wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 62178 - Mochitest - iframe, stylesheet, object, script, image, media, xhr (Disabled on android until ssl is supported), r=smaug

Browse Source
This commit is contained in:
Tanvi Vyas 2012-09-16 20:53:01 -07:00
parent 3e532fb70b
commit 29c1c82c22
5 changed files with 400 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/base/test/Makefile.in
View File

@ -557,6 +557,9 @@ MOCHITEST_FILES_B = \
test_XHR_system.html \
test_XHR_parameters.html \
test_ipc_messagemanager_blob.html \
test_mixed_content_blocker.html \
file_mixed_content_main.html \
file_mixed_content_server.sjs \
$(NULL)
MOCHITEST_CHROME_FILES = \

209
content/base/test/file_mixed_content_main.html Normal file
View File

@ -0,0 +1,209 @@
<!DOCTYPE HTML>
<html>
<!--
Tests for Mixed Content Blocker
https://bugzilla.mozilla.org/show_bug.cgi?id=62178
-->
<head>
<meta charset="utf-8">
<title>Tests for Bug 62178</title>
<script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
</head>
<body>
<div id="testContent"></div>
<!-- types the Mixed Content Blocker can block
/*
switch (aContentType) {
case nsIContentPolicy::TYPE_OBJECT:
case nsIContentPolicy::TYPE_SCRIPT:
case nsIContentPolicy::TYPE_STYLESHEET:
case nsIContentPolicy::TYPE_SUBDOCUMENT:
case nsIContentPolicy::TYPE_XMLHTTPREQUEST:
case nsIContentPolicy::TYPE_FONT: - NO TEST:
Load events for external fonts are not detectable by javascript.
case nsIContentPolicy::TYPE_WEBSOCKET: - NO TEST:
websocket connections over https require an encrypted websocket protocol (wss:)
case nsIContentPolicy::TYPE_IMAGE:
case nsIContentPolicy::TYPE_MEDIA:
case nsIContentPolicy::TYPE_PING:
our ping implementation is off by default and does not comply with the current spec (bug 786347)
}
*/
-->
<script>
var baseUrl = "http://example.com/tests/content/base/test/file_mixed_content_server.sjs";
//For tests that require setTimeout, set the maximum polling time to 100 x 100ms = 10 seconds.
var MAX_COUNT = 100;
var TIMEOUT_INTERVAL = 100;
var testContent = document.getElementById("testContent");
/* Part 1: Mixed Script tests */
// Test 1a: insecure object
var object = document.createElement("object");
object.data = baseUrl + "?type=object";
object.type = "application/x-test";
object.width = "200";
object.height = "200";
testContent.appendChild(object);
var objectCount = 0;
function objectStatus(object) {
object instanceof Components.interfaces.nsIObjectLoadingContent;
if (object.displayedType != Components.interfaces.nsIObjectLoadingContent.TYPE_NULL) {
//object loaded
parent.postMessage({"test": "object", "msg": "insecure object loaded"}, "http://mochi.test:8888");
}
else {
if(objectCount < MAX_COUNT) {
objectCount++;
setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
}
else {
//After we have called setTimeout the maximum number of times, assume object is blocked
parent.postMessage({"test": "object", "msg": "insecure object blocked"}, "http://mochi.test:8888");
}
}
}
// object does not have onload and onerror events. Hence we need a setTimeout to check the object's status
setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
// Test 1b: insecure script
var script = document.createElement("script");
var scriptLoad = false;
var scriptCount = 0;
script.src = baseUrl + "?type=script";
script.onload = function() {
parent.postMessage({"test": "script", "msg": "insecure script loaded"}, "http://mochi.test:8888");
scriptLoad = true;
}
testContent.appendChild(script);
function scriptStatus(script)
{
if(scriptLoad) {
return;
}
else {
