зеркало из https://github.com/mozilla/gecko-dev.git
Bug 452401 - Create tests for mixed content, r=kaie
--HG-- rename : security/manager/ssl/tests/mochitest/test_bug413909.html => security/manager/ssl/tests/mochitest/bugs/test_bug413909.html
This commit is contained in:
Родитель
349c9e2873
Коммит
e35cf3d5b5
|
@ -241,9 +241,11 @@ user_pref("javascript.options.jit.content", true);
|
|||
user_pref("gfx.color_management.force_srgb", true);
|
||||
user_pref("network.manage-offline-status", false);
|
||||
user_pref("security.default_personal_cert", "Select Automatically"); // Need to client auth test be w/o any dialogs
|
||||
user_pref("security.warn_viewing_mixed", false);
|
||||
|
||||
user_pref("camino.warn_when_closing", false); // Camino-only, harmless to others
|
||||
"""
|
||||
""" % { "downloadDir": (os.path.join(profileDir, "downloads")) }
|
||||
|
||||
prefs.append(part)
|
||||
|
||||
# Increase the max script run time 10-fold for debug builds
|
||||
|
|
|
@ -40,14 +40,11 @@ DEPTH = ../../../../..
|
|||
topsrcdir = @top_srcdir@
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
relativesrcdir = security/ssl
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
||||
_CHROME_FILES = \
|
||||
test_bug413909.html \
|
||||
MODULE = pipnss
|
||||
DIRS = \
|
||||
bugs \
|
||||
mixedcontent \
|
||||
$(NULL)
|
||||
|
||||
libs:: $(_CHROME_FILES)
|
||||
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is mozilla.org code.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Mozilla Foundation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 2007
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
# Jan Bambas <honzab@firemni.cz>
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either of the GNU General Public License Version 2 or later (the "GPL"),
|
||||
# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
DEPTH = ../../../../../..
|
||||
topsrcdir = @top_srcdir@
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
relativesrcdir = security/ssl
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
||||
_CHROME_FILES = \
|
||||
test_bug413909.html \
|
||||
$(NULL)
|
||||
|
||||
libs:: $(_CHROME_FILES)
|
||||
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
|
|
@ -0,0 +1,106 @@
|
|||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is mozilla.org code.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Mozilla Foundation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 2007
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
# Jan Bambas <honzab@firemni.cz>
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either of the GNU General Public License Version 2 or later (the "GPL"),
|
||||
# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
DEPTH = ../../../../../..
|
||||
topsrcdir = @top_srcdir@
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
relativesrcdir = security/ssl/mixedcontent
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
||||
_TEST_FILES = \
|
||||
alloworigin.sjs \
|
||||
backward.html \
|
||||
bug329869.js \
|
||||
bug383369step2.html \
|
||||
bug383369step3.html \
|
||||
download.auto \
|
||||
download.auto^headers^ \
|
||||
emptyimage.sjs \
|
||||
hugebmp.sjs \
|
||||
iframe.html \
|
||||
iframe2.html \
|
||||
iframeMetaRedirect.html \
|
||||
iframesecredirect.sjs \
|
||||
iframeunsecredirect.sjs \
|
||||
imgsecredirect.sjs \
|
||||
imgunsecredirect.sjs \
|
||||
mixedContentTest.js \
|
||||
moonsurface.jpg \
|
||||
redirecttoemptyimage.sjs \
|
||||
somestyle.css \
|
||||
test_bug383369.html \
|
||||
test_bug455367.html \
|
||||
test_bug472986.html \
|
||||
test_cssBefore1.html \
|
||||
test_cssContent1.html \
|
||||
test_cssContent2.html \
|
||||
test_documentWrite1.html \
|
||||
test_documentWrite2.html \
|
||||
test_dynDelayedUnsecurePicture.html \
|
||||
test_dynDelayedUnsecureXHR.html \
|
||||
test_dynUnsecureBackground.html \
|
||||
test_dynUnsecureIframeRedirect.html \
|
||||
test_dynUnsecurePicture.html \
|
||||
test_dynUnsecurePicturePreload.html \
