File: test_CSP.html

package info (click to toggle)
firefox-esr 128.14.0esr-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,230,248 kB
  • sloc: cpp: 7,104,262; javascript: 6,088,450; ansic: 3,654,017; python: 1,212,326; xml: 594,604; asm: 420,654; java: 182,969; sh: 71,124; makefile: 20,739; perl: 13,449; objc: 12,399; yacc: 4,583; cs: 3,846; pascal: 2,973; lex: 1,720; ruby: 1,194; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (130 lines) | stat: -rw-r--r-- 4,173 bytes parent folder | download | duplicates (24) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
<!DOCTYPE HTML>
<html>
<head>
  <title>Test for Content Security Policy Connections</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<iframe style="width:200px;height:200px;" id='cspframe'></iframe>
<script class="testbody" type="text/javascript">

// These are test results: -1 means it hasn't run,
// true/false is the pass/fail result.
window.tests = {
  img_good: -1,
  img_bad: -1,
  style_good: -1,
  style_bad: -1,
  frame_good: -1,
  frame_bad: -1,
  script_good: -1,
  script_bad: -1,
  xhr_good: -1,
  xhr_bad: -1,
  fetch_good: -1,
  fetch_bad: -1,
  beacon_good: -1,
  beacon_bad: -1,
  media_good: -1,
  media_bad: -1,
  font_good: -1,
  font_bad: -1,
  object_good: -1,
  object_bad: -1,
};

SpecialPowers.registerObservers("csp-on-violate-policy");

// This is used to watch the blocked data bounce off CSP and allowed data
// get sent out to the wire.
function examiner() {
  SpecialPowers.addObserver(this, "csp-on-violate-policy");
  SpecialPowers.addObserver(this, "specialpowers-csp-on-violate-policy");
  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
}
examiner.prototype  = {
  observe(subject, topic, data) {
    var testpat = new RegExp("testid=([a-z0-9_]+)");

    //_good things better be allowed!
    //_bad things better be stopped!

    // This is a special observer topic that is proxied from
    // http-on-modify-request in the parent process to inform us when a URI is
    // loaded
    if (topic === "specialpowers-http-notify-request") {
      var uri = data;
      if (!testpat.test(uri)) return;
      var testid = testpat.exec(uri)[1];

      window.testResult(testid,
                        /_good/.test(testid),
                        uri + " allowed by csp");
    }

    if (topic === "csp-on-violate-policy" ||
        topic === "specialpowers-csp-on-violate-policy") {
      // these were blocked... record that they were blocked
      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
      if (!testpat.test(asciiSpec)) return;
      var testid = testpat.exec(asciiSpec)[1];
      window.testResult(testid,
                        /_bad/.test(testid),
                        asciiSpec + " blocked by \"" + data + "\"");
    }
  },

  // must eventually call this to remove the listener,
  // or mochitests might get borked.
  remove() {
    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
    SpecialPowers.removeObserver(this, "specialpowers-csp-on-violate-policy");
    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
  }
}

window.examiner = new examiner();

window.testResult = function(testname, result, msg) {
  // test already complete.... forget it... remember the first result.
  if (window.tests[testname] != -1)
    return;

  ok(testname in window.tests, "It's a real test");
  window.tests[testname] = result;
  is(result, true, testname + ' test: ' + msg);

  // if any test is incomplete, keep waiting
  for (var v in window.tests)
    if(tests[v] == -1)
      return;

  // ... otherwise, finish
  window.examiner.remove();
  SimpleTest.finish();
}

SimpleTest.waitForExplicitFinish();

SpecialPowers.pushPrefEnv(
  {'set':[// On a cellular connection the default preload value is 0 ("preload
          // none"). Our Android emulators emulate a cellular connection, and
          // so by default preload no media data. This causes the media_* tests
          // to timeout. We set the default used by cellular connections to the
          // same as used by non-cellular connections in order to get
          // consistent behavior across platforms/devices.
          ["media.preload.default", 2],
          ["media.preload.default.cellular", 2]]},
    function() {
      // save this for last so that our listeners are registered.
      // ... this loads the testbed of good and bad requests.
      document.getElementById('cspframe').src = 'file_main.html';
    });
</script>
</pre>
</body>
</html>