gecko/intl/uconv/tests/unit/test_bug601429.js

// Tests whether characters above 0x7F decode to ASCII characters liable to 
// expose XSS vulnerabilities
load('CharsetConversionTests.js');

function run_test() {
  var failures = false;
  var ccManager = Cc["@mozilla.org/charset-converter-manager;1"]
        .getService(Ci.nsICharsetConverterManager);
  var decodingConverter = CreateScriptableConverter();

  var charsetList = ccManager.getDecoderList();
  var counter = 0;
  while (charsetList.hasMore()) {
    ++counter;
    var charset = charsetList.getNext();
    dump("testing " + counter + " " + charset + "\n");
      
    try {
      decodingConverter.charset = charset;
    } catch(e) {
      dump("Warning: couldn't set decoder charset to " + charset + "\n");
      continue;
    }
    for (var i = 0x80; i < 0x100; ++i) {
      var inString = String.fromCharCode(i);
      var outString;
      try {
	outString = decodingConverter.ConvertToUnicode(inString) +
	                decodingConverter.Finish();
      } catch(e) {
	outString = String.fromCharCode(0xFFFD);
      }
      for (var n = 0; n < outString.length; ++n) {
	var outChar = outString.charAt(n);
	if (outChar == '<' || outChar == '>' || outChar == '/') {
	  dump(charset + " has a problem: " + escape(inString) +
	       " decodes to '" + outString + "'\n");
	  failures = true;
	}
      }
    }
  }
  if (failures) {
    do_throw("test failed\n");
  }
}
Block some Mac charsets. Bug 601429, r=emk, sr=dveditz, a=blocker 2010-11-08 02:27:40 -08:00			`// Tests whether characters above 0x7F decode to ASCII characters liable to`
			`// expose XSS vulnerabilities`
			`load('CharsetConversionTests.js');`

			`function run_test() {`
			`var failures = false;`
			`var ccManager = Cc["@mozilla.org/charset-converter-manager;1"]`
			`.getService(Ci.nsICharsetConverterManager);`
			`var decodingConverter = CreateScriptableConverter();`

			`var charsetList = ccManager.getDecoderList();`
			`var counter = 0;`
			`while (charsetList.hasMore()) {`
			`++counter;`
			`var charset = charsetList.getNext();`
			`dump("testing " + counter + " " + charset + "\n");`

			`try {`
			`decodingConverter.charset = charset;`
			`} catch(e) {`
			`dump("Warning: couldn't set decoder charset to " + charset + "\n");`
			`continue;`
			`}`
			`for (var i = 0x80; i < 0x100; ++i) {`
			`var inString = String.fromCharCode(i);`
			`var outString;`
			`try {`
			`outString = decodingConverter.ConvertToUnicode(inString) +`
			`decodingConverter.Finish();`
			`} catch(e) {`
			`outString = String.fromCharCode(0xFFFD);`
			`}`
			`for (var n = 0; n < outString.length; ++n) {`
			`var outChar = outString.charAt(n);`
			`if (outChar == '<' \|\| outChar == '>' \|\| outChar == '/') {`
			`dump(charset + " has a problem: " + escape(inString) +`
			`" decodes to '" + outString + "'\n");`
			`failures = true;`
			`}`
			`}`
			`}`
			`}`
			`if (failures) {`
			`do_throw("test failed\n");`
			`}`
			`}`