|
||||
test_dynUnsecureRedirect.html \
|
||||
test_innerHtmlDelayedUnsecurePicture.html \
|
||||
test_innerHtmlUnsecurePicture.html \
|
||||
test_secureAll.html \
|
||||
test_securePicture.html \
|
||||
test_unsecureBackground.html \
|
||||
test_unsecureCSS.html \
|
||||
test_unsecureIframe.html \
|
||||
test_unsecureIframe2.html \
|
||||
test_unsecureIframeMetaRedirect.html \
|
||||
test_unsecureIframeRedirect.html \
|
||||
test_unsecurePicture.html \
|
||||
test_unsecurePictureDup.html \
|
||||
test_unsecurePictureInIframe.html \
|
||||
test_unsecureRedirect.html \
|
||||
unsecureIframe.html \
|
||||
unsecurePictureDup.html \
|
||||
$(NULL)
|
||||
|
||||
# test_bug329869.html \ leaks, bug 452401
|
||||
|
||||
|
||||
libs:: $(_TEST_FILES)
|
||||
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
|
|
@ -0,0 +1,6 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 200, "OK");
|
||||
response.setHeader("Access-Control-Allow-Origin", "*");
|
||||
response.write("<html><body>hello!</body></html>");
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<script type="text/javascript">
|
||||
|
||||
window.onload = function()
|
||||
{
|
||||
window.setTimeout(function()
|
||||
{
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
window.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
|
||||
.getInterface(Components.interfaces.nsIWebNavigation)
|
||||
.goBack();
|
||||
}, 100);
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
|
@ -0,0 +1,3 @@
|
|||
document.write("This is insecure XSS script " + document.cookie);
|
||||
todoSecurityState("broken", "security broken after document write from unsecure script");
|
||||
finish();
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 383369 test, step 2</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/does_not_exist.css">
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
window.onload = function runTest()
|
||||
{
|
||||
window.setTimeout(function ()
|
||||
{
|
||||
window.location =
|
||||
"https://example.com/tests/security/ssl/mixedcontent/bug383369step3.html?runtest";
|
||||
}, 0);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,29 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 383369 test, final step</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure", "secure page after insecure download and insecure subcontent still secure");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("secure", "still secure after back/forward");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1 @@
|
|||
Temporary file for security/mixedconent tests
|
|
@ -0,0 +1,2 @@
|
|||
Content-disposition: "attachment"
|
||||
Content-type: application/x-auto-download
|
|
@ -0,0 +1,5 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 200, "OK");
|
||||
//response.setHeader("Content-type", "image/gif");
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 200, "OK");
|
||||
response.setHeader("Content-type", "image/bitmap");
|
||||
|
||||
let bmpheader = "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
|
||||
let bmpdatapiece = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
||||
|
||||
response.bodyOutputStream.write(bmpheader, 54);
|
||||
// Fill 640*480*3 nulls
|
||||
for (let i = 0; i < (640 * 480 * 3) / 64; ++i)
|
||||
response.bodyOutputStream.write(bmpdatapiece, 64);
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
This is frame 1:
|
||||
<script>
|
||||
document.write(location.href);
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,13 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
This is frame 2:
|
||||
<script>
|
||||
document.write(location.href);
|
||||
</script>
|
||||
<iframe src="http://example.com/tests/security/ssl/mixedcontent/iframe.html"></iframe>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,8 @@
|
|||
<!DOCTYPE HTML>
|
||||
<META http-equiv="Refresh"
|
||||
Content="0; URL=http://example.com/tests/security/ssl/mixedcontent/iframe.html">
|
||||
<html>
|
||||
<body>
|
||||
Redirecting by meta tag...
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,5 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||
response.setHeader("Location", "https://example.com/tests/security/ssl/mixedcontent/iframe.html");
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||
response.setHeader("Location", "http://example.com/tests/security/ssl/mixedcontent/iframe.html");
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||
response.setHeader("Location", "https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg");
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||
response.setHeader("Location", "http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg");
|
||||
}
|
|
@ -0,0 +1,210 @@
|
|||
/**
|
||||
* Helper script for mixed content testing. It opens a new top-level window
|
||||
* from a secure origin and '?runtest' query. That tells us to run the test
|
||||
* body, function runTest(). Then we wait for call of finish(). On its first
|
||||
* call it loads helper page 'backward.html' that immediately navigates
|
||||
* back to the test secure test. This checks the bfcache. We got second call
|
||||
* to onload and this time we call afterNavigationTest() function to let the
|
||||
* test check security state after re-navigation back. Then we again wait for
|
||||
* finish() call, that this time finishes completelly the test.
|
||||
*/
|
||||
|
||||
// Tells the framework if to load the test in an insecure page (http://)
|
||||
var loadAsInsecure = false;
|
||||
// Set true to bypass the navigation forward/back test
|
||||
var bypassNavigationTest = false;
|
||||
// Set true to do forward/back navigation over an http:// page, test state leaks
|
||||
var navigateToInsecure = false;
|
||||
// Open the test in two separate windows, test requests sharing among windows
|
||||
var openTwoWindows = false;
|
||||
// Override the name of the test page to load, useful e.g. to prevent load
|
||||
// of images or other content before the test starts; this is actually
|
||||
// a 'redirect' to a different test page.
|
||||
var testPage = "";
|
||||
// Assign a function to this variable to have a clean up at the end
|
||||
var testCleanUp = null;
|
||||
|
||||
|
||||
// Internal variables
|
||||
var _windowCount = 0;
|
||||
|
||||
window.onload = function onLoad()
|
||||
{
|
||||
if (location.search == "?runtest")
|
||||
{
|
||||
try
|
||||
{
|
||||
if (history.length == 1)
|
||||
runTest();
|
||||
else
|
||||
afterNavigationTest();
|
||||
}
|
||||
catch (ex)
|
||||
{
|
||||
ok(false, "Exception thrown during test: " + ex);
|
||||
finish();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
window.addEventListener("message", onMessageReceived, false);
|
||||
|
||||
var secureTestLocation;
|
||||
if (loadAsInsecure)
|
||||
secureTestLocation = "http://example.com";
|
||||
else
|
||||
secureTestLocation = "https://example.com";
|
||||
secureTestLocation += location.pathname
|
||||
if (testPage != "")
|
||||
{
|
||||
array = secureTestLocation.split("/");
|
||||
array.pop();
|
||||
array.push(testPage);
|
||||
secureTestLocation = array.join("/");
|
||||
}
|
||||
secureTestLocation += "?runtest";
|
||||
|
||||
if (openTwoWindows)
|
||||
{
|
||||
_windowCount = 2;
|
||||
window.open(secureTestLocation, "_new1", "");
|
||||
window.open(secureTestLocation, "_new2", "");
|
||||
}
|
||||
else
|
||||
{
|
||||
_windowCount = 1;
|
||||
window.open(secureTestLocation);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function onMessageReceived(event)
|
||||
{
|
||||
switch (event.data)
|
||||
{
|
||||
// Indication of all test parts finish (from any of the frames)
|
||||
case "done":
|
||||
if (--_windowCount == 0)
|
||||
{
|
||||
if (testCleanUp)
|
||||
testCleanUp();
|
||||
|
||||
SimpleTest.finish();
|
||||
}
|
||||
break;
|
||||
|
||||
// Any other message indicates error or succes message of a test
|
||||
default:
|
||||
var failureRegExp = new RegExp("^FAILURE");
|
||||
var todoRegExp = new RegExp("^TODO");
|
||||
if (event.data.match(todoRegExp))
|
||||
SimpleTest.todo(false, event.data);
|
||||
else
|
||||
SimpleTest.ok(!event.data.match(failureRegExp), event.data);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
function postMsg(message)
|
||||
{
|
||||
opener.postMessage(message, "http://localhost:8888");
|
||||
}
|
||||
|
||||
function finish()
|
||||
{
|
||||
if (history.length == 1 && !bypassNavigationTest)
|
||||
{
|
||||
window.setTimeout(function()
|
||||
{
|
||||
window.location.assign(navigateToInsecure ?
|
||||
"http://example.com/tests/security/ssl/mixedcontent/backward.html" :
|
||||
"https://example.com/tests/security/ssl/mixedcontent/backward.html");
|
||||
}, 0);
|
||||
}
|
||||
else
|
||||
{
|
||||
postMsg("done");
|
||||
window.close();
|
||||
}
|
||||
}
|
||||
|
||||
function ok(a, message)
|
||||
{
|
||||
if (!a)
|
||||
postMsg("FAILURE: " + message);
|
||||
else
|
||||
postMsg(message);
|
||||
}
|
||||
|
||||
function is(a, b, message)
|
||||
{
|
||||
if (a != b)
|
||||
postMsg("FAILURE: " + message + ", expected "+b+" got "+a);
|
||||
else
|
||||
postMsg(message + ", expected "+b+" got "+a);
|
||||
}
|
||||
|
||||
function todo(a, message)
|
||||
{
|
||||
if (a)
|
||||
postMsg("FAILURE: TODO works? " + message);
|
||||
else
|
||||
postMsg("TODO: " + message);
|
||||
}
|
||||
|
||||
function todoSecurityState(expectedState, message)
|
||||
{
|
||||
isSecurityState(expectedState, message, todo);
|
||||
}
|
||||
|
||||
function isSecurityState(expectedState, message, test)
|
||||
{
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
if (!test)
|
||||
test = ok;
|
||||
|
||||
// Quit nasty but working :)
|
||||
var ui = window
|
||||
.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
|
||||
.getInterface(Components.interfaces.nsIWebNavigation)
|
||||
.QueryInterface(Components.interfaces.nsIDocShell)
|
||||
.securityUI;
|
||||
|
||||
var isInsecure = !ui ||
|
||||
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_INSECURE);
|
||||
var isBroken = ui &&
|
||||
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_BROKEN);
|
||||
var isEV = ui &&
|
||||
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
|
||||
|
||||
var gotState;
|
||||
if (isInsecure)
|
||||
gotState = "insecure";
|
||||
else if (isBroken)
|
||||
gotState = "broken";
|
||||
else if (isEV)
|
||||
gotState = "EV";
|
||||
else
|
||||
gotState = "secure";
|
||||
|
||||
test(gotState == expectedState, (message || "") + ", " + "expected " + expectedState + " got " + gotState);
|
||||
|
||||
switch (expectedState)
|
||||
{
|
||||
case "insecure":
|
||||
test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || ""));
|
||||
break;
|
||||
case "broken":
|
||||
test(ui && !isInsecure && isBroken && !isEV, "for 'broken' expected flags [0,1,0], " + (message || ""));
|
||||
break;
|
||||
case "secure":
|
||||
test(ui && !isInsecure && !isBroken && !isEV, "for 'secure' expected flags [0,0,0], " + (message || ""));
|
||||
break;
|
||||
case "EV":
|
||||
test(ui && !isInsecure && !isBroken && isEV, "for 'EV' expected flags [0,0,1], " + (message || ""));
|
||||
break;
|
||||
default:
|
||||
throw "Invalid isSecurityState state";
|
||||
}
|
||||
}
|
Двоичный файл не отображается.
