mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 341604 - tests for iframe sandbox - same origin r=jst
This commit is contained in:
parent
06019be17e
commit
488c17dbef
@ -266,6 +266,10 @@ MOCHITEST_FILES = \
|
||||
test_input_file_picker.html \
|
||||
test_bug763626.html \
|
||||
test_bug780993.html \
|
||||
test_iframe_sandbox_same_origin.html \
|
||||
file_iframe_sandbox_b_if1.html \
|
||||
file_iframe_sandbox_b_if2.html \
|
||||
file_iframe_sandbox_b_if3.html \
|
||||
$(NULL)
|
||||
|
||||
MOCHITEST_BROWSER_FILES = \
|
||||
|
11
content/html/content/test/file_iframe_sandbox_b_if1.html
Normal file
11
content/html/content/test/file_iframe_sandbox_b_if1.html
Normal file
@ -0,0 +1,11 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 341604</title>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<body>
|
||||
I am sandboxed without any permissions
|
||||
</body>
|
||||
</html>
|
49
content/html/content/test/file_iframe_sandbox_b_if2.html
Normal file
49
content/html/content/test/file_iframe_sandbox_b_if2.html
Normal file
@ -0,0 +1,49 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 341604</title>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<script>
|
||||
function ok(condition, msg) {
|
||||
window.parent.ok_wrapper(condition, msg);
|
||||
}
|
||||
|
||||
function testXHR() {
|
||||
var xhr = new XMLHttpRequest();
|
||||
|
||||
xhr.open("GET", "file_iframe_sandbox_b_if1.html");
|
||||
|
||||
xhr.onreadystatechange = function (oEvent) {
|
||||
var result = false;
|
||||
if (xhr.readyState == 4) {
|
||||
if (xhr.status == 200) {
|
||||
result = true;
|
||||
}
|
||||
ok(result, "XHR should work normally in an iframe sandboxed with 'allow-same-origin'");
|
||||
}
|
||||
}
|
||||
|
||||
xhr.send(null);
|
||||
}
|
||||
|
||||
function doStuff() {
|
||||
ok(true, "documents sandboxed with 'allow-same-origin' should be able to access their parent");
|
||||
|
||||
// should be able to access document.cookie since we have 'allow-same-origin'
|
||||
ok(document.cookie == "", "a document sandboxed with allow-same-origin should be able to access document.cookie");
|
||||
|
||||
// should be able to access localStorage since we have 'allow-same-origin'
|
||||
ok(window.localStorage, "a document sandboxed with allow-same-origin should be able to access localStorage");
|
||||
|
||||
// should be able to access sessionStorage since we have 'allow-same-origin'
|
||||
ok(window.sessionStorage, "a document sandboxed with allow-same-origin should be able to access sessionStorage");
|
||||
|
||||
testXHR();
|
||||
}
|
||||
</script>
|
||||
<body onLoad="doStuff()">
|
||||
I am sandboxed but with "allow-same-origin" and "allow-scripts"
|
||||
</body>
|
||||
</html>
|
65
content/html/content/test/file_iframe_sandbox_b_if3.html
Normal file
65
content/html/content/test/file_iframe_sandbox_b_if3.html
Normal file
@ -0,0 +1,65 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 341604</title>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<script>
|
||||
function ok(result, message) {
|
||||
window.parent.postMessage({ok: result, desc: message}, "*");
|
||||
}
|
||||
|
||||
function testXHR() {
|
||||
var xhr = new XMLHttpRequest();
|
||||
|
||||
xhr.open("GET", "file_iframe_sandbox_if1.html");
|
||||
|
||||
xhr.onreadystatechange = function (oEvent) {
|
||||
var result = false;
|
||||
if (xhr.readyState == 4) {
|
||||
if (xhr.status == 0) {
|
||||
result = true;
|
||||
}
|
||||
ok(result, "XHR should be blocked in an iframe sandboxed WITHOUT 'allow-same-origin'");
|
||||
}
|
||||
}
|
||||
|
||||
xhr.send(null);
|
||||
}
|
||||
|
||||
function doStuff() {
|
||||
try {
|
||||
window.parent.ok(false, "documents sandboxed without 'allow-same-origin' should NOT be able to access their parent");
|
||||
} catch (error) {
|
||||
ok(true, "documents sandboxed without 'allow-same-origin' should NOT be able to access their parent");
|
||||
}
|
||||
|
||||
// should NOT be able to access document.cookie
|
||||
try {
|
||||
var foo = document.cookie;
|
||||
} catch(error) {
|
||||
ok(true, "a document sandboxed without allow-same-origin should NOT be able to access document.cookie");
|
||||
}
|
||||
|
||||
// should NOT be able to access localStorage
|
||||
try {
|
||||
var foo = window.localStorage;
|
||||
} catch(error) {
|
||||
ok(true, "a document sandboxed without allow-same-origin should NOT be able to access localStorage");
|
||||
}
|
||||
|
||||
// should NOT be able to access sessionStorage
|
||||
try {
|
||||
var foo = window.sessionStorage;
|
||||
} catch(error) {
|
||||
ok(true, "a document sandboxed without allow-same-origin should NOT be able to access sessionStorage");
|
||||
}
|
||||
|
||||
testXHR();
|
||||
}
|
||||
</script>
|
||||
<body onLoad="doStuff()">
|
||||
I am sandboxed but with "allow-scripts"
|
||||
</body>
|
||||
</html>
|
108
content/html/content/test/test_iframe_sandbox_same_origin.html
Normal file
108
content/html/content/test/test_iframe_sandbox_same_origin.html
Normal file
@ -0,0 +1,108 @@
|
||||
\<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=341604
|
||||
Implement HTML5 sandbox attribute for IFRAMEs - same origin tests
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 341604</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<script type="application/javascript">
|
||||
/** Test for Bug 341604 - Implement HTML5 sandbox attribute for IFRAMEs **/
|
||||
/** Same Origin Tests **/
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
var completedTests = 0;
|
||||
var passedTests = 0;
|
||||
|
||||
function ok_wrapper(result, desc) {
|
||||
ok(result, desc);
|
||||
|
||||
completedTests++;
|
||||
|
||||
if (result) {
|
||||
passedTests++;
|
||||
}
|
||||
|
||||
if (completedTests == 12) {
|
||||
is(passedTests, 12, "There are 12 same-origin tests that should pass");
|
||||
|
||||
SimpleTest.finish();
|
||||
}
|
||||
}
|
||||
|
||||
function receiveMessage(event)
|
||||
{
|
||||
ok_wrapper(event.data.ok, event.data.desc);
|
||||
}
|
||||
|
||||
// a postMessage handler that is used by sandboxed iframes without
|
||||
// 'allow-same-origin' to communicate pass/fail back to this main page.
|
||||
// it expects to be called with an object like {ok: true/false, desc:
|
||||
// <description of the test> which it then forwards to ok()
|
||||
window.addEventListener("message", receiveMessage, false);
|
||||
|
||||
function doTest() {
|
||||
// 1) test that we can't access an iframe sandboxed without "allow-same-origin"
|
||||
var if_1 = document.getElementById("if_1");
|
||||
try {
|
||||
var b = if_1.contentDocument.body;
|
||||
ok_wrapper(false, "accessing body of a sandboxed document should not be allowed");
|
||||
} catch (err){
|
||||
ok_wrapper(true, "accessing body of a sandboxed document should not be allowed");
|
||||
}
|
||||
|
||||
// 2) test that we can access an iframe sandboxed with "allow-same-origin"
|
||||
var if_2 = document.getElementById("if_2");
|
||||
|
||||
try {
|
||||
var b = if_2.contentDocument.body;
|
||||
ok_wrapper(true, "accessing body of a sandboxed document with allow-same-origin should be allowed");
|
||||
} catch (err) {
|
||||
ok_wrapper(false, "accessing body of a sandboxed document with allow-same-origin should be allowed");
|
||||
}
|
||||
|
||||
// 3) test that a sandboxed iframe without 'allow-same-origin' cannot access its parent
|
||||
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
||||
|
||||
// 4) test that a sandboxed iframe with 'allow-same-origin' can access its parent
|
||||
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
||||
|
||||
// 5) check that a sandboxed iframe with "allow-same-origin" can access document.cookie
|
||||
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
||||
|
||||
// 6) check that a sandboxed iframe with "allow-same-origin" can access window.localStorage
|
||||
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
||||
|
||||
// 7) check that a sandboxed iframe with "allow-same-origin" can access window.sessionStorage
|
||||
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
||||
|
||||
// 8) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access document.cookie
|
||||
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
||||
|
||||
// 9) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access window.localStorage
|
||||
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
||||
|
||||
// 10) check that a sandboxed iframe WITHOUT "allow-same-origin" can NOT access window.sessionStorage
|
||||
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
||||
|
||||
// 11) check that XHR works normally in a sandboxed iframe with "allow-same-origin" and "allow-scripts"
|
||||
// this is done by file_iframe_b_if2.html which has 'allow-same-origin' and 'allow-scripts'
|
||||
|
||||
// 12) check that XHR is blocked in a sandboxed iframe with "allow-scripts" but WITHOUT "allow-same-origin"
|
||||
// this is done by file_iframe_b_if3.html which has 'allow-scripts' but not 'allow-same-origin'
|
||||
}
|
||||
addLoadEvent(doTest);
|
||||
</script>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=341604">Mozilla Bug 341604</a> - Implement HTML5 sandbox attribute for IFRAMEs
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
<iframe sandbox="" id="if_1" src="file_iframe_sandbox_b_if1.html" height="10" width="10"></iframe>
|
||||
<iframe sandbox="allow-same-origin allow-scripts" id="if_2" src="file_iframe_sandbox_b_if2.html" height="10" width="10"></iframe>
|
||||
<iframe sandbox="allow-scripts" id="if_3" src="file_iframe_sandbox_b_if3.html" height="10" width="10"></iframe>
|
||||
</div>
|
Loading…
Reference in New Issue
Block a user