wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge m-c to b2g-inbound

Browse Source
This commit is contained in:
Wes Kocher 2014-06-10 18:57:00 -07:00
commit eaaf774e40
331 changed files with 5183 additions and 3410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
b2g/test/b2g-unittest-requirements.txt
View File

@ -1,4 +1,4 @@
ManifestDestiny==0.5.6
manifestparser==0.5.7
mozprocess==0.9
mozprofile==0.6
mozrunner==5.15

20
browser/components/customizableui/src/CustomizableUI.jsm
View File

@ -1929,13 +1929,21 @@ let CustomizableUIInternal = {
this.notifyListeners("onWidgetCreated", widget.id);
if (widget.defaultArea) {
let addToDefaultPlacements = false;
let area = gAreas.get(widget.defaultArea);
//XXXgijs this won't have any effect for legacy items. Sort of OK because
// consumers can modify currentset? Maybe?
if (area.has("defaultPlacements")) {
area.get("defaultPlacements").push(widget.id);
} else {
area.set("defaultPlacements", [widget.id]);
if (widget.source == CustomizableUI.SOURCE_BUILTIN) {
addToDefaultPlacements = true;
} else if (!CustomizableUI.isBuiltinToolbar(widget.defaultArea) &&
widget.defaultArea != CustomizableUI.AREA_PANEL) {
addToDefaultPlacements = true;
}
if (addToDefaultPlacements) {
if (area.has("defaultPlacements")) {
area.get("defaultPlacements").push(widget.id);
} else {
area.set("defaultPlacements", [widget.id]);
}
}
}

2
browser/components/customizableui/src/CustomizeMode.jsm
View File

@ -665,7 +665,7 @@ CustomizeMode.prototype = {
if (customizationTarget && customizationTarget != areaNode) {
areas.push(customizationTarget.id);
}
let overflowTarget = areaNode.getAttribute("overflowtarget");
let overflowTarget = areaNode && areaNode.getAttribute("overflowtarget");
if (overflowTarget) {
areas.push(overflowTarget);
}

1
browser/components/customizableui/test/browser.ini
View File

@ -94,6 +94,7 @@ skip-if = os == "linux"
[browser_978084_dragEnd_after_move.js]
[browser_980155_add_overflow_toolbar.js]
[browser_981418-widget-onbeforecreated-handler.js]
[browser_982656_restore_defaults_builtin_widgets.js]
[browser_984455_bookmarks_items_reparenting.js]
skip-if = os == "linux"

57
browser/components/customizableui/test/browser_982656_restore_defaults_builtin_widgets.js Normal file
View File

@ -0,0 +1,57 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// Restoring default should not place addon widgets back in the toolbar
add_task(function() {
ok(CustomizableUI.inDefaultState, "Default state to begin");
const kWidgetId = "bug982656-add-on-widget-should-not-restore-to-default-area";
let widgetSpec = {
id: kWidgetId,
defaultArea: CustomizableUI.AREA_NAVBAR
};
CustomizableUI.createWidget(widgetSpec);
ok(!CustomizableUI.inDefaultState, "Not in default state after widget added");
is(CustomizableUI.getPlacementOfWidget(kWidgetId).area, CustomizableUI.AREA_NAVBAR, "Widget should be in navbar");
yield resetCustomization();
ok(CustomizableUI.inDefaultState, "Back in default state after reset");
is(CustomizableUI.getPlacementOfWidget(kWidgetId), null, "Widget now in palette");
CustomizableUI.destroyWidget(kWidgetId);
});
// resetCustomization shouldn't move 3rd party widgets out of custom toolbars
add_task(function() {
const kToolbarId = "bug982656-toolbar-with-defaultset";
const kWidgetId = "bug982656-add-on-widget-should-restore-to-default-area-when-area-is-not-builtin";
ok(CustomizableUI.inDefaultState, "Everything should be in its default state.");
let toolbar = createToolbarWithPlacements(kToolbarId);
ok(CustomizableUI.areas.indexOf(kToolbarId) != -1,
"Toolbar has been registered.");
is(CustomizableUI.getAreaType(kToolbarId), CustomizableUI.TYPE_TOOLBAR,
"Area should be registered as toolbar");
let widgetSpec = {
id: kWidgetId,
defaultArea: kToolbarId
};
CustomizableUI.createWidget(widgetSpec);
ok(!CustomizableUI.inDefaultState, "No longer in default state after toolbar is registered and visible.");
is(CustomizableUI.getPlacementOfWidget(kWidgetId).area, kToolbarId, "Widget should be in custom toolbar");
yield resetCustomization();
ok(CustomizableUI.inDefaultState, "Back in default state after reset");
is(CustomizableUI.getPlacementOfWidget(kWidgetId).area, kToolbarId, "Widget still in custom toolbar");
ok(toolbar.collapsed, "Custom toolbar should be collapsed after reset");
toolbar.remove();
CustomizableUI.destroyWidget(kWidgetId);
CustomizableUI.unregisterArea(kToolbarId);
});

28
browser/devtools/inspector/test/browser_inspector_pseudoclass_lock.js
View File