После Ширина: | Высота: | Размер: 51 KiB |
|
@ -0,0 +1,5 @@
|
|||
function handleRequest(request, response)
|
||||
{
|
||||
response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
|
||||
response.setHeader("Location", "http://example.com/tests/security/ssl/mixedcontent/emptyimage.sjs");
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
body
|
||||
{
|
||||
background-color: lightBlue;
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>dymanic script load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
window.setTimeout(function()
|
||||
{
|
||||
var newElement = document.createElement("script");
|
||||
newElement.src= "http://example.org/tests/security/ssl/mixedcontent/bug329869.js";
|
||||
document.body.appendChild(newElement);
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,91 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 383369 test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
// We want to start this test from an insecure context
|
||||
loadAsInsecure = true;
|
||||
// We don't want to go through the navigation back/forward test
|
||||
bypassNavigationTest = true;
|
||||
|
||||
function runTest()
|
||||
{
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
// Force download to be w/o user assistance for our testing mime type
|
||||
const mimeSvc = Components.classes["@mozilla.org/mime;1"]
|
||||
.getService(Components.interfaces.nsIMIMEService);
|
||||
var handlerInfo = mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
|
||||
handlerInfo.preferredAction = Components.interfaces.nsIHandlerInfo.saveToDisk;
|
||||
handlerInfo.alwaysAskBeforeHandling = false;
|
||||
handlerInfo.preferredApplicationHandler = null;
|
||||
|
||||
const handlerSvc = Components.classes["@mozilla.org/uriloader/handler-service;1"]
|
||||
.getService(Components.interfaces.nsIHandlerService);
|
||||
handlerSvc.store(handlerInfo);
|
||||
|
||||
var dirProvider = Components.classes["@mozilla.org/file/directory_service;1"]
|
||||
.getService(Components.interfaces.nsIProperties);
|
||||
var profileDir = dirProvider.get("ProfDS", Components.interfaces.nsIFile);
|
||||
profileDir.append("downloads");
|
||||
|
||||
var prefs = Components.classes["@mozilla.org/preferences-service;1"]
|
||||
.getService(Components.interfaces.nsIPrefService);
|
||||
prefs = prefs.getBranch("browser.download.");
|
||||
|
||||
prefs.setCharPref("dir", profileDir.path);
|
||||
prefs.setIntPref("folderList", 2);
|
||||
prefs.setBoolPref("manager.closeWhenDone", true);
|
||||
prefs.setBoolPref("manager.showWhenStarting", false);
|
||||
|
||||
var downloadManager = Components.classes["@mozilla.org/download-manager;1"]
|
||||
.getService(Components.interfaces.nsIDownloadManager);
|
||||
var theWindow = window;
|
||||
window.setTimeout(function()
|
||||
{
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
downloadManager.cleanUp();
|
||||
theWindow.location = "bug383369step2.html";
|
||||
}, 3000);
|
||||
|
||||
window.location = "download.auto";
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
}
|
||||
|
||||
testCleanUp = function cleanup()
|
||||
{
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
const mimeSvc = Components.classes["@mozilla.org/mime;1"]
|
||||
.getService(Components.interfaces.nsIMIMEService);
|
||||
var handlerInfo = mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
|
||||
|
||||
const handlerSvc = Components.classes["@mozilla.org/uriloader/handler-service;1"]
|
||||
.getService(Components.interfaces.nsIHandlerService);
|
||||
handlerSvc.remove(handlerInfo);
|
||||
|
||||
var prefs = Components.classes["@mozilla.org/preferences-service;1"]
|
||||
.getService(Components.interfaces.nsIPrefService);
|
||||
prefs = prefs.getBranch("browser.download.");
|
||||
|
||||
prefs.setCharPref("dir", "");
|
||||
prefs.setIntPref("folderList", 0);
|
||||
prefs.setBoolPref("manager.closeWhenDone", false);
|
||||
prefs.setBoolPref("manager.showWhenStarting", true);
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>No content image doesn't break security</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure", "secure");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("secure", "secure after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="https://example.com/tests/security/ssl/mixedcontent/redirecttoemptyimage.sjs" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,42 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>img.src replace</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
// Clear the default onload assigned to test start because we must
|
||||
// wait for replaced image to load and only after that test the security state
|
||||
var onLoadFunction = window.onload;
|
||||
window.onload = function()
|
||||
{
|
||||
window.setTimeout(onLoadFunction, 500);
|
||||
}
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure", "secure");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("secure", "secure after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img id="img1" src="https://example.com/tests/security/ssl/mixedcontent/hugebmp.sjs" />
|
||||
<script type="text/javascript">
|
||||
var img1 = document.getElementById("img1");
|
||||
img1.src = "https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,38 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>CSS :before styling 1</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
<style type="text/css">
|
||||
p:before
|
||||
{
|
||||
content: url(http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg);
|
||||
}
|
||||
</style>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure content added by :before styling breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<p>
|
||||
There is a moon surface left to this text
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,37 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>CSS conent styling 1</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<style type="text/css">
|
||||
p
|
||||
{
|
||||
content: url(http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg);
|
||||
}
|
||||
</style>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure content added by :before styling breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<p></p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,37 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>CSS conent styling 2</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
document.getElementById("para").style.content =
|