if(scriptCount < MAX_COUNT) {
scriptCount++;
setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
}
else {
//After we have called setTimeout the maximum number of times, assume script is blocked
parent.postMessage({"test": "script", "msg": "insecure script blocked"}, "http://mochi.test:8888");
}
}
}
// scripts blocked by Content Policy's do not have onerror events (see bug 789856). Hence we need a setTimeout to check the script's status
setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
// Test 1c: insecure stylesheet
var cssStyleSheet = document.createElement("link");
cssStyleSheet.rel = "stylesheet";
cssStyleSheet.href = baseUrl + "?type=stylesheet";
cssStyleSheet.type = "text/css";
testContent.appendChild(cssStyleSheet);
var styleCount = 0;
function styleStatus(cssStyleSheet) {
if( cssStyleSheet.sheet || cssStyleSheet.styleSheet || cssStyleSheet.innerHTML ) {
parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet loaded"}, "http://mochi.test:8888");
}
else {
if(styleCount < MAX_COUNT) {
styleCount++;
setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
}
else {
//After we have called setTimeout the maximum number of times, assume stylesheet is blocked
parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet blocked"}, "http://mochi.test:8888");
}
}
}
// link does not have onload and onerror events. Hence we need a setTimeout to check the link's status
window.setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
// Test 1d: insecure iframe
var iframe = document.createElement("iframe");
iframe.src = baseUrl + "?type=iframe";
iframe.onload = function() {
parent.postMessage({"test": "iframe", "msg": "insecure iframe loaded"}, "http://mochi.test:8888");
}
iframe.onerror = function() {
parent.postMessage({"test": "iframe", "msg": "insecure iframe blocked"}, "http://mochi.test:8888");
};
testContent.appendChild(iframe);
// Test 1e: insecure xhr
var xhrsuccess = true;
var xhr = new XMLHttpRequest;
try {
xhr.open("GET", baseUrl + "?type=xhr", true);
} catch(ex) {
xhrsuccess = false;
parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
}
if(xhrsuccess) {
xhr.onreadystatechange = function (oEvent) {
var result = false;
if (xhr.readyState == 4) {
if (xhr.status == 200) {
parent.postMessage({"test": "xhr", "msg": "insecure xhr loaded"}, "http://mochi.test:8888");
}
else {
parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
}
}
}
xhr.send(null);
}
/* Part 2: Mixed Display tests */
// Test 2a: insecure image
var img = document.createElement("img");
img.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
img.onload = function() {
parent.postMessage({"test": "image", "msg": "insecure image loaded"}, "http://mochi.test:8888");
}
img.onerror = function() {
parent.postMessage({"test": "image", "msg": "insecure image blocked"}, "http://mochi.test:8888");
}
// We don't need to append the image to the document. Doing so causes the image test to run twice.
// Test 2b: insecure media
var media = document.createElement("video");
media.src = "http://mochi.test:8888/tests/content/media/test/320x240.ogv?" + Math.floor((Math.random()*1000)+1);
media.width = "320";
media.height = "200";
media.type = "video/ogg";
media.onloadeddata = function() {
parent.postMessage({"test": "media", "msg": "insecure media loaded"}, "http://mochi.test:8888");
}
media.onerror = function() {
parent.postMessage({"test": "media", "msg": "insecure media blocked"}, "http://mochi.test:8888");
}
// We don't need to append the video to the document. Doing so causes the image test to run twice.
</script>
</body>
</html>