@ -41,25 +41,35 @@ let startTests = Task.async(function*() {
function* performTests(inspector, ruleview) {
yield togglePseudoClass(inspector);
yield testAdded(inspector, ruleview);
yield assertPseudoAddedToNode(inspector, ruleview);
yield togglePseudoClass(inspector);
yield testRemoved();
yield testRemovedFromUI(inspector, ruleview);
yield assertPseudoRemovedFromNode();
yield assertPseudoRemovedFromView(inspector, ruleview);
yield togglePseudoClass(inspector);
yield testNavigate(inspector, ruleview);
}
function* togglePseudoClass(inspector) {
info("Toggle the pseudoclass, wait for the pseudoclass event and wait for the refresh of the rule view");
info("Toggle the pseudoclass, wait for it to be applied");
// Give the inspector panels a chance to update when the pseudoclass changes
let onPseudo = inspector.selection.once("pseudoclass");
let onRefresh = inspector.once("rule-view-refreshed");
inspector.togglePseudoClass(PSEUDO);
let onMutations = waitForMutation(inspector);
yield inspector.togglePseudoClass(PSEUDO);
yield onPseudo;
yield onRefresh;
yield onMutations;
}
function waitForMutation(inspector) {
let def = promise.defer();
inspector.walker.once("mutations", def.resolve);
return def.promise;
}
function* testNavigate(inspector, ruleview) {
@ -87,7 +97,7 @@ function showPickerOn(node, inspector) {
return highlighter.showBoxModel(getNodeFront(node));
}
function* testAdded(inspector, ruleview) {
function* assertPseudoAddedToNode(inspector, ruleview) {
info("Make sure the pseudoclass lock is applied to #div-1 and its ancestors");
let node = getNode("#div-1");
do {
@ -110,7 +120,7 @@ function* testAdded(inspector, ruleview) {
yield inspector.toolbox.highlighter.hideBoxModel();
}
function* testRemoved() {
function* assertPseudoRemovedFromNode() {
info("Make sure the pseudoclass lock is removed from #div-1 and its ancestors");
let node = getNode("#div-1");
do {
@ -120,7 +130,7 @@ function* testRemoved() {
} while (node.parentNode)
}
function* testRemovedFromUI(inspector, ruleview) {
function* assertPseudoRemovedFromView(inspector, ruleview) {
info("Check that the ruleview no longer contains the pseudo-class rule");
let rules = ruleview.element.querySelectorAll(".ruleview-rule.theme-separator");
is(rules.length, 2, "rule view is showing 2 rules after removing lock");
@ -137,6 +147,6 @@ function* finishUp(toolbox) {
toolbox.destroy();
yield onDestroy;
yield testRemoved(getNode("#div-1"));
yield assertPseudoRemovedFromNode(getNode("#div-1"));
gBrowser.removeCurrentTab();
}

7
browser/devtools/shared/test/browser_graphs-01.js
View File

@ -20,7 +20,12 @@ function* performTest() {
doc.body.setAttribute("style", "position: fixed; width: 100%; height: 100%; margin: 0;");
let graph = new LineGraphWidget(doc.body, "fps");
yield graph.once("ready");
let readyEventEmitted;
graph.once("ready", () => readyEventEmitted = true);
yield graph.ready();
ok(readyEventEmitted, "The 'ready' event should have been emitted");
testGraph(host, graph);

33
browser/devtools/shared/widgets/Graphs.jsm
View File

@ -5,8 +5,9 @@
const Cu = Components.utils;
Cu.import("resource://gre/modules/devtools/event-emitter.js");
Cu.import("resource:///modules/devtools/ViewHelpers.jsm");
const promise = Cu.import("resource://gre/modules/Promise.jsm", {}).Promise;
const {EventEmitter} = Cu.import("resource://gre/modules/devtools/event-emitter.js", {});
this.EXPORTED_SYMBOLS = ["LineGraphWidget"];
@ -116,6 +117,7 @@ GraphSelectionResizer.prototype = {
this.AbstractCanvasGraph = function(parent, name, sharpness) {
EventEmitter.decorate(this);
this._ready = promise.defer();
this._parent = parent;
this._uid = "canvas-graph-" + Date.now();
@ -165,6 +167,7 @@ this.AbstractCanvasGraph = function(parent, name, sharpness) {
this._animationId = this._window.requestAnimationFrame(this._onAnimationFrame);
this._ready.resolve(this);
this.emit("ready", this);
});
}
@ -181,6 +184,13 @@ AbstractCanvasGraph.prototype = {
return this._height;
},
/**
* Returns a promise resolved once this graph is ready to receive data.
*/
ready: function() {
return this._ready.promise;
},
/**
* Destroys this graph.
*/
@ -501,15 +511,16 @@ AbstractCanvasGraph.prototype = {
let ctx = this._ctx;
ctx.clearRect(0, 0, this._width, this._height);
// Draw the graph underneath the cursor and selection.
if (this.hasData()) {
ctx.drawImage(this._cachedGraphImage, 0, 0, this._width, this._height);
}
if (this.hasCursor()) {
this._drawCliphead();
}
if (this.hasSelection() || this.hasSelectionInProgress()) {
this._drawSelection();
}
if (this.hasData()) {
ctx.drawImage(this._cachedGraphImage, 0, 0, this._width, this._height);
}
this._shouldRedraw = false;
},
@ -957,24 +968,17 @@ LineGraphWidget.prototype = Heritage.extend(AbstractCanvasGraph.prototype, {
let width = canvas.width = this._width;
let height = canvas.height = this._height;
let totalTicks = this._data.length;
let firstTick = this._data[0].delta;
let lastTick = this._data[totalTicks - 1].delta;
let maxValue = Number.MIN_SAFE_INTEGER;
let minValue = Number.MAX_SAFE_INTEGER;
let sumValues = 0;
let totalTicks = 0;
let firstTick;
let lastTick;
for (let { delta, value } of this._data) {
maxValue = Math.max(value, maxValue);
minValue = Math.min(value, minValue);
sumValues += value;
totalTicks++;
if (!firstTick) {
firstTick = delta;
} else {
lastTick = delta;
}
}
let dataScaleX = this.dataScaleX = width / lastTick;
@ -997,7 +1001,6 @@ LineGraphWidget.prototype = Heritage.extend(AbstractCanvasGraph.prototype, {
ctx.fillStyle = gradient;
ctx.strokeStyle = LINE_GRAPH_STROKE_COLOR;
ctx.lineWidth = LINE_GRAPH_STROKE_WIDTH;
ctx.setLineDash([]);
ctx.beginPath();
let prevX = 0;

10
browser/devtools/webide/modules/app-manager.js
View File

@ -377,7 +377,8 @@ exports.AppManager = AppManager = {
project.manifest);
}
function waitUntilProjectRuns() {
let manifest = self.getProjectManifestURL(project);
if (!self._runningApps.has(manifest)) {
let deferred = promise.defer();
self.on("app-manager-update", function onUpdate(event, what) {
if (what == "project-is-running") {
@ -385,13 +386,8 @@ exports.AppManager = AppManager = {
deferred.resolve();
}
});
return deferred.promise;
}
let manifest = self.getProjectManifestURL(project);
if (!self._runningApps.has(manifest)) {
yield AppActorFront.launchApp(client, actor, manifest);
yield waitUntilProjectRuns();
yield deferred.promise;
} else {
yield AppActorFront.reloadApp(client, actor, manifest);

