug383369step2.html";
|
||||||
|
}, 3000);
|
||||||
|
|
||||||
|
window.location = "download.auto";
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
testCleanUp = function cleanup()
|
||||||
|
{
|
||||||
|
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||||
|
|
||||||
|
const mimeSvc = Components.classes["@mozilla.org/mime;1"]
|
||||||
|
.getService(Components.interfaces.nsIMIMEService);
|
||||||
|
var handlerInfo = mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
|
||||||
|
|
||||||
|
const handlerSvc = Components.classes["@mozilla.org/uriloader/handler-service;1"]
|
||||||
|
.getService(Components.interfaces.nsIHandlerService);
|
||||||
|
handlerSvc.remove(handlerInfo);
|
||||||
|
|
||||||
|
var prefs = Components.classes["@mozilla.org/preferences-service;1"]
|
||||||
|
.getService(Components.interfaces.nsIPrefService);
|
||||||
|
prefs = prefs.getBranch("browser.download.");
|
||||||
|
|
||||||
|
prefs.setCharPref("dir", "");
|
||||||
|
prefs.setIntPref("folderList", 0);
|
||||||
|
prefs.setBoolPref("manager.closeWhenDone", false);
|
||||||
|
prefs.setBoolPref("manager.showWhenStarting", true);
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>No content image doesn't break security</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "secure");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "secure after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img src="https://example.com/tests/security/ssl/mixedcontent/redirecttoemptyimage.sjs" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,42 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>img.src replace</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
// Clear the default onload assigned to test start because we must
|
||||||
|
// wait for replaced image to load and only after that test the security state
|
||||||
|
var onLoadFunction = window.onload;
|
||||||
|
window.onload = function()
|
||||||
|
{
|
||||||
|
window.setTimeout(onLoadFunction, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "secure");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "secure after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img id="img1" src="https://example.com/tests/security/ssl/mixedcontent/hugebmp.sjs" />
|
||||||
|
<script type="text/javascript">
|
||||||
|
var img1 = document.getElementById("img1");
|
||||||
|
img1.src = "https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,38 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>CSS :before styling 1</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
<style type="text/css">
|
||||||
|
p:before
|
||||||
|
{
|
||||||
|
content: url(http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg);
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure content added by :before styling breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<p>
|
||||||
|
There is a moon surface left to this text
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,37 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>CSS conent styling 1</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<style type="text/css">
|
||||||
|
p
|
||||||
|
{
|
||||||
|
content: url(http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg);
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure content added by :before styling breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<p></p>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,37 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>CSS conent styling 2</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
document.getElementById("para").style.content =
|
||||||
|
"url('http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg')";
|
||||||
|
|
||||||
|
window.setTimeout(function() {
|
||||||
|
isSecurityState("broken", "insecure content added by styling breaks security");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
is(document.getElementById("para").style.content, "");
|
||||||
|
isSecurityState("secure", "security full after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<p id="para"></p>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,33 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>document.write('<img src="http://">')</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <img> written dynamically breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
document.write(
|
||||||
|
"<img src='http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg' />");
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,33 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>document.write('<iframe src="http://">')</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure iframe written dynamically breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
document.write(
|
||||||
|
"<iframe src='http://example.com/tests/security/ssl/mixedcontent/iframe.html'></iframe>");
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,42 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>img.src changes to unsecure test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
window.setTimeout(function() {
|
||||||
|
// Don't do this synchronously from onload handler
|
||||||
|
document.getElementById("image1").src =
|
||||||
|
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||||
|
}, 0);
|
||||||
|
|
||||||
|
window.setTimeout(function() {
|
||||||
|
isSecurityState("broken", "src='http://...' changed to broken");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
is(document.getElementById("image1").src,
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||||
|
"img.src secure again");
|
||||||
|
isSecurityState("secure", "security full after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img id="image1" src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,46 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>unsecure XHR test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
var req = new XMLHttpRequest();
|
||||||
|
req.open("GET", "http://example.com/tests/security/ssl/mixedcontent/alloworigin.sjs", false);
|
||||||
|
req.send(null);
|
||||||
|
|
||||||
|
// Change should be immediate, the request was sent synchronously
|
||||||
|
todoSecurityState("broken", "security broken after insecure XHR");
|
||||||
|
}
|
||||||
|
catch (ex)
|
||||||
|
{
|
||||||
|
ok(false, ex);
|
||||||
|
}
|
||||||
|
|
||||||
|
finish();
|
||||||
|
}, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "security full after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,40 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>body.background changes to unsecure test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
// This test, as is, equals to https://kuix.de/misc/test17/358438.php
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
document.body.background =
|
||||||
|
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||||
|
|
||||||
|
window.setTimeout(function() {
|
||||||
|
isSecurityState("broken", "document.body.background='http://...' changed to broken");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
is(document.body.background,
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||||
|
"document backround secure again");
|
||||||
|
isSecurityState("secure", "secure after re-navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body background="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg">
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,38 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>iframe.src changes to unsecure redirect test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
var self = window;
|
||||||
|
var iframe = document.getElementById("iframe1");
|
||||||
|
iframe.onload = function() {
|
||||||
|
self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
|
||||||
|
self.finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
iframe.src =
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/iframeunsecredirect.sjs";
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<iframe id="iframe1" src="https://example.com/tests/security/ssl/mixedcontent/iframe.html"></iframe>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,41 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>img.src changes to unsecure test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
