mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1238160 - Test mozbrowser APIs to ensure no content exposure. r=bz
Check the various mozbrowser APIs to ensure they are allowed when you have browser permission and blocked when you don't (like regular web content). MozReview-Commit-ID: FPDA1lEUwRq
This commit is contained in:
parent
c590774b39
commit
5e17839837
@ -259,6 +259,7 @@ support-files =
|
||||
file_change_policy_redirect.html
|
||||
file_bug1198095.js
|
||||
file_bug1250148.sjs
|
||||
mozbrowser_api_utils.js
|
||||
|
||||
[test_anonymousContent_api.html]
|
||||
[test_anonymousContent_append_after_reflow.html]
|
||||
@ -872,4 +873,6 @@ skip-if = buildapp == 'b2g' #no ssl support
|
||||
[test_bug1187157.html]
|
||||
[test_bug769117.html]
|
||||
[test_bug1250148.html]
|
||||
[test_bug1240471.html]
|
||||
[test_bug1240471.html]
|
||||
[test_mozbrowser_apis_allowed.html]
|
||||
[test_mozbrowser_apis_blocked.html]
|
||||
|
72
dom/base/test/mozbrowser_api_utils.js
Normal file
72
dom/base/test/mozbrowser_api_utils.js
Normal file
@ -0,0 +1,72 @@
|
||||
const FRAME_URL = "http://example.org/";
|
||||
|
||||
const METHODS = {
|
||||
setVisible: {},
|
||||
getVisible: {},
|
||||
setActive: {},
|
||||
getActive: {},
|
||||
addNextPaintListener: {},
|
||||
removeNextPaintListener: {},
|
||||
sendMouseEvent: {},
|
||||
sendTouchEvent: {},
|
||||
goBack: {},
|
||||
goForward: {},
|
||||
reload: {},
|
||||
stop: {},
|
||||
download: {},
|
||||
purgeHistory: {},
|
||||
getScreenshot: {},
|
||||
zoom: {},
|
||||
getCanGoBack: {},
|
||||
getCanGoForward: {},
|
||||
getContentDimensions: {},
|
||||
setInputMethodActive: { alwaysFails: true }, // needs input-manage
|
||||
setNFCFocus: { alwaysFails: true }, // needs nfc-manager
|
||||
findAll: {},
|
||||
findNext: {},
|
||||
clearMatch: {},
|
||||
executeScript: { alwaysFails: true }, // needs browser:universalxss
|
||||
getStructuredData: {},
|
||||
getWebManifest: {},
|
||||
mute: {},
|
||||
unmute: {},
|
||||
getMuted: {},
|
||||
setVolume: {},
|
||||
getVolume: {},
|
||||
};
|
||||
|
||||
const ATTRIBUTES = [
|
||||
"allowedAudioChannels",
|
||||
];
|
||||
|
||||
function once(target, eventName, useCapture = false) {
|
||||
info("Waiting for event: '" + eventName + "' on " + target + ".");
|
||||
|
||||
return new Promise(resolve => {
|
||||
for (let [add, remove] of [
|
||||
["addEventListener", "removeEventListener"],
|
||||
["addMessageListener", "removeMessageListener"],
|
||||
]) {
|
||||
if ((add in target) && (remove in target)) {
|
||||
target[add](eventName, function onEvent(...aArgs) {
|
||||
info("Got event: '" + eventName + "' on " + target + ".");
|
||||
target[remove](eventName, onEvent, useCapture);
|
||||
resolve(aArgs);
|
||||
}, useCapture);
|
||||
break;
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
function* loadFrame(attributes = {}) {
|
||||
let iframe = document.createElement("iframe");
|
||||
iframe.setAttribute("src", FRAME_URL);
|
||||
for (let key in attributes) {
|
||||
iframe.setAttribute(key, attributes[key]);
|
||||
}
|
||||
let loaded = once(iframe, "load");
|
||||
document.body.appendChild(iframe);
|
||||
yield loaded;
|
||||
return iframe;
|
||||
}
|
51
dom/base/test/test_mozbrowser_apis_allowed.html
Normal file
51
dom/base/test/test_mozbrowser_apis_allowed.html
Normal file
@ -0,0 +1,51 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Verify mozbrowser APIs are allowed with browser permission</title>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
|
||||
<script type="text/javascript" src="mozbrowser_api_utils.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script type="application/javascript;version=1.8">
|
||||
add_task(function*() {
|
||||
yield new Promise(resolve => {
|
||||
SpecialPowers.pushPrefEnv(
|
||||
{ "set": [["dom.mozBrowserFramesEnabled", true]] },
|
||||
resolve);
|
||||
});
|
||||
});
|
||||
|
||||
add_task(function*() {
|
||||
yield new Promise(resolve => {
|
||||
SpecialPowers.pushPermissions([
|
||||
{ "type": "browser", "allow": 1, "context": document }
|
||||
], resolve);
|
||||
});
|
||||
});
|
||||
|
||||
add_task(function*() {
|
||||
// Create <iframe mozbrowser>
|
||||
let frame = yield loadFrame({
|
||||
mozbrowser: "true"
|
||||
});
|
||||
|
||||
// Verify that mozbrowser APIs are accessible
|
||||
for (let method in METHODS) {
|
||||
let { alwaysFails } = METHODS[method];
|
||||
if (alwaysFails) {
|
||||
ok(!(method in frame), `frame does not have method ${method}, ` +
|
||||
`needs more permissions`);
|
||||
} else {
|
||||
ok(method in frame, `frame has method ${method}`);
|
||||
}
|
||||
}
|
||||
for (let attribute of ATTRIBUTES) {
|
||||
ok(attribute in frame, `frame has attribute ${attribute}`);
|
||||
}
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
37
dom/base/test/test_mozbrowser_apis_blocked.html
Normal file
37
dom/base/test/test_mozbrowser_apis_blocked.html
Normal file
@ -0,0 +1,37 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Verify mozbrowser APIs are blocked without browser permission</title>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
|
||||
<script type="text/javascript" src="mozbrowser_api_utils.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script type="application/javascript;version=1.8">
|
||||
add_task(function*() {
|
||||
yield new Promise(resolve => {
|
||||
SpecialPowers.pushPrefEnv(
|
||||
{ "set": [["dom.mozBrowserFramesEnabled", true]] },
|
||||
resolve);
|
||||
});
|
||||
});
|
||||
|
||||
add_task(function*() {
|
||||
// Create <iframe mozbrowser>
|
||||
let frame = yield loadFrame({
|
||||
mozbrowser: "true"
|
||||
});
|
||||
|
||||
// Verify that mozbrowser APIs are not accessible
|
||||
for (let method in METHODS) {
|
||||
ok(!(method in frame), `frame does not have method ${method}`);
|
||||
}
|
||||
for (let attribute of ATTRIBUTES) {
|
||||
ok(!(attribute in frame), `frame does not have attribute ${attribute}`);
|
||||
}
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user