21
browser/themes/linux/browser.css
View File

@ -1829,14 +1829,7 @@ richlistitem[type~="action"][actiontype="switchtab"] > .ac-url-box > .ac-action-
margin: 0 0 @tabToolbarNavbarOverlap@;
}
.tabbrowser-arrowscrollbox > .scrollbutton-up {
-moz-border-start: 0;
-moz-border-end: 2px solid transparent;
}
.tabbrowser-arrowscrollbox > .scrollbutton-down {
-moz-border-start: 2px solid transparent;
-moz-border-end: 0;
transition: 1s box-shadow ease-out;
border-radius: 4px;
}
@ -1846,20 +1839,6 @@ richlistitem[type~="action"][actiontype="switchtab"] > .ac-url-box > .ac-action-
transition: none;
}
.tabbrowser-arrowscrollbox > .scrollbutton-up:not([disabled]):-moz-locale-dir(ltr),
.tabbrowser-arrowscrollbox > .scrollbutton-down:not([disabled]):-moz-locale-dir(rtl) {
border-width: 0 2px 0 0;
border-style: solid;
border-image: url("chrome://browser/skin/tabbrowser/tab-overflow-border.png") 0 2 0 2 fill;
}
.tabbrowser-arrowscrollbox > .scrollbutton-down:not([disabled]):-moz-locale-dir(ltr),
.tabbrowser-arrowscrollbox > .scrollbutton-up:not([disabled]):-moz-locale-dir(rtl) {
border-width: 0 0 0 2px;
border-style: solid;
border-image: url("chrome://browser/skin/tabbrowser/tab-overflow-border.png") 0 2 0 2 fill;
}
#TabsToolbar .toolbarbutton-1 {
margin-bottom: @tabToolbarNavbarOverlap@;
}

2
browser/themes/linux/jar.mn
View File

@ -165,7 +165,7 @@ browser.jar:
skin/classic/browser/tabbrowser/tab-background-end.png (tabbrowser/tab-background-end.png)
skin/classic/browser/tabbrowser/tab-background-middle.png (tabbrowser/tab-background-middle.png)
skin/classic/browser/tabbrowser/tab-background-start.png (tabbrowser/tab-background-start.png)
skin/classic/browser/tabbrowser/tab-overflow-border.png (tabbrowser/tab-overflow-border.png)
skin/classic/browser/tabbrowser/tab-overflow-indicator.png (../shared/tabbrowser/tab-overflow-indicator.png)
# NOTE: The following two files (tab-selected-end.svg, tab-selected-start.svg) get pre-processed in
# Makefile.in with a non-default marker of "%" and the result of that gets packaged.

BIN
browser/themes/linux/tabbrowser/tab-overflow-border.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 193 B

14
browser/themes/osx/browser.css
View File

@ -2971,20 +2971,6 @@ toolbarbutton.chevron > .toolbarbutton-menu-dropmarker {
}
}
.tabbrowser-arrowscrollbox > .scrollbutton-up:not([disabled]):-moz-locale-dir(ltr),
.tabbrowser-arrowscrollbox > .scrollbutton-down:not([disabled]):-moz-locale-dir(rtl) {
border-width: 0 2px 0 0;
border-style: solid;
border-image: url("chrome://browser/skin/tabbrowser/tab-overflow-border.png") 0 2 0 2 fill;
}
.tabbrowser-arrowscrollbox > .scrollbutton-down:not([disabled]):-moz-locale-dir(ltr),
.tabbrowser-arrowscrollbox > .scrollbutton-up:not([disabled]):-moz-locale-dir(rtl) {
border-width: 0 0 0 2px;
border-style: solid;
border-image: url("chrome://browser/skin/tabbrowser/tab-overflow-border.png") 0 2 0 2 fill;
}
/**
* Tabstrip & add-on bar toolbar buttons
*/

2
browser/themes/osx/jar.mn
View File

@ -277,6 +277,7 @@ browser.jar:
skin/classic/browser/tabbrowser/tab-background-middle@2x.png (tabbrowser/tab-background-middle@2x.png)
skin/classic/browser/tabbrowser/tab-background-start.png (tabbrowser/tab-background-start.png)
skin/classic/browser/tabbrowser/tab-background-start@2x.png (tabbrowser/tab-background-start@2x.png)
skin/classic/browser/tabbrowser/tab-overflow-indicator.png (../shared/tabbrowser/tab-overflow-indicator.png)
# NOTE: The following two files (tab-selected-end.svg, tab-selected-start.svg) get pre-processed in
# Makefile.in with a non-default marker of "%" and the result of that gets packaged.
@ -287,7 +288,6 @@ browser.jar:
skin/classic/browser/tabbrowser/tab-stroke-end@2x.png (tabbrowser/tab-stroke-end@2x.png)
skin/classic/browser/tabbrowser/tab-stroke-start.png (tabbrowser/tab-stroke-start.png)
skin/classic/browser/tabbrowser/tab-stroke-start@2x.png (tabbrowser/tab-stroke-start@2x.png)
skin/classic/browser/tabbrowser/tab-overflow-border.png (tabbrowser/tab-overflow-border.png)
skin/classic/browser/tabbrowser/tabDragIndicator.png (tabbrowser/tabDragIndicator.png)
skin/classic/browser/tabbrowser/tabDragIndicator@2x.png (tabbrowser/tabDragIndicator@2x.png)
skin/classic/browser/tabbrowser/tab-separator.png (tabbrowser/tab-separator.png)

BIN
browser/themes/osx/tabbrowser/tab-overflow-border.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 184 B

BIN
browser/themes/shared/tabbrowser/tab-overflow-indicator.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 578 B