// This test, as is, equals to https://kuix.de/misc/test17/358438.php
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
document.getElementById("image1").src =
|
||||||
|
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||||
|
|
||||||
|
window.setTimeout(function() {
|
||||||
|
isSecurityState("broken", "src='http://...' changed to broken");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
is(document.getElementById("image1").src,
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||||
|
"img.src secure again");
|
||||||
|
isSecurityState("secure", "security full after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img id="image1" src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>img.src changes to unsecure test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
(new Image()).src =
|
||||||
|
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "(new Image()).src='http://...' changed to broken");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,39 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>img.src changes to unsecure redirect test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
document.getElementById("image1").src =
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/imgunsecredirect.sjs";
|
||||||
|
|
||||||
|
window.setTimeout(function() {
|
||||||
|
isSecurityState("broken", "src='redirect to unsecure' changed to broken");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
is(document.getElementById("image1").src,
|
||||||
|
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||||
|
"img.src secure again");
|
||||||
|
isSecurityState("secure", "security full after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img id="image1" src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,40 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>innerHTML changes to unsecure test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
document.getElementById("buddy").innerHTML =
|
||||||
|
"<img id='image1' src='http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg' />";
|
||||||
|
}, 1);
|
||||||
|
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "innerHTML loading insecure changed to broken");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
|
||||||
|
isSecurityState("secure");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body id="buddy"></body>
|
||||||
|
</html>
|
|
@ -0,0 +1,36 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>innerHTML changes to unsecure test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure");
|
||||||
|
|
||||||
|
document.getElementById("buddy").innerHTML =
|
||||||
|
"<img id='image1' src='http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg' />";
|
||||||
|
|
||||||
|
window.setTimeout(function() {
|
||||||
|
isSecurityState("broken", "innerHTML loading insecure changed to broken");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
|
||||||
|
isSecurityState("secure");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body id="buddy"></body>
|
||||||
|
</html>
|
|
@ -0,0 +1,38 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>All secure anti-regression check</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<link rel="stylesheet" type="text/css"
|
||||||
|
href="https://example.com/tests/security/ssl/mixedcontent/somestyle.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
// Navigation test goes over an insecure page, test state leak
|
||||||
|
navigateToInsecure = true;
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "insecure <img> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("secure", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||||
|
<img src="https://example.com/tests/security/ssl/mixedcontent/imgsecredirect.sjs" />
|
||||||
|
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframesecredirect.sjs" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Secure img load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
loadAsInsecure = true;
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("insecure", "left insecure");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("insecure", "left insecure after renavigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,31 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>background unsecure test</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
// This test, as is, equals to https://kuix.de/misc/test17/358438.php
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security broken");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body background="http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg">
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure css load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<link rel="stylesheet" type="text/css"
|
||||||
|
href="http://example.com/tests/security/ssl/mixedcontent/somestyle.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <img> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure iframe load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <iframe> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<iframe src="http://example.com/tests/security/ssl/mixedcontent/iframe.html"></iframe>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure iframe load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <iframe> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframe2.html"></iframe>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,37 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure redirect iframe load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure meta-tag <iframe> load breaks security");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
window.setTimeout(function()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframeMetaRedirect.html"></iframe>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure redirect iframe load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <iframe> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframeunsecredirect.sjs"></iframe>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure img load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <img> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img src="http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,20 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure img load in two windows</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
openTwoWindows = true;
|
||||||
|
testPage = "unsecurePictureDup.html";
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure img in iframe load</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <img> in an <iframe> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<iframe src="http://example.com/tests/security/ssl/mixedcontent/unsecureIframe.html"></iframe>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Redirect from secure to unsecure img</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <img> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img src="https://example.com/tests/security/ssl/mixedcontent/imgunsecredirect.sjs" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,9 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img src="http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,30 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Unsecure img load in two windows</title>
|
||||||
|
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||||
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||||
|
|
||||||
|
<script class="testbody" type="text/javascript">
|
||||||
|
|
||||||
|
function runTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "insecure <img> load breaks security");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
function afterNavigationTest()
|
||||||
|
{
|
||||||
|
isSecurityState("broken", "security still broken after navigation");
|
||||||
|
finish();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<img src="http://example.com/tests/security/ssl/mixedcontent/hugebmp.sjs" />
|
||||||
|
</body>
|
||||||
|
</html>
|
Загрузка…
Ссылка в новой задаче