45
content/base/test/file_mixed_content_server.sjs Normal file
View File

@ -0,0 +1,45 @@
function handleRequest(request, response)
{
// get the Content-Type to serve from the query string
var contentType = null;
request.queryString.split('&').forEach( function (val) {
var [name, value] = val.split('=');
if (name == "type") {
contentType = unescape(value);
}
});
// avoid confusing cache behaviors
response.setHeader("Cache-Control", "no-cache", false);
switch (contentType) {
case "iframe":
response.setHeader("Content-Type", "text/html", false);
response.write("frame content");
break;
case "script":
response.setHeader("Content-Type", "application/javascript", false);
break;
case "stylesheet":
response.setHeader("Content-Type", "text/css", false);
break;
case "object":
response.setHeader("Content-Type", "application/x-test", false);
break;
case "xhr":
response.setHeader("Content-Type", "text/xml", false);
response.setHeader("Access-Control-Allow-Origin", "https://example.com");
response.write('<?xml version="1.0" encoding="UTF-8" ?><test></test>');
break;
default:
response.setHeader("Content-Type", "text/html", false);
response.write("<html><body>Hello World</body></html>");
break;
}
}

142
content/base/test/test_mixed_content_blocker.html Normal file
View File

@ -0,0 +1,142 @@
<!DOCTYPE HTML>
<html>
<!--
Tests for Mixed Content Blocker
https://bugzilla.mozilla.org/show_bug.cgi?id=62178
-->
<head>
<meta charset="utf-8">
<title>Tests for Bug 62178</title>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
<script>
var origBlockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
var origBlockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
var counter = 0;
var settings = [ [true, true], [true, false], [false, true], [false, false] ];
var blockActive;
var blockDisplay;
//Cycle through 4 different preference settings.
function changePrefs(x) {
SpecialPowers.setBoolPref("security.mixed_content.block_display_content", settings[x][0]);
SpecialPowers.setBoolPref("security.mixed_content.block_active_content", settings[x][1]);
blockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
}
//Set the first set of settings (true, true) and increment the counter.
changePrefs(counter);
counter++;
var testsToRun = {
iframe: false,
image: false,
script: false,
stylesheet: false,
object: false,
media: false,
xhr: false,
};
function log(msg) {
document.getElementById("log").textContent += "\n" + msg;
}
function checkTestsCompleted() {
for (var prop in testsToRun) {
// some test hasn't run yet so we're not done
if (!testsToRun[prop])
return;
}
//if the testsToRun are all completed, chnage the pref and run the tests again until we have cycled through all the prefs.
if(counter < 4) {
for (var prop in testsToRun) {
testsToRun[prop] = false;
}
//call to change the preferences
changePrefs(counter);
counter++;
log("\nblockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+".");
document.getElementById('framediv').innerHTML = '<iframe id="testHarness" src="https://example.com/tests/content/base/test/file_mixed_content_main.html"></iframe>';
}
else {
//set the prefs back to what they were set to originally
SpecialPowers.setBoolPref("security.mixed_content.block_display_content", origBlockDisplay);
SpecialPowers.setBoolPref("security.mixed_content.block_active_content", origBlockActive);
SimpleTest.finish();
}
}
var firstTest = true;
// listen for a messages from the mixed content test harness
window.addEventListener("message", receiveMessage, false);
function receiveMessage(event) {
if(firstTest) {
log("blockActive set to "+blockActive+", blockDisplay set to "+blockDisplay+".");
firstTest = false;
}
log("test: "+event.data.test+", msg: "+event.data.msg + " logging message.");
// test that the load type matches the pref for this type of content
// (i.e. active vs. display)
switch(event.data.test) {
/* Mixed Script tests */
case "iframe":
ok(blockActive == (event.data.msg == "insecure iframe blocked"), "iframe did not follow block_active_content pref");
testsToRun["iframe"] = true;
break;
case "object":
ok(blockActive == (event.data.msg == "insecure object blocked"), "object did not follow block_active_content pref");
testsToRun["object"] = true;
break;
case "script":
ok(blockActive == (event.data.msg == "insecure script blocked"), "script did not follow block_active_content pref");
testsToRun["script"] = true;
break;
case "stylesheet":
ok(blockActive == (event.data.msg == "insecure stylesheet blocked"), "stylesheet did not follow block_active_content pref");
testsToRun["stylesheet"] = true;
break;
case "xhr":
ok(blockActive == (event.data.msg == "insecure xhr blocked"), "xhr did not follow block_active_content pref");
testsToRun["xhr"] = true;
break;
/* Mixed Display tests */
case "image":
//test that the image load matches the pref for dipslay content
ok(blockDisplay == (event.data.msg == "insecure image blocked"), "image did not follow block_display_content pref");
testsToRun["image"] = true;
break;
case "media":
ok(blockDisplay == (event.data.msg == "insecure media blocked"), "media did not follow block_display_content pref");
testsToRun["media"] = true;
break;
}
checkTestsCompleted();
}
SimpleTest.waitForExplicitFinish();
</script>
</head>
<body>
<div id="framediv">
<iframe id="testHarness" src="https://example.com/tests/content/base/test/file_mixed_content_main.html"></iframe>
</div>
<pre id="log"></pre>
</body>
</html>

1
testing/mochitest/android.json
View File

@ -19,6 +19,7 @@
"content/base/test/test_csp_redirects.html": "TIMED_OUT",
"content/base/test/test_fileapi_slice.html": "bug 775227",
"content/base/test/test_mozfiledataurl.html": "TIMED_OUT",
"content/base/test/test_mixed_content_blocker.html": "TIMED_OUT, SSL_REQUIRED",
"content/base/test/test_mutationobservers.html": "",
"content/base/test/test_plugin_freezing.html": "CLICK_TO_PLAY",
"content/base/test/test_range_bounds.html": "",