37
browser/themes/shared/tabs.inc.css
View File

@ -130,6 +130,43 @@
-moz-padding-start: @tabCurveHalfWidth@;
}
/* Tab Overflow */
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-start-indicator:not([collapsed]),
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-end-indicator:not([collapsed]) {
background-image: url(chrome://browser/skin/tabbrowser/tab-overflow-indicator.png);
background-size: 100% 100%;
width: 14px;
margin-bottom: @tabToolbarNavbarOverlap@;
pointer-events: none;
position: relative;
z-index: 3; /* the selected tab's z-index + 1 */
}
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-start-indicator:-moz-locale-dir(rtl),
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-end-indicator:-moz-locale-dir(ltr) {
transform: scaleX(-1);
}
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-start-indicator:not([collapsed]) {
-moz-margin-start: -2px;
-moz-margin-end: -12px;
}
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-end-indicator:not([collapsed]) {
-moz-margin-start: -12px;
-moz-margin-end: -2px;
}
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-start-indicator[collapsed],
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-end-indicator[collapsed] {
opacity: 0;
}
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-start-indicator,
.tabbrowser-arrowscrollbox > .arrowscrollbox-overflow-end-indicator {
transition: opacity 150ms ease;
}
.tab-background-start[selected=true]::after,
.tab-background-start[selected=true]::before,
.tab-background-start,

10
browser/themes/windows/browser.css
View File

@ -1855,9 +1855,6 @@ toolbarbutton[type="socialmark"] > .toolbarbutton-icon {
.tabbrowser-arrowscrollbox > .scrollbutton-down {
list-style-image: url("chrome://browser/skin/tabbrowser/tab-arrow-left.png");
margin: 0 0 @tabToolbarNavbarOverlap@;
padding-right: 2px;
border-right: 2px solid transparent;
background-origin: border-box;
}
#TabsToolbar[brighttext] > #tabbrowser-tabs > .tabbrowser-arrowscrollbox > .scrollbutton-up,
@ -1884,13 +1881,6 @@ toolbarbutton[type="socialmark"] > .toolbarbutton-icon {
transition: none;
}
.tabbrowser-arrowscrollbox > .scrollbutton-up:not([disabled]),
.tabbrowser-arrowscrollbox > .scrollbutton-down:not([disabled]) {
border-width: 0 2px 0 0;
border-style: solid;
border-image: url("chrome://browser/skin/tabbrowser/tab-overflow-border.png") 0 2 0 2 fill;
}
.tabs-newtab-button > .toolbarbutton-icon {
margin-top: -1px;
margin-bottom: -1px;

4
browser/themes/windows/jar.mn
View File

@ -196,7 +196,7 @@ browser.jar:
skin/classic/browser/tabbrowser/tab-background-middle@2x.png (tabbrowser/tab-background-middle@2x.png)
skin/classic/browser/tabbrowser/tab-background-end.png (tabbrowser/tab-background-end.png)
skin/classic/browser/tabbrowser/tab-background-end@2x.png (tabbrowser/tab-background-end@2x.png)
skin/classic/browser/tabbrowser/tab-overflow-border.png (tabbrowser/tab-overflow-border.png)
skin/classic/browser/tabbrowser/tab-overflow-indicator.png (../shared/tabbrowser/tab-overflow-indicator.png)
# NOTE: The following two files (tab-selected-end.svg, tab-selected-start.svg) get pre-processed in
# Makefile.in with a non-default marker of "%" and the result of that gets packaged.
@ -601,7 +601,7 @@ browser.jar:
skin/classic/aero/browser/tabbrowser/tab-background-middle@2x.png (tabbrowser/tab-background-middle@2x.png)
skin/classic/aero/browser/tabbrowser/tab-background-end.png (tabbrowser/tab-background-end.png)
skin/classic/aero/browser/tabbrowser/tab-background-end@2x.png (tabbrowser/tab-background-end@2x.png)
skin/classic/aero/browser/tabbrowser/tab-overflow-border.png (tabbrowser/tab-overflow-border.png)
skin/classic/aero/browser/tabbrowser/tab-overflow-indicator.png (../shared/tabbrowser/tab-overflow-indicator.png)
# NOTE: The following two files (tab-selected-end.svg, tab-selected-start.svg) get pre-processed in
# Makefile.in with a non-default marker of "%" and the result of that gets packaged.

BIN
browser/themes/windows/tabbrowser/tab-overflow-border.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 193 B

4
build/autoconf/compiler-opts.m4
View File

@ -25,8 +25,8 @@ case "$target" in
*-mingw*)
if test -z "$CC"; then CC=cl; fi
if test -z "$CXX"; then CXX=cl; fi
if test -z "$CPP"; then CPP="cl -E -nologo"; fi
if test -z "$CXXCPP"; then CXXCPP="cl -TP -E -nologo"; ac_cv_prog_CXXCPP="$CXXCPP"; fi
if test -z "$CPP"; then CPP="$CC -E -nologo"; fi
if test -z "$CXXCPP"; then CXXCPP="$CXX -TP -E -nologo"; ac_cv_prog_CXXCPP="$CXXCPP"; fi
if test -z "$LD"; then LD=link; fi
if test -z "$AS"; then
case "${target_cpu}" in

14
build/docs/test_manifests.rst
View File

@ -7,7 +7,7 @@ Test Manifests
Many test suites have their test metadata defined in files called
**test manifests**.
Test manifests are divided into two flavors: :ref:`manifest_destiny_manifests`
Test manifests are divided into two flavors: :ref:`manifestparser_manifests`
and :ref:`reftest_manifests`.
Naming Convention
@ -34,16 +34,16 @@ xpcshell.ini
webapprt.ini
For the *chrome* flavor of webapp runtime mochitests.
.. _manifest_destiny_manifests:
.. _manifestparser_manifests:
Manifest Destiny Manifests
ManifestParser Manifests
==========================
Manifest destiny manifests are essentially ini files that conform to a basic
ManifestParser manifests are essentially ini files that conform to a basic
set of assumptions.
The `reference documentation <http://mozbase.readthedocs.org/en/latest/manifestdestiny.html>`_
for manifest destiny manifests describes the basic format of test manifests.
The `reference documentation <http://mozbase.readthedocs.org/en/latest/manifestparser.html>`_
for manifestparser manifests describes the basic format of test manifests.
In summary, manifests are ini files with section names describing test files::
@ -166,7 +166,7 @@ The expressions can reference a well-defined set of variables, such as
the :ref:`mozinfo documentation <mozinfo_attributes>`.
See
`the source <https://hg.mozilla.org/mozilla-central/file/default/testing/mozbase/manifestdestiny/manifestparser/manifestparser.py>`_ for the full documentation of the
`the source <https://hg.mozilla.org/mozilla-central/file/default/testing/mozbase/manifestparser/manifestparser/manifestparser.py>`_ for the full documentation of the
expression syntax until it is documented here.
.. todo::

