Bug 1086999 - CSP: Asterisk (*) wildcard should not allow blob:, data:, or filesystem: when matching source expressions - tests (r=sstamm)

2024-09-13 09:24:08 -07:00 · 2015-02-10 14:54:36 -08:00 · 2015-02-10 14:54:36 -08:00 · 5c24245419
commit 5c24245419
parent 9f6f8915d8
3 changed files with 140 additions and 0 deletions
--- a/dom/base/test/csp/file_blob_data_schemes.html
+++ b/dom/base/test/csp/file_blob_data_schemes.html
@ -0,0 +1,49 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1086999 - Wildcard should not match blob:, data:</title>
+</head>
+<body>
+<script type="text/javascript">
+
+var base64data =
+"iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+"P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==";
+
+
+// construct an image element using *data:*
+var data_src = "data:image/png;base64," + base64data;
+var data_img = document.createElement('img');
+data_img.onload = function() {
+  window.parent.postMessage({scheme: "data", result: "allowed"}, "*");
+}
+data_img.onerror = function() {
+  window.parent.postMessage({scheme: "data", result: "blocked"}, "*");
+}
+data_img.src = data_src;
+document.body.appendChild(data_img);
+
+
+// construct an image element using *blob:*
+var byteCharacters = atob(base64data);
+var byteNumbers = new Array(byteCharacters.length);
+for (var i = 0; i < byteCharacters.length; i++) {
+  byteNumbers[i] = byteCharacters.charCodeAt(i);
+}
+var byteArray = new Uint8Array(byteNumbers);
+var blob = new Blob([byteArray], {type: "image/png"});
+var imageUrl = URL.createObjectURL( blob );
+
+var blob_img = document.createElement('img');
+blob_img.onload = function() {
+  window.parent.postMessage({scheme: "blob", result: "allowed"}, "*");
+}
+blob_img.onerror = function() {
+  window.parent.postMessage({scheme: "blob", result: "blocked"}, "*");
+}
+blob_img.src = imageUrl;
+document.body.appendChild(blob_img);
+
+</script>
+</body>
+</html>
--- a/dom/base/test/csp/mochitest.ini
+++ b/dom/base/test/csp/mochitest.ini
@ -1,6 +1,7 @@
 [DEFAULT]
 support-files =
  file_base-uri.html
+  file_blob_data_schemes.html
  file_connect-src.html
  file_connect-src-fetch.html
  file_CSP.css
@ -111,6 +112,7 @@ support-files =
  referrerdirective.sjs

 [test_base-uri.html]
+[test_blob_data_schemes.html]
 [test_connect-src.html]
 [test_CSP.html]
 [test_csp_allow_https_schemes.html]
--- a/dom/base/test/csp/test_blob_data_schemes.html
+++ b/dom/base/test/csp/test_blob_data_schemes.html
@ -0,0 +1,89 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1086999 - Wildcard should not match blob:, data:</title>
+  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+  <iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * We load an image using a data: and a blob: scheme and make
+ * sure a CSP containing a single ASTERISK (*) does not whitelist
+ * those loads. The single ASTERISK character should not match a
+ * URI's scheme of a type designating globally unique identifier
+ * (such as blob:, data:, or filesystem:)
+ */
+
+var tests = [
+  {
+    policy : "default-src 'unsafe-inline' blob: data:",
+    expected : "allowed",
+  },
+  {
+    policy : "default-src 'unsafe-inline' *",
+    expected : "blocked"
+  }
+];
+
+var testIndex = 0;
+var messageCounter = 0;
+var curTest;
+
+// onError handler is over-reporting, hence we make sure that
+// we get an error for both testcases: data and blob before we
+// move on to the next test.
+var dataRan = false;
+var blobRan = false;
+
+// a postMessage handler to communicate the results back to the parent.
+window.addEventListener("message", receiveMessage, false);
+
+function receiveMessage(event)
+{
+  is(event.data.result, curTest.expected, event.data.scheme + " should be " + curTest.expected);
+
+  if (event.data.scheme === "data") {
+    dataRan = true;
+  }
+  if (event.data.scheme === "blob") {
+    blobRan = true;
+  }
+  if (dataRan && blobRan) {
+    loadNextTest();
+  }
+}
+
+function loadNextTest() {
+  if (testIndex === tests.length) {
+    window.removeEventListener("message", receiveMessage, false);
+    SimpleTest.finish();
+    return;
+  }
+
+  dataRan = false;
+  blobRan = false;
+
+  curTest = tests[testIndex++];
+  // reset the messageCounter to make sure we receive all the postMessages from the iframe
+  messageCounter = 0;
+
+  var src = "file_csp_testserver.sjs";
+  // append the file that should be served
+  src += "?file=" + escape("tests/dom/base/test/csp/file_blob_data_schemes.html");
+  // append the CSP that should be used to serve the file
+  src += "&csp=" + escape(curTest.policy);
+
+  document.getElementById("testframe").src = src;
+}
+
+SimpleTest.waitForExplicitFinish();
+loadNextTest();
+
+</script>
+</body>
+</html>