||||
"url('http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg')";
|
||||
|
||||
window.setTimeout(function() {
|
||||
isSecurityState("broken", "insecure content added by styling breaks security");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
is(document.getElementById("para").style.content, "");
|
||||
isSecurityState("secure", "security full after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<p id="para"></p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,33 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>document.write('<img src="http://">')</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <img> written dynamically breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script class="testbody" type="text/javascript">
|
||||
document.write(
|
||||
"<img src='http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg' />");
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,33 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>document.write('<iframe src="http://">')</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure iframe written dynamically breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script class="testbody" type="text/javascript">
|
||||
document.write(
|
||||
"<iframe src='http://example.com/tests/security/ssl/mixedcontent/iframe.html'></iframe>");
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,42 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>img.src changes to unsecure test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
window.setTimeout(function() {
|
||||
// Don't do this synchronously from onload handler
|
||||
document.getElementById("image1").src =
|
||||
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||
}, 0);
|
||||
|
||||
window.setTimeout(function() {
|
||||
isSecurityState("broken", "src='http://...' changed to broken");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
is(document.getElementById("image1").src,
|
||||
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||
"img.src secure again");
|
||||
isSecurityState("secure", "security full after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img id="image1" src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,46 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>unsecure XHR test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
window.setTimeout(function()
|
||||
{
|
||||
try
|
||||
{
|
||||
var req = new XMLHttpRequest();
|
||||
req.open("GET", "http://example.com/tests/security/ssl/mixedcontent/alloworigin.sjs", false);
|
||||
req.send(null);
|
||||
|
||||
// Change should be immediate, the request was sent synchronously
|
||||
todoSecurityState("broken", "security broken after insecure XHR");
|
||||
}
|
||||
catch (ex)
|
||||
{
|
||||
ok(false, ex);
|
||||
}
|
||||
|
||||
finish();
|
||||
}, 0);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("secure", "security full after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,40 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>body.background changes to unsecure test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
// This test, as is, equals to https://kuix.de/misc/test17/358438.php
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
document.body.background =
|
||||
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||
|
||||
window.setTimeout(function() {
|
||||
isSecurityState("broken", "document.body.background='http://...' changed to broken");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
is(document.body.background,
|
||||
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||
"document backround secure again");
|
||||
isSecurityState("secure", "secure after re-navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body background="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg">
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,38 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>iframe.src changes to unsecure redirect test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
var self = window;
|
||||
var iframe = document.getElementById("iframe1");
|
||||
iframe.onload = function() {
|
||||
self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
|
||||
self.finish();
|
||||
}
|
||||
|
||||
iframe.src =
|
||||
"https://example.com/tests/security/ssl/mixedcontent/iframeunsecredirect.sjs";
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<iframe id="iframe1" src="https://example.com/tests/security/ssl/mixedcontent/iframe.html"></iframe>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,41 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>img.src changes to unsecure test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
// This test, as is, equals to https://kuix.de/misc/test17/358438.php
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
document.getElementById("image1").src =
|
||||
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||
|
||||
window.setTimeout(function() {
|
||||
isSecurityState("broken", "src='http://...' changed to broken");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
is(document.getElementById("image1").src,
|
||||
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||
"img.src secure again");
|
||||
isSecurityState("secure", "security full after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img id="image1" src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,32 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>img.src changes to unsecure test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
(new Image()).src =
|
||||
"http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg";
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "(new Image()).src='http://...' changed to broken");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,39 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>img.src changes to unsecure redirect test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
document.getElementById("image1").src =
|
||||
"https://example.com/tests/security/ssl/mixedcontent/imgunsecredirect.sjs";
|
||||
|
||||
window.setTimeout(function() {
|
||||
isSecurityState("broken", "src='redirect to unsecure' changed to broken");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
is(document.getElementById("image1").src,
|
||||
"https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg",
|
||||
"img.src secure again");
|
||||
isSecurityState("secure", "security full after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img id="image1" src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,40 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>innerHTML changes to unsecure test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
|
||||
window.setTimeout(function()
|
||||
{
|
||||
document.getElementById("buddy").innerHTML =
|
||||
"<img id='image1' src='http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg' />";
|
||||
}, 1);
|
||||
|
||||
window.setTimeout(function()
|
||||
{
|
||||
isSecurityState("broken", "innerHTML loading insecure changed to broken");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
|
||||
isSecurityState("secure");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body id="buddy"></body>
|
||||
</html>
|
|
@ -0,0 +1,36 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>innerHTML changes to unsecure test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure");
|
||||
|
||||
document.getElementById("buddy").innerHTML =
|
||||
"<img id='image1' src='http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg' />";
|
||||
|
||||
window.setTimeout(function() {
|
||||
isSecurityState("broken", "innerHTML loading insecure changed to broken");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
|
||||
isSecurityState("secure");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body id="buddy"></body>
|
||||
</html>
|
|
@ -0,0 +1,38 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>All secure anti-regression check</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="https://example.com/tests/security/ssl/mixedcontent/somestyle.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
// Navigation test goes over an insecure page, test state leak
|
||||
navigateToInsecure = true;
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("secure", "insecure <img> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("secure", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||
<img src="https://example.com/tests/security/ssl/mixedcontent/imgsecredirect.sjs" />
|
||||
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframesecredirect.sjs" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,32 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Secure img load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
loadAsInsecure = true;
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("insecure", "left insecure");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("insecure", "left insecure after renavigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="https://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,31 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>background unsecure test</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
// This test, as is, equals to https://kuix.de/misc/test17/358438.php
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "security broken");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body background="http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg">
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,32 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure css load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="http://example.com/tests/security/ssl/mixedcontent/somestyle.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <img> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure iframe load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <iframe> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<iframe src="http://example.com/tests/security/ssl/mixedcontent/iframe.html"></iframe>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure iframe load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <iframe> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframe2.html"></iframe>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,37 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure redirect iframe load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
window.setTimeout(function()
|
||||
{
|
||||
isSecurityState("broken", "insecure meta-tag <iframe> load breaks security");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
window.setTimeout(function()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}, 500);
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframeMetaRedirect.html"></iframe>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure redirect iframe load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <iframe> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<iframe src="https://example.com/tests/security/ssl/mixedcontent/iframeunsecredirect.sjs"></iframe>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure img load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <img> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,20 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure img load in two windows</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
openTwoWindows = true;
|
||||
testPage = "unsecurePictureDup.html";
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure img in iframe load</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <img> in an <iframe> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<iframe src="http://example.com/tests/security/ssl/mixedcontent/unsecureIframe.html"></iframe>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Redirect from secure to unsecure img</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <img> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="https://example.com/tests/security/ssl/mixedcontent/imgunsecredirect.sjs" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,9 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="http://example.com/tests/security/ssl/mixedcontent/moonsurface.jpg" />
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Unsecure img load in two windows</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="mixedContentTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
function runTest()
|
||||
{
|
||||
isSecurityState("broken", "insecure <img> load breaks security");
|
||||
finish();
|
||||
}
|
||||
|
||||
function afterNavigationTest()
|
||||
{
|
||||
isSecurityState("broken", "security still broken after navigation");
|
||||
finish();
|
||||
}
|
||||
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<img src="http://example.com/tests/security/ssl/mixedcontent/hugebmp.sjs" />
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче