Bug 341604 - tests for iframe sandbox - workers r=jst

2024-09-13 09:24:08 -07:00 · 2012-08-20 11:34:33 -07:00 · 2012-08-20 11:34:33 -07:00 · 08e8f4becb
commit 08e8f4becb
parent 488c17dbef
4 changed files with 141 additions and 0 deletions
--- a/content/html/content/test/Makefile.in
+++ b/content/html/content/test/Makefile.in
@ -270,6 +270,9 @@ MOCHITEST_FILES = \
 		file_iframe_sandbox_b_if1.html \
 		file_iframe_sandbox_b_if2.html \
 		file_iframe_sandbox_b_if3.html \
+		test_iframe_sandbox_workers.html \
+		file_iframe_sandbox_g_if1.html \
+		file_iframe_sandbox_worker.js \
 		$(NULL)

 MOCHITEST_BROWSER_FILES = \
--- a/content/html/content/test/file_iframe_sandbox_g_if1.html
+++ b/content/html/content/test/file_iframe_sandbox_g_if1.html
@ -0,0 +1,61 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 341604</title>
+  <script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<script type="text/javascript">
+  function ok(result, desc) {
+    window.parent.postMessage({ok: result, desc: desc}, "*");
+  }
+
+  function doStuff() {
+    // test data URI
+
+    // self.onmessage = function(event) {
+    //   self.postMessage('make it so');
+    // };
+    var data_url = "data:text/plain;charset=utf-8;base64,c2VsZi5vbm1lc3NhZ2UgPSBmdW5jdGlvbihldmVudCkgeyAgDQogICAgc2VsZi5wb3N0TWVzc2FnZSgnbWFrZSBpdCBzbycpOyAgDQp9Ow==";
+    var worker_data = new Worker(data_url);
+    worker_data.addEventListener('message', function(event) {
+      ok(true, "a worker in a sandboxed document should be able to be loaded from a data: URI");
+    }, false);
+
+    worker_data.postMessage("engage!");
+
+    // test a blob URI we created (will have the same null principal
+    // as us
+    var b = new Blob(["onmessage = function(event) { self.postMessage('make it so');};"]);
+
+    var blobURL = URL.createObjectURL(b);
+
+    var worker_blob = new Worker(blobURL);
+
+    worker_blob.addEventListener('message', function(event) {
+      ok(true, "a worker in a sandboxed document should be able to be loaded from a blob URI " +
+         "created by that sandboxed document");
+    }, false);
+
+    worker_blob.postMessage("engage!");
+
+    // test loading with relative url - this should fail since we are
+    // sandboxed and have a null principal
+    var worker_js = new Worker('file_iframe_sandbox_worker.js');
+
+    worker_js.onerror = function(error) {
+      ok(true, "a worker in a sandboxed document should not be able to load from a relative URI");
+    }
+
+    worker_js.addEventListener('message', function(event) {
+      ok(false, "a worker in a sandboxed document should not be able to load from a relative URI");
+    }, false);
+
+    worker_js.postMessage('engage');
+  }
+</script>
+<body onload='doStuff();'>
+  I am sandboxed but with "allow-scripts"
+</body>
+</html>
--- a/content/html/content/test/file_iframe_sandbox_worker.js
+++ b/content/html/content/test/file_iframe_sandbox_worker.js
@ -0,0 +1,3 @@
+self.onmessage = function(event) {
+  self.postMessage('make it so');
+};
--- a/content/html/content/test/test_iframe_sandbox_workers.html
+++ b/content/html/content/test/test_iframe_sandbox_workers.html
@ -0,0 +1,74 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=341604
+Implement HTML5 sandbox attribute for IFRAMEs - tests for workers
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 341604</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<script type="application/javascript">
+/** Test for Bug 341604 - Implement HTML5 sandbox attribute for IFRAMEs - test for workers **/
+
+SimpleTest.waitForExplicitFinish();
+
+// a postMessage handler that is used by sandboxed iframes without
+// 'allow-same-origin' to communicate pass/fail back to this main page.
+// it expects to be called with an object like {ok: true/false, desc:
+// <description of the test> which it then forwards to ok()
+window.addEventListener("message", receiveMessage, false);
+
+function receiveMessage(event)
+{
+  ok_wrapper(event.data.ok, event.data.desc);
+}
+
+var completedTests = 0;
+var passedTests = 0;
+
+function ok_wrapper(result, desc) {
+  ok(result, desc);
+
+  completedTests++;
+
+  if (result) {
+    passedTests++;
+  }
+
+  if (completedTests == 3) {
+    is(passedTests, 3, "There are 3 worker tests that should pass");
+    SimpleTest.finish();
+  }
+}
+
+function doTest() {
+  // passes if good
+  // 1) test that a worker in a sandboxed iframe with 'allow-scripts' can be loaded
+  // from a data: URI
+  // (done by file_iframe_sandbox_g_if1.html)
+
+  // passes if good
+  // 2) test that a worker in a sandboxed iframe with 'allow-scripts' can be loaded
+  // from a blob URI created by the sandboxed document itself
+  // (done by file_iframe_sandbox_g_if1.html)
+
+  // passes if good
+  // 3) test that a worker in a sandboxed iframe with 'allow-scripts' without
+  // 'allow-same-origin' cannot load a script via a relative URI
+  // (done by file_iframe_sandbox_g_if1.html)
+}
+
+addLoadEvent(doTest);
+</script>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=341604">Mozilla Bug 341604</a> - Implement HTML5 sandbox attribute for IFRAMEs
+<p id="display"></p>
+<div id="content">
+<iframe sandbox="allow-scripts" id="if_1" src="file_iframe_sandbox_g_if1.html" height="10" width="10"></iframe>
+</div>
+</body>
+</html>