зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1082734 - Disable location.searchParams for cross-origin insecure data access, r=bz
This commit is contained in:
Andrea Marchesini
Родитель
acf08223bf
Коммит
ee837fa3fa
|
|
@ -281,7 +281,6 @@ skip-if = buildapp == 'mulet' || buildapp == 'b2g' || toolkit == 'android' || e1
|
|||
[test_history_state_null.html]
|
||||
[test_Image_constructor.html]
|
||||
[test_innersize_scrollport.html]
|
||||
[test_location_searchParams.html]
|
||||
[test_messageChannel.html]
|
||||
[test_messageChannel_cloning.html]
|
||||
[test_messageChannel_pingpong.html]
|
||||
|
|
|
|||
|
|
@ -1,89 +0,0 @@
|
|||
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1037715
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 1037715</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1037715">Mozilla Bug 1037715</a>
|
||||
<iframe id="a"></iframe>
|
||||
<script type="application/javascript">
|
||||
|
||||
var l;
|
||||
|
||||
var iframe = document.getElementById('a');
|
||||
function onload0() {
|
||||
iframe.removeEventListener('load', onload0);
|
||||
|
||||
l = iframe.contentWindow.location;
|
||||
is(l.searchParams.get('a'), 'test0', 'l.searchParams value is ok');
|
||||
|
||||
info('changing location from JS...');
|
||||
iframe.addEventListener('load', onload1);
|
||||
iframe.contentWindow.location.href = 'file_empty.html?a=test1';
|
||||
}
|
||||
|
||||
function onload1() {
|
||||
iframe.removeEventListener('load', onload1);
|
||||
|
||||
var ll = iframe.contentWindow.location;
|
||||
is(ll.searchParams.get('a'), 'test1', 'location.searchParams value is ok');
|
||||
is(l.searchParams.get('a'), 'test1', 'l.searchParams value is ok');
|
||||
isnot(ll.searchParams, l.searchParams, '2 different objects.');
|
||||
|
||||
info('changing location using l.searchParams...');
|
||||
iframe.addEventListener('load', onload2);
|
||||
l.searchParams.set('a', 'test2');
|
||||
}
|
||||
|
||||
function onload2() {
|
||||
iframe.removeEventListener('load', onload2);
|
||||
|
||||
var ll = iframe.contentWindow.location;
|
||||
is(ll.searchParams.get('a'), 'test2', 'location.searchParams value is ok');
|
||||
is(l.searchParams.get('a'), 'test2', 'l.searchParams value is ok');
|
||||
isnot(ll.searchParams, l.searchParams, '2 different objects.');
|
||||
|
||||
info('changing iframe.src...');
|
||||
iframe.addEventListener('load', onload3);
|
||||
l.search = 'a=test3';
|
||||
}
|
||||
|
||||
function onload3() {
|
||||
iframe.removeEventListener('load', onload3);
|
||||
|
||||
var ll = iframe.contentWindow.location;
|
||||
is(ll.searchParams.get('a'), 'test3', 'location.searchParams value is ok');
|
||||
is(l.searchParams.get('a'), 'test3', 'l.searchParams value is ok');
|
||||
isnot(ll.searchParams, l.searchParams, '2 different objects.');
|
||||
|
||||
info('changing iframe.src...');
|
||||
iframe.addEventListener('load', onload4);
|
||||
iframe.src = 'file_empty.html?a=test4';
|
||||
}
|
||||
|
||||
function onload4() {
|
||||
iframe.removeEventListener('load', onload4);
|
||||
|
||||
var ll = iframe.contentWindow.location;
|
||||
is(ll.searchParams.get('a'), 'test4', 'location.searchParams value is ok');
|
||||
is(l.searchParams.get('a'), 'test4', 'l.searchParams value is ok');
|
||||
isnot(ll.searchParams, l.searchParams, '2 different objects.');
|
||||
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
iframe.addEventListener('load', onload0);
|
||||
iframe.src = "file_empty.html?a=test0";
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
</script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -31,6 +31,7 @@ interface HTMLAnchorElement : HTMLElement {
|
|||
attribute DOMString text;
|
||||
};
|
||||
HTMLAnchorElement implements URLUtils;
|
||||
HTMLAnchorElement implements URLUtilsSearchParams;
|
||||
|
||||
// http://www.whatwg.org/specs/web-apps/current-work/#other-elements,-attributes-and-apis
|
||||
partial interface HTMLAnchorElement {
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ interface HTMLAreaElement : HTMLElement {
|
|||
// attribute DOMString type;
|
||||
};
|
||||
HTMLAreaElement implements URLUtils;
|
||||
HTMLAreaElement implements URLUtilsSearchParams;
|
||||
|
||||
// http://www.whatwg.org/specs/web-apps/current-work/#other-elements,-attributes-and-apis
|
||||
partial interface HTMLAreaElement {
|
||||
|
|
|
|||
|
|
@ -21,5 +21,6 @@ interface Location {
|
|||
[Throws]
|
||||
void reload(optional boolean forceget = false);
|
||||
};
|
||||
// No support for .searchParams on Location yet. See bug 1037715.
|
||||
// No support for .searchParams on Location yet. See bug 1082734.
|
||||
|
||||
Location implements URLUtils;
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
interface URL {
|
||||
};
|
||||
URL implements URLUtils;
|
||||
URL implements URLUtilsSearchParams;
|
||||
|
||||
partial interface URL {
|
||||
[Throws]
|
||||
|
|
|
|||
|
|
@ -40,8 +40,6 @@ interface URLUtils {
|
|||
[Throws]
|
||||
attribute ScalarValueString search;
|
||||
|
||||
attribute URLSearchParams searchParams;
|
||||
|
||||
[Throws]
|
||||
attribute ScalarValueString hash;
|
||||
|
||||
|
|
@ -49,3 +47,9 @@ interface URLUtils {
|
|||
[Throws]
|
||||
stringifier;
|
||||
};
|
||||
|
||||
[NoInterfaceObject,
|
||||
Exposed=(Window, Worker)]
|
||||
interface URLUtilsSearchParams {
|
||||
attribute URLSearchParams searchParams;
|
||||
};
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче