Bug 1166910 - Add tests for referrer attribute for img tag. r=ckerschb, r=hsivonen

dom/base/test/img_referrer_testserver.sjs

@@ -0,0 +1,212 @@
+var BASE_URL = 'example.com/tests/dom/base/test/img_referrer_testserver.sjs';
+
+function createTestUrl(aPolicy, aAction, aName) {
+  return 'http://' + BASE_URL + '?' +
+         'action=' + aAction + '&' +
+         'policy=' + aPolicy + '&' +
+         'name=' + aName;
+}
+
+function createTestPage(aHead, aImgPolicy, aName) {
+  var _createTestUrl = createTestUrl.bind(null, aImgPolicy, 'test', aName);
+
+  return '<!DOCTYPE HTML>\n\
+         <html>'+
+            aHead +
+           '<body>\n\
+             <img src="' + _createTestUrl('img') + '" referrer="' + aImgPolicy + '" id="image"></img>\n\
+             <script>' +
+
+               // LOAD EVENT (of the test)
+               // fires when the img resource for the page is loaded
+               'window.addEventListener("load", function() {\n\
+                 parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\
+               }.bind(window), false);' +
+
+             '</script>\n\
+           </body>\n\
+         </html>';
+}
+
+// Creates the following test cases for the specified referrer
+// policy combination:
+//   <img> with referrer
+function createTest(aPolicy, aImgPolicy, aName) {
+  var headString = '<head>';
+  if (aPolicy) {
+    headString += '<meta name="referrer" content="' + aPolicy + '">';
+  }
+
+  headString += '<script></script>';
+
+  return createTestPage(headString, aImgPolicy, aName);
+}
+
+// testing regular load img with referrer policy
+// speculative parser should not kick in here
+function createTest2(aImgPolicy, name) {
+  return createTestPage('', aImgPolicy, name);
+}
+
+function createTest3(aImgPolicy1, aImgPolicy2, aImgPolicy3, aName) {
+  return '<!DOCTYPE HTML>\n\
+         <html>\n\
+           <body>\n\
+             <img src="' + createTestUrl(aImgPolicy1, 'test', aName + aImgPolicy1) + '" referrer="' + aImgPolicy1 + '" id="image"></img>\n\
+             <img src="' + createTestUrl(aImgPolicy2, 'test', aName + aImgPolicy2) + '" referrer="' + aImgPolicy2 + '" id="image"></img>\n\
+             <img src="' + createTestUrl(aImgPolicy3, 'test', aName + aImgPolicy3) + '" referrer="' + aImgPolicy3 + '" id="image"></img>\n\
+             <script>\n\
+               var _numLoads = 0;' +
+
+               // LOAD EVENT (of the test)
+               // fires when the img resource for the page is loaded
+               'window.addEventListener("load", function() {\n\
+                  parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\
+               }.bind(window), false);' +
+
+             '</script>\n\
+           </body>\n\
+         </html>';
+}
+
+function createTestPage2(aHead, aPolicy, aName) {
+  return '<!DOCTYPE HTML>\n\
+         <html>'+
+            aHead +
+           '<body>\n\
+             <img src="' + createTestUrl(aPolicy, "test", aName) + '" id="image"></img>\n\
+             <script>' +
+
+               // LOAD EVENT (of the test)
+               // fires when the img resource for the page is loaded
+               'window.addEventListener("load", function() {\n\
+                 parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\
+               }.bind(window), false);' +
+
+             '</script>\n\
+           </body>\n\
+         </html>';
+}
+
+function createTest4(aPolicy, aName) {
+  var headString = '<head>';
+  headString += '<meta name="referrer" content="' + aPolicy + '">';
+  headString += '<script></script>';
+
+  return createTestPage2(headString, aPolicy, aName);
+}
+
+function createTest5(aPolicy, aName) {
+  var headString = '<head>';
+  headString += '<meta name="referrer" content="' + aPolicy + '">';
+
+  return createTestPage2(headString, aPolicy, aName);
+}
+
+function handleRequest(request, response) {
+  var sharedKey = 'img_referrer_testserver.sjs';
+  var params = request.queryString.split('&');
+  var action = params[0].split('=')[1];
+
+  response.setHeader('Cache-Control', 'no-cache', false);
+  response.setHeader('Content-Type', 'text/html; charset=utf-8', false);
+
+  if (action === 'resetState') {
+    var state = getSharedState(sharedKey);
+    state = {};
+    setSharedState(sharedKey, JSON.stringify(state));
+    response.write("");
+    return;
+  }
+  if (action === 'test') {
+    // ?action=test&policy=origin&name=name
+    var policy = params[1].split('=')[1];
+    var name = params[2].split('=')[1];
+    var result = getSharedState(sharedKey);
+
+    if (result === '') {
+      result = {};
+    } else {
+      result = JSON.parse(result);
+    }
+
+    if (!result["tests"]) {
+      result["tests"] = {};
+    }
+
+    var referrerLevel = "none";
+    var test = {}
+    if (request.hasHeader('Referer')) {
+        let referrer = request.getHeader('Referer');
+      if (referrer.indexOf("img_referrer_testserver") > 0) {
+        referrerLevel = "full";
+      } else if (referrer == "http://mochi.test:8888") {
+        referrerLevel = "origin";
+      }
+      test.referrer = request.getHeader('Referer');
+    } else {
+      test.referrer = '';
+    }
+    test.policy = referrerLevel;
+    test.expected = policy;
+
+    result["tests"][name] = test;
+
+    setSharedState(sharedKey, JSON.stringify(result));
+    return;
+  }
+  if (action === 'get-test-results') {
+    // ?action=get-result
+    response.write(getSharedState(sharedKey));
+    return;
+  }
+  if (action === 'generate-img-policy-test') {
+    // ?action=generate-img-policy-test&imgPolicy=b64-encoded-string&name=name&policy=b64-encoded-string
+    var imgPolicy = unescape(params[1].split('=')[1]);
+    var name = unescape(params[2].split('=')[1]);
+    var metaPolicy = '';
+    if (params[3]) {
+      metaPolicy = params[3].split('=')[1];
+    }
+
+    response.write(createTest(metaPolicy, imgPolicy, name));
+    return;
+  }
+  if (action === 'generate-img-policy-test2') {
+    // ?action=generate-img-policy-test2&imgPolicy=b64-encoded-string&name=name
+    var imgPolicy = unescape(params[1].split('=')[1]);
+    var name = unescape(params[2].split('=')[1]);
+
+    response.write(createTest2(imgPolicy, name));
+    return;
+  }
+  if (action === 'generate-img-policy-test3') {
+    // ?action=generate-img-policy-test3&imgPolicy1=b64-encoded-string&imgPolicy2=b64-encoded-string&imgPolicy3=b64-encoded-string&name=name
+    var imgPolicy1 = unescape(params[1].split('=')[1]);
+    var imgPolicy2 = unescape(params[2].split('=')[1]);
+    var imgPolicy3 = unescape(params[3].split('=')[1]);
+    var name = unescape(params[4].split('=')[1]);
+
+    response.write(createTest3(imgPolicy1, imgPolicy2, imgPolicy3, name));
+    return;
+  }
+  if (action === 'generate-img-policy-test4') {
+    // ?action=generate-img-policy-test4&imgPolicy=b64-encoded-string&name=name
+    var policy = unescape(params[1].split('=')[1]);
+    var name = unescape(params[2].split('=')[1]);
+
+    response.write(createTest4(policy, name));
+    return;
+  }
+  if (action === 'generate-img-policy-test5') {
+    // ?action=generate-img-policy-test5&policy=b64-encoded-string&name=name
+    var policy = unescape(params[1].split('=')[1]);
+    var name = unescape(params[2].split('=')[1]);
+
+    response.write(createTest5(policy, name));
+    return;
+  }
+
+  response.write("I don't know action "+action);
+  return;
+}

dom/base/test/mochitest.ini

@@ -236,6 +236,7 @@ support-files =
   file_nonascii_blob_url.html
   referrerHelper.js
   test_performance_user_timing.js
+  img_referrer_testserver.sjs
 
 [test_anonymousContent_api.html]
 [test_anonymousContent_append_after_reflow.html]
@@ -661,6 +662,7 @@ skip-if = buildapp == 'mulet' || buildapp == 'b2g' || toolkit == 'android'
 support-files = referrerHelper.js
 [test_bug1165501.html]
 support-files = referrerHelper.js
+[test_img_referrer.html]
 [test_caretPositionFromPoint.html]
 [test_classList.html]
 # This test fails on the Mac for some reason

dom/base/test/test_img_referrer.html

@@ -0,0 +1,171 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test img policy attribute for Bug 1166910</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+<!--
+Testing that img referrer attribute is honoured correctly
+* Speculative parser loads (generate-img-policy-test)
+* regular loads (generate-img-policy-test2)
+* loading a single image multiple times with different policies (generate-img-policy-test3)
+* testing setAttribute and .referrer (generate-setAttribute-test)
+* regression tests that meta referrer is still working even if attribute referrers are enabled
+https://bugzilla.mozilla.org/show_bug.cgi?id=1166910
+-->
+
+<script type="application/javascript;version=1.7">
+
+SimpleTest.waitForExplicitFinish();
+var advance = function() { tests.next(); };
+
+var mTestResult;
+
+/**
+ * Listen for notifications from the child.
+ * These are sent in case of error, or when the loads we await have completed.
+ */
+window.addEventListener("message", function(event) {
+  if (event.data == "childLoadComplete") {
+    // all loads happen, continue the test.
+    advance();
+  }
+  else if (event.data.contains("childLoadComplete")) {
+    mTestResult = event.data.split(",")[1];
+    advance();
+  }
+});
+
+/**
+ * helper to perform an XHR.
+ */
+function doXHR(aUrl, onSuccess, onFail) {
+  var xhr = new XMLHttpRequest();
+  xhr.responseType = "json";
+  xhr.onload = function () {
+    onSuccess(xhr);
+  };
+  xhr.onerror = function () {
+    onFail(xhr);
+  };
+  xhr.open('GET', aUrl, true);
+  xhr.send(null);
+}
+
+/**
+ * Grabs the results via XHR and passes to checker.
+ */
+function checkIndividualResults(aTestname, aExpectedImg, aName) {
+  doXHR('/tests/dom/base/test/img_referrer_testserver.sjs?action=get-test-results',
+        function(xhr) {
+          var results = xhr.response;
+          info(JSON.stringify(xhr.response));
+
+          if (aName === 'setAttribute') {
+            is(mTestResult, aExpectedImg, aTestname + ' --- ' + mTestResult);
+          } else {
+            for (i in aName) {
+              ok(aName[i] in results.tests, aName[i] + " tests have to be performed.");
+              is(results.tests[aName[i]].policy, aExpectedImg[i], aTestname + ' --- ' + results.tests[aName[i]].policy + ' (' + results.tests[aName[i]].referrer + ')');
+            }
+          }
+          advance();
+        },
+        function(xhr) {
+          ok(false, "Can't get results from the counter server.");
+          SimpleTest.finish();
+        });
+}
+
+function resetState() {
+  doXHR('/tests/dom/base/test/img_referrer_testserver.sjs?action=resetState',
+    advance,
+    function(xhr) {
+      ok(false, "error in reset state");
+      SimpleTest.finish();
+    });
+}
+
+/**
+ * testing if img referrer attribute is honoured (1165501)
+ */
+var tests = (function() {
+
+  // enable referrer attribute
+  yield SpecialPowers.pushPrefEnv({"set": [['network.http.enablePerElementReferrer', true]]}, advance);
+
+  var iframe = document.getElementById("testframe");
+  var sjs = "/tests/dom/base/test/img_referrer_testserver.sjs?action=generate-img-policy-test";
+
+  // setting img unsafe-url and meta origin - unsafe-url shall prevail (should use speculative load)
+  yield resetState();
+  var name = 'unsaf-url-with-meta-in-origin';
+  yield iframe.src = sjs + "&imgPolicy=" + escape('unsafe-url') + "&name=" + name + "&policy=" + escape('origin');
+  yield checkIndividualResults("unsafe-url (img) with origin in meta", ["full"], [name]);
+
+  // setting img no-referrer and meta default - no-referrer shall prevail (should use speculative load)
+  yield resetState();
+  name = 'no-referrer-with-meta-in-origin';
+  yield iframe.src = sjs + "&imgPolicy=" + escape('no-referrer')+ "&name=" + name +  "&policy=" + escape('origin');
+  yield checkIndividualResults("no-referrer (img) with default in meta", ["none"], [name]);
+
+  // test referrer policy in regular load
+  yield resetState();
+  sjs = "/tests/dom/base/test/img_referrer_testserver.sjs?action=generate-img-policy-test2";
+  name = 'regular-load-unsafe-url';
+  yield iframe.src = sjs + "&imgPolicy=" + escape('unsafe-url') + "&name=" + name;
+  yield checkIndividualResults("unsafe-url in img", ["full"], [name]);
+
+  // test referrer policy in regular load with multiple images
+  var policies = ['unsafe-url', 'origin', 'no-referrer'];
+  var expected = ["full", "origin", "none"];
+  yield resetState();
+  sjs = "/tests/dom/base/test/img_referrer_testserver.sjs?action=generate-img-policy-test3";
+  name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2];
+  yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name;
+  yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]);
+
+  policies = ['origin', 'no-referrer', 'unsafe-url'];
+  expected = ["origin", "none", "full"];
+  yield resetState();
+  sjs = "/tests/dom/base/test/img_referrer_testserver.sjs?action=generate-img-policy-test3";
+  name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2];
+  yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name;
+  yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]);
+
+  policies = ['no-referrer', 'origin', 'unsafe-url'];
+  expected = ["none", "origin", "full"];
+  yield resetState();
+  sjs = "/tests/dom/base/test/img_referrer_testserver.sjs?action=generate-img-policy-test3";
+  name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2];
+  yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name;
+  yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]);
+
+  // regression tests that meta referrer is still working even if attribute referrers are enabled
+  yield resetState();
+  sjs = "/tests/dom/base/test/img_referrer_testserver.sjs?action=generate-img-policy-test4";
+  name = 'regular-load-no-referrer-meta';
+  yield iframe.src = sjs + "&policy=" + escape('no-referrer') + "&name=" + name;
+  yield checkIndividualResults("no-referrer in meta (no img referrer policy), speculative load", ["none"], [name]);
+
+  yield resetState();
+  sjs = "/tests/dom/base/test/img_referrer_testserver.sjs?action=generate-img-policy-test5";
+  name = 'regular-load-no-referrer-meta';
+  yield iframe.src = sjs + "&policy=" + escape('no-referrer') + "&name=" + name;
+  yield checkIndividualResults("no-referrer in meta (no img referrer policy), regular load", ["none"], [name]);
+
+  // complete.  Be sure to yield so we don't call this twice.
+  yield SimpleTest.finish();
+})();
+
+</script>
+</head>
+
+<body onload="tests.next();">
+  <iframe id="testframe"></iframe>
+
+</body>
+</html>
+