2
build/mach_bootstrap.py
View File

@ -58,7 +58,7 @@ SEARCH_PATHS = [
'testing/mozbase/mozinfo',
'testing/mozbase/moztest',
'testing/mozbase/mozversion',
'testing/mozbase/manifestdestiny',
'testing/mozbase/manifestparser',
'xpcom/idl-parser',
]

16
caps/src/nsScriptSecurityManager.cpp
View File

@ -81,22 +81,6 @@ bool nsScriptSecurityManager::sStrictFileOriginPolicy = true;
///////////////////////////
// Convenience Functions //
///////////////////////////
// Result of this function should not be freed.
static inline const char16_t *
IDToString(JSContext *cx, jsid id_)
{
JS::RootedId id(cx, id_);
if (JSID_IS_STRING(id))
return JS_GetInternedStringChars(JSID_TO_STRING(id));
JS::Rooted<JS::Value> idval(cx);
if (!JS_IdToValue(cx, id, &idval))
return nullptr;
JSString *str = JS::ToString(cx, idval);
if(!str)
return nullptr;
return JS_GetStringCharsZ(cx, str);
}
class nsAutoInPrincipalDomainOriginSetter {
public:

14
configure.in
View File

@ -3941,7 +3941,6 @@ MOZ_USE_NATIVE_POPUP_WINDOWS=
MOZ_ANDROID_HISTORY=
MOZ_WEBSMS_BACKEND=
MOZ_ANDROID_BEAM=
MOZ_ANDROID_SYNTHAPKS=
MOZ_LOCALE_SWITCHER=
ACCESSIBILITY=1
MOZ_TIME_MANAGER=
@ -4966,18 +4965,6 @@ if test -n "$MOZ_ANDROID_BEAM"; then
AC_DEFINE(MOZ_ANDROID_BEAM)
fi
dnl ========================================================
dnl = Synthesized Webapp APKs on Android
dnl ========================================================
MOZ_ARG_ENABLE_BOOL(android-synthapks,
[ --enable-android-synthapks Enable synthesized APKs],
MOZ_ANDROID_SYNTHAPKS=1,
MOZ_ANDROID_SYNTHAPKS=)
if test -n "$MOZ_ANDROID_SYNTHAPKS"; then
AC_DEFINE(MOZ_ANDROID_SYNTHAPKS)
fi
dnl ========================================================
dnl = JS Debugger XPCOM component (js/jsd)
dnl ========================================================
@ -8574,7 +8561,6 @@ AC_SUBST(MOZ_METRO)
AC_SUBST(MOZ_ANDROID_HISTORY)
AC_SUBST(MOZ_WEBSMS_BACKEND)
AC_SUBST(MOZ_ANDROID_BEAM)
AC_SUBST(MOZ_ANDROID_SYNTHAPKS)
AC_SUBST(MOZ_LOCALE_SWITCHER)
AC_SUBST(MOZ_DISABLE_GECKOVIEW)
AC_SUBST(ENABLE_STRIP)

1
content/base/src/Link.cpp
View File

@ -183,7 +183,6 @@ Link::SetHost(const nsAString &aHost)
(void)uri->SetHostPort(NS_ConvertUTF16toUTF8(aHost));
SetHrefAttribute(uri);
return;
}
void

2
content/base/test/csp/file_CSP_evalscript_main.html^headers^
View File

@ -1,2 +1,2 @@
Cache-Control: no-cache
X-Content-Security-Policy: default-src 'self'
Content-Security-Policy: default-src 'self'

0
content/base/test/csp/file_CSP_evalscript_main_spec_compliant_allowed.html → content/base/test/csp/file_CSP_evalscript_main_allowed.html
View File

0
content/base/test/csp/file_CSP_evalscript_main_spec_compliant_allowed.html^headers^ → content/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^
View File

0
content/base/test/csp/file_CSP_evalscript_main_spec_compliant_allowed_getCRMFRequest.html → content/base/test/csp/file_CSP_evalscript_main_allowed_getCRMFRequest.html
View File

0
content/base/test/csp/file_CSP_evalscript_main_spec_compliant_allowed_getCRMFRequest.html^headers^ → content/base/test/csp/file_CSP_evalscript_main_allowed_getCRMFRequest.html^headers^
View File

2
content/base/test/csp/file_CSP_evalscript_main_getCRMFRequest.html^headers^
View File

@ -1,2 +1,2 @@
Cache-Control: no-cache
X-Content-Security-Policy: default-src 'self'
Content-Security-Policy: default-src 'self'

2
content/base/test/csp/file_CSP_evalscript_main_spec_compliant.html^headers^
View File

@ -1,2 +0,0 @@
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'

2
content/base/test/csp/file_CSP_evalscript_main_spec_compliant_getCRMFRequest.html^headers^
View File

@ -1,2 +0,0 @@
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'

4
content/base/test/csp/file_CSP_frameancestors.sjs
View File

@ -15,7 +15,7 @@ function handleRequest(request, response)
// grab the desired policy from the query, and then serve a page
if (query['csp'])
response.setHeader("X-Content-Security-Policy",
response.setHeader("Content-Security-Policy",
unescape(query['csp']),
false);
if (query['scriptedreport']) {
@ -31,7 +31,7 @@ function handleRequest(request, response)
response.write('<html><head>');
if (query['double'])
response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
else
else
response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
response.write('</head><body>');
response.write(unescape(query['internalframe']));

2
content/base/test/csp/file_CSP_frameancestors_main.html
View File

@ -7,7 +7,7 @@
</head>
<body>
<!-- These iframes will get populated by the attached javascript. -->
<tt> aa_allow: /* innermost frame allows a */</tt><br/>
<iframe id='aa_allow'></iframe><br/>

