Backed out changesets 772945b1130d, cb83b6efa9ea, and 5f23080673ee (bug 1086999) for Gaia context_menu_test.js failures.

CLOSED TREE
2024-09-13 09:24:08 -07:00 · 2015-03-23 14:22:23 -04:00 · 2015-03-23 14:22:23 -04:00 · 321d8637a6
commit 321d8637a6
parent e87677b116
6 changed files with 10 additions and 162 deletions
--- a/dom/base/test/csp/file_blob_data_schemes.html
+++ b/dom/base/test/csp/file_blob_data_schemes.html
@ -1,49 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <title>Bug 1086999 - Wildcard should not match blob:, data:</title>
-</head>
-<body>
-<script type="text/javascript">
-
-var base64data =
-"iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
-"P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==";
-
-
-// construct an image element using *data:*
-var data_src = "data:image/png;base64," + base64data;
-var data_img = document.createElement('img');
-data_img.onload = function() {
-  window.parent.postMessage({scheme: "data", result: "allowed"}, "*");
-}
-data_img.onerror = function() {
-  window.parent.postMessage({scheme: "data", result: "blocked"}, "*");
-}
-data_img.src = data_src;
-document.body.appendChild(data_img);
-
-
-// construct an image element using *blob:*
-var byteCharacters = atob(base64data);
-var byteNumbers = new Array(byteCharacters.length);
-for (var i = 0; i < byteCharacters.length; i++) {
-  byteNumbers[i] = byteCharacters.charCodeAt(i);
-}
-var byteArray = new Uint8Array(byteNumbers);
-var blob = new Blob([byteArray], {type: "image/png"});
-var imageUrl = URL.createObjectURL( blob );
-
-var blob_img = document.createElement('img');
-blob_img.onload = function() {
-  window.parent.postMessage({scheme: "blob", result: "allowed"}, "*");
-}
-blob_img.onerror = function() {
-  window.parent.postMessage({scheme: "blob", result: "blocked"}, "*");
-}
-blob_img.src = imageUrl;
-document.body.appendChild(blob_img);
-
-</script>
-</body>
-</html>
--- a/dom/base/test/csp/mochitest.ini
+++ b/dom/base/test/csp/mochitest.ini
@ -1,7 +1,6 @@
 [DEFAULT]
 support-files =
  file_base-uri.html
-  file_blob_data_schemes.html
  file_connect-src.html
  file_connect-src-fetch.html
  file_CSP.css
@ -111,7 +110,6 @@ support-files =
  referrerdirective.sjs

 [test_base-uri.html]
-[test_blob_data_schemes.html]
 [test_connect-src.html]
 [test_CSP.html]
 [test_csp_allow_https_schemes.html]
--- a/dom/base/test/csp/test_blob_data_schemes.html
+++ b/dom/base/test/csp/test_blob_data_schemes.html
@ -1,89 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <title>Bug 1086999 - Wildcard should not match blob:, data:</title>
-  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body>
-  <iframe style="width:100%;" id="testframe"></iframe>
-
-<script class="testbody" type="text/javascript">
-
-/* Description of the test:
- * We load an image using a data: and a blob: scheme and make
- * sure a CSP containing a single ASTERISK (*) does not whitelist
- * those loads. The single ASTERISK character should not match a
- * URI's scheme of a type designating globally unique identifier
- * (such as blob:, data:, or filesystem:)
- */
-
-var tests = [
-  {
-    policy : "default-src 'unsafe-inline' blob: data:",
-    expected : "allowed",
-  },
-  {
-    policy : "default-src 'unsafe-inline' *",
-    expected : "blocked"
-  }
-];
-
-var testIndex = 0;
-var messageCounter = 0;
-var curTest;
-
-// onError handler is over-reporting, hence we make sure that
-// we get an error for both testcases: data and blob before we
-// move on to the next test.
-var dataRan = false;
-var blobRan = false;
-
-// a postMessage handler to communicate the results back to the parent.
-window.addEventListener("message", receiveMessage, false);
-
-function receiveMessage(event)
-{
-  is(event.data.result, curTest.expected, event.data.scheme + " should be " + curTest.expected);
-
-  if (event.data.scheme === "data") {
-    dataRan = true;
-  }
-  if (event.data.scheme === "blob") {
-    blobRan = true;
-  }
-  if (dataRan && blobRan) {
-    loadNextTest();
-  }
-}
-
-function loadNextTest() {
-  if (testIndex === tests.length) {
-    window.removeEventListener("message", receiveMessage, false);
-    SimpleTest.finish();
-    return;
-  }
-
-  dataRan = false;
-  blobRan = false;
-
-  curTest = tests[testIndex++];
-  // reset the messageCounter to make sure we receive all the postMessages from the iframe
-  messageCounter = 0;
-
-  var src = "file_csp_testserver.sjs";
-  // append the file that should be served
-  src += "?file=" + escape("tests/dom/base/test/csp/file_blob_data_schemes.html");
-  // append the CSP that should be used to serve the file
-  src += "&csp=" + escape(curTest.policy);
-
-  document.getElementById("testframe").src = src;
-}
-
-SimpleTest.waitForExplicitFinish();
-loadNextTest();
-
-</script>
-</body>
-</html>
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@ -378,21 +378,6 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected

  // 2) host matching: Enforce a single *
  if (mHost.EqualsASCII("*")) {
-    // The single ASTERISK character (*) does not match a URI's scheme of a type
-    // designating a globally unique identifier (such as blob:, data:, or filesystem:)
-    // At the moment firefox does not support filesystem; but for future compatibility
-    // we support it in CSP according to the spec, see: 4.2.2 Matching Source Expressions
-    // Note, that whitelisting any of these schemes would call nsCSPSchemeSrc::permits().
-    bool isBlobScheme =
-      (NS_SUCCEEDED(aUri->SchemeIs("blob", &isBlobScheme)) && isBlobScheme);
-    bool isDataScheme =
-      (NS_SUCCEEDED(aUri->SchemeIs("data", &isDataScheme)) && isDataScheme);
-    bool isFileScheme =
-      (NS_SUCCEEDED(aUri->SchemeIs("filesystem", &isFileScheme)) && isFileScheme);
-
-    if (isBlobScheme || isDataScheme || isFileScheme) {
-      return false;
-    }
    return true;
  }

--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_9.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_9.html.ini
@ -1,5 +1,8 @@
 [script-src-1_9.html]
  type: testharness
+  [test inline worker]
+    expected: FAIL
+
  [Violation report status OK.]
    expected: FAIL

--- a/testing/web-platform/tests/content-security-policy/script-src/buildInlineWorker.js
+++ b/testing/web-platform/tests/content-security-policy/script-src/buildInlineWorker.js
@ -1,20 +1,20 @@
 (function ()
 {
+ var test = new async_test("test inline worker");
 var workerSource = document.getElementById('inlineWorker');
+
 var blob = new Blob([workerSource.textContent]);

 // can I create a new script tag like this? ack...
 var url = window.URL.createObjectURL(blob);

- try {
-   var worker = new Worker(url);
- }
- catch (e) {
-   done();
- }
+ var worker = new Worker(url);

 worker.addEventListener('message', function(e) {
-   assert_unreached("script ran");
+    test.step(function () {
+        assert_not_equals(e.data, 'fail', 'inline script ran');
+        test.done();
+    })
 }, false);

 worker.postMessage('');