24
content/base/test/csp/file_CSP_frameancestors_main.js
View File

@ -15,50 +15,50 @@ function setupFrames() {
var elt = null;
elt = $('aa_allow');
elt.src = base.a + "?testid=aa_allow&internalframe=aa_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt.src = base.a + "?testid=aa_allow&internalframe=aa_a&csp=" +
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt = $('aa_block');
elt.src = base.a + "?testid=aa_block&internalframe=aa_b&csp=" +
escape("allow 'none'; frame-ancestors 'none'; script-src 'self'");
elt.src = base.a + "?testid=aa_block&internalframe=aa_b&csp=" +
escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'");
elt = $('ab_allow');
elt.src = base.b + "?testid=ab_allow&internalframe=ab_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt = $('ab_block');
elt.src = base.b + "?testid=ab_block&internalframe=ab_b&csp=" +
escape("allow 'none'; frame-ancestors 'none'; script-src 'self'");
escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'");
/* .... two-level framing */
elt = $('aba_allow');
innerframeuri = base.a + "?testid=aba_allow&double=1&internalframe=aba_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
escape("default-src 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('aba_block');
innerframeuri = base.a + "?testid=aba_allow&double=1&internalframe=aba_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('aba2_block');
innerframeuri = base.a + "?testid=aba_allow&double=1&internalframe=aba2_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.b + "; script-src 'self'");
escape("default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb_allow');
innerframeuri = base.b + "?testid=abb_allow&double=1&internalframe=abb_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
escape("default-src 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb_block');
innerframeuri = base.b + "?testid=abb_allow&double=1&internalframe=abb_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb2_block');
innerframeuri = base.b + "?testid=abb_allow&double=1&internalframe=abb2_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.b + "; script-src 'self'");
escape("default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
}

65
content/base/test/csp/file_CSP_frameancestors_main_spec_compliant.js
View File

@ -1,65 +0,0 @@
// Script to populate the test frames in the frame ancestors mochitest.
//
function setupFrames() {
var $ = function(v) { return document.getElementById(v); }
var base = {
self: '/tests/content/base/test/csp/file_CSP_frameancestors_spec_compliant.sjs',
a: 'http://mochi.test:8888/tests/content/base/test/csp/file_CSP_frameancestors_spec_compliant.sjs',
b: 'http://example.com/tests/content/base/test/csp/file_CSP_frameancestors_spec_compliant.sjs'
};
var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };
var innerframeuri = null;
var elt = null;
elt = $('aa_allow_spec_compliant');
elt.src = base.a + "?testid=aa_allow_spec_compliant&internalframe=aa_a&csp=" +
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt = $('aa_block_spec_compliant');
elt.src = base.a + "?testid=aa_block_spec_compliant&internalframe=aa_b&csp=" +
escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'");
elt = $('ab_allow_spec_compliant');
elt.src = base.b + "?testid=ab_allow_spec_compliant&internalframe=ab_a&csp=" +
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt = $('ab_block_spec_compliant');
elt.src = base.b + "?testid=ab_block_spec_compliant&internalframe=ab_b&csp=" +
escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'");
/* .... two-level framing */
elt = $('aba_allow_spec_compliant');
innerframeuri = base.a + "?testid=aba_allow_spec_compliant&double=1&internalframe=aba_a&csp=" +
escape("default-src 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('aba_block_spec_compliant');
innerframeuri = base.a + "?testid=aba_allow_spec_compliant&double=1&internalframe=aba_b&csp=" +
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('aba2_block_spec_compliant');
innerframeuri = base.a + "?testid=aba_allow_spec_compliant&double=1&internalframe=aba2_b&csp=" +
escape("default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb_allow_spec_compliant');
innerframeuri = base.b + "?testid=abb_allow_spec_compliant&double=1&internalframe=abb_a&csp=" +
escape("default-src 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb_block_spec_compliant');
innerframeuri = base.b + "?testid=abb_allow_spec_compliant&double=1&internalframe=abb_b&csp=" +
escape("default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb2_block_spec_compliant');
innerframeuri = base.b + "?testid=abb_allow_spec_compliant&double=1&internalframe=abb2_b&csp=" +
escape("default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
}
window.addEventListener('load', setupFrames, false);

7
content/base/test/csp/file_CSP_inlinescript_main.html
View File

@ -1,8 +1,3 @@
<!--
-- The original CSP implementation predates the CSP 1.0 spec and didn't
-- block inline styles, so when the prefixed X-Content-Security-Policy header is used,
-- as it is for this file, inline styles should be allowed.
-->
<html>
<head>
<title>CSP inline script tests</title>
@ -13,7 +8,7 @@
window.parent.scriptRan(false, "textnode", "text node in a script tag executed.");
</script>
<iframe src='javascript:window.parent.parent.scriptRan(false, "jsuri", "javascript: uri in image tag")'></iframe>
<iframe src='javascript:window.parent.parent.scriptRan(false, "jsuri", "javascript: uri in image tag")' ></iframe>
<a id='anchortoclick' href='javascript:window.parent.scriptRan(false, "jsuri", "javascript: uri in anchor tag ran when clicked.");'>stuff</a>
</body>

2
content/base/test/csp/file_CSP_inlinescript_main.html^headers^
View File

@ -1,2 +1,2 @@
X-Content-Security-Policy: allow 'self'
Content-Security-Policy: default-src 'self'
Cache-Control: no-cache

0
content/base/test/csp/file_CSP_inlinescript_main_spec_compliant_allowed.html → content/base/test/csp/file_CSP_inlinescript_main_allowed.html
View File

0
content/base/test/csp/file_CSP_inlinescript_main_spec_compliant_allowed.html^headers^ → content/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^
View File

2
content/base/test/csp/file_CSP_inlinescript_main_spec_compliant.html^headers^
View File

@ -1,2 +0,0 @@
Content-Security-Policy: default-src 'self'
Cache-Control: no-cache

42
content/base/test/csp/file_CSP_inlinestyle_main.html
View File

@ -5,20 +5,36 @@
<!-- content= "div#linkstylediv { color: #0f0; }" -->
<link rel="stylesheet" type="text/css"
href='file_CSP.sjs?type=text/css&content=div%23linkstylediv%20%7B%20color%3A%20%230f0%3B%20%7D' />
<!-- content= "div#modifycsstextdiv { color: #0f0; }" -->
<link rel="stylesheet" type="text/css"
href='file_CSP.sjs?type=text/css&content=div%23modifycsstextdiv%20%7B%20color%3A%20%23f00%3B%20%7D' />
<script>
function cssTest() {
var elem = document.getElementById('csstextstylediv');
elem.style.cssText = "color: #00FF00;";
getComputedStyle(elem, null).color;
document.styleSheets[1].cssRules[0].style.cssText = "color: #00FF00;";
elem = document.getElementById('modifycsstextdiv');
getComputedStyle(elem, null).color;
}
</script>
</head>
<body>
<body onload='cssTest()'>
<style type="text/css">
div#inlinestylediv {
color: #00ff00;
color: #FF0000;
}
</style>
<div id='linkstylediv'>Link tag (external) stylesheet test (should be green)</div>
<div id='attrstylediv' style="color: #00ff00;">Attribute stylesheet test (should be green)</div>
<div id='inlinestylediv'>Inline stylesheet test (should be green)</div>
<div id='inlinestylediv'>Inline stylesheet test (should be black)</div>
<div id='attrstylediv' style="color: #FF0000;">Attribute stylesheet test (should be black)</div>
<div id='csstextstylediv'>cssText test (should be black)</div>
<div id='modifycsstextdiv'> modify rule from style sheet via cssText(should be green) </div>
<!-- tests for SMIL stuff - animations -->
<!-- tests for SMIL stuff - animations -->
<svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
width="100%"
@ -26,38 +42,38 @@
<!-- Animates XML attribute, which is mapped into style. -->
<text id="xmlTest" x="0" y="15">
This should be green since the animation should be allowed by CSP.
This shouldn't be red since the animation should be blocked by CSP.
<animate attributeName="fill" attributeType="XML"
values="lime;green;lime" dur="2s"
values="red;orange;red" dur="2s"
repeatCount="indefinite" />
</text>
<!-- Animates override value for CSS property. -->
<text id="cssOverrideTest" x="0" y="35">
This should be green since the animation should be allowed by CSP.
This shouldn't be red since the animation should be blocked by CSP.
<animate attributeName="fill" attributeType="CSS"
values="lime;green;lime" dur="2s"
values="red;orange;red" dur="2s"
repeatCount="indefinite" />
</text>
<!-- Animates override value for CSS property targeted via ID. -->
<text id="cssOverrideTestById" x="0" y="55">
This should be green since the animation should be allowed by CSP.
This shouldn't be red since the animation should be blocked by CSP.
</text>
<animate xlink:href="#cssOverrideTestById"
attributeName="fill"
values="lime;green;lime"
values="red;orange;red"
dur="2s" repeatCount="indefinite" />
<!-- Sets value for CSS property targeted via ID. -->
<text id="cssSetTestById" x="0" y="75">
This should be green since the &lt;set&gt; should be allowed by CSP.
This shouldn't be red since the &lt;set&gt; should be blocked by CSP.
</text>
<set xlink:href="#cssSetTestById"
attributeName="fill"
to="lime" />
to="red" />
</svg>
</body>
</html>

2
content/base/test/csp/file_CSP_inlinestyle_main.html^headers^
View File

@ -1,2 +1,2 @@
X-Content-Security-Policy: default-src 'self'
Content-Security-Policy: default-src 'self' ; script-src 'self' 'unsafe-inline'
Cache-Control: no-cache

0
content/base/test/csp/file_CSP_inlinestyle_main_spec_compliant_allowed.html → content/base/test/csp/file_CSP_inlinestyle_main_allowed.html
View File

0
content/base/test/csp/file_CSP_inlinestyle_main_spec_compliant_allowed.html^headers^ → content/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^
View File

2
content/base/test/csp/file_CSP_inlinestyle_main_spec_compliant.html^headers^
View File

@ -1,2 +0,0 @@
Content-Security-Policy: default-src 'self' ; script-src 'self' 'unsafe-inline'
Cache-Control: no-cache

22
content/base/test/csp/file_CSP_main.html
View File

@ -5,11 +5,21 @@
<link rel='stylesheet' type='text/css'
href='file_CSP.sjs?testid=style_good&type=text/css' />
<!-- Used to embed inline styles here for testing fonts, but can't do that -->
<!-- due to bug 763879 (block inline styles). Moved these to an external, CSS -->
<!-- file (file_CSP.css). -->
<link rel='stylesheet' type='text/css' href='file_CSP.css' />
<style>
/* CSS font embedding tests */
@font-face {
font-family: "arbitrary_good";
src: url('file_CSP.sjs?testid=font_good&type=application/octet-stream');
}
@font-face {
font-family: "arbitrary_bad";
src: url('http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
}
.div_arbitrary_good { font-family: "arbitrary_good"; }
.div_arbitrary_bad { font-family: "arbitrary_bad"; }
</style>
</head>
<body>
<!-- these should be stopped by CSP. :) -->
@ -33,8 +43,8 @@
<embed src="file_CSP.sjs?testid=object_good&type=application/x-shockwave-flash"></embed>
</object>
<!-- XHR tests... they're taken care of in this script,
and since the URI doesn't have any 'testid' values,
<!-- XHR tests... they're taken care of in this script,
and since the URI doesn't have any 'testid' values,
it will just be ignored by the test framework. -->
<script src='file_CSP_main.js'></script>

2
content/base/test/csp/file_CSP_main.html^headers^
View File

@ -1 +1 @@
X-Content-Security-Policy: default-src 'self'
Content-Security-Policy: default-src 'self' ; style-src 'unsafe-inline' 'self'

55
content/base/test/csp/file_CSP_main_spec_compliant.html
View File

@ -1,55 +0,0 @@
<html>
<head>
<link rel='stylesheet' type='text/css'
href='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=style_spec_compliant_bad&type=text/css' />
<link rel='stylesheet' type='text/css'
href='file_CSP.sjs?testid=style_spec_compliant_good&type=text/css' />
<style>
/* CSS font embedding tests */
@font-face {
font-family: "arbitrary_good";
src: url('file_CSP.sjs?testid=font_spec_compliant_good&type=application/octet-stream');
}
@font-face {
font-family: "arbitrary_bad";
src: url('http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=font_spec_compliant_bad&type=application/octet-stream');
}
.div_arbitrary_good { font-family: "arbitrary_good"; }
.div_arbitrary_bad { font-family: "arbitrary_bad"; }
</style>
</head>
<body>
<!-- these should be stopped by CSP. :) -->
<img src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=img_spec_compliant_bad&type=img/png"> </img>
<audio src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=media_spec_compliant_bad&type=audio/vorbis"></audio>
<script src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=script_spec_compliant_bad&type=text/javascript'></script>
<iframe src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=frame_spec_compliant_bad&content=FAIL'></iframe>
<object width="10" height="10">
<param name="movie" value="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_spec_compliant_bad&type=application/x-shockwave-flash">
<embed src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_spec_compliant_bad&type=application/x-shockwave-flash"></embed>
</object>
<!-- these should load ok. :) -->
<img src="file_CSP.sjs?testid=img_spec_compliant_good&type=img/png" />
<audio src="file_CSP.sjs?testid=media_spec_compliant_good&type=audio/vorbis"></audio>
<script src='file_CSP.sjs?testid=script_spec_compliant_good&type=text/javascript'></script>
<iframe src='file_CSP.sjs?testid=frame_spec_compliant_good&content=PASS'></iframe>
<object width="10" height="10">
<param name="movie" value="file_CSP.sjs?testid=object_spec_compliant_good&type=application/x-shockwave-flash">
<embed src="file_CSP.sjs?testid=object_spec_compliant_good&type=application/x-shockwave-flash"></embed>
</object>
<!-- XHR tests... they're taken care of in this script,
and since the URI doesn't have any 'testid' values,
it will just be ignored by the test framework. -->
<script src='file_CSP_main_spec_compliant.js'></script>
<!-- Support elements for the @font-face test -->
<div class="div_arbitrary_good">arbitrary good</div>
<div class="div_arbitrary_bad">arbitrary_bad</div>
</body>
</html>

1
content/base/test/csp/file_CSP_main_spec_compliant.html^headers^
View File

@ -1 +0,0 @@
Content-Security-Policy: default-src 'self' ; style-src 'unsafe-inline' 'self'

27
content/base/test/csp/file_csp_redirects_main.html
View File

@ -11,24 +11,15 @@ var thisSite = "http://mochi.test:8888";
var otherSite = "http://example.com";
var page = "/tests/content/base/test/csp/file_csp_redirects_page.sjs";
var tests = { "font-src": thisSite+page+"?testid=font-src&csp=1",
"frame-src": thisSite+page+"?testid=frame-src&csp=1",
"img-src": thisSite+page+"?testid=img-src&csp=1",
"media-src": thisSite+page+"?testid=media-src&csp=1",
"object-src": thisSite+page+"?testid=object-src&csp=1",
"script-src": thisSite+page+"?testid=script-src&csp=1",
"style-src": thisSite+page+"?testid=style-src&csp=1",
"worker": thisSite+page+"?testid=worker&csp=1",
"xhr-src": thisSite+page+"?testid=xhr-src&csp=1",
"font-src-spec-compliant": thisSite+page+"?testid=font-src-spec-compliant&csp=1&spec=1",
"frame-src-spec-compliant": thisSite+page+"?testid=frame-src-spec-compliant&csp=1&spec=1",
"img-src-spec-compliant": thisSite+page+"?testid=img-src-spec-compliant&csp=1&spec=1",
"media-src-spec-compliant": thisSite+page+"?testid=media-src-spec-compliant&csp=1&spec=1",
"object-src-spec-compliant": thisSite+page+"?testid=object-src-spec-compliant&csp=1&spec=1",
"script-src-spec-compliant": thisSite+page+"?testid=script-src-spec-compliant&csp=1&spec=1",
"style-src-spec-compliant": thisSite+page+"?testid=style-src-spec-compliant&csp=1&spec=1",
"worker-spec-compliant": thisSite+page+"?testid=worker-spec-compliant&csp=1&spec=1",
"xhr-src-spec-compliant": thisSite+page+"?testid=xhr-src-spec-compliant&csp=1&spec=1",
var tests = { "font-src": thisSite+page+"?testid=font-src&csp=1&spec=1",
"frame-src": thisSite+page+"?testid=frame-src&csp=1&spec=1",
"img-src": thisSite+page+"?testid=img-src&csp=1&spec=1",
"media-src": thisSite+page+"?testid=media-src&csp=1&spec=1",
"object-src": thisSite+page+"?testid=object-src&csp=1&spec=1",
"script-src": thisSite+page+"?testid=script-src&csp=1&spec=1",
"style-src": thisSite+page+"?testid=style-src&csp=1&spec=1",
"worker": thisSite+page+"?testid=worker&csp=1&spec=1",
"xhr-src": thisSite+page+"?testid=xhr-src&csp=1&spec=1",
};
var container = document.getElementById("container");

50
content/base/test/csp/file_csp_redirects_page.sjs
View File

@ -33,101 +33,51 @@ function handleRequest(request, response)
return;
}
if (query["testid"] == "font-src-spec-compliant") {
var resp = '<style type="text/css"> @font-face { font-family:' +
'"Redirecting Font Spec Compliant"; src: url("' + resource +
'?res=font-spec-compliant&redir=other&id=font-src-redir-spec-compliant")} #test{font-family:' +
'"Redirecting Font Spec Compliant"}</style></head><body>' +
'<div id="test">test</div></body>';
response.write(resp);
return;
}
// iframe that redirects to another site
if (query["testid"] == "frame-src") {
response.write('<iframe src="'+resource+'?res=iframe&redir=other&id=frame-src-redir"></iframe>');
return;
}
if (query["testid"] == "frame-src-spec-compliant") {
response.write('<iframe src="'+resource+'?res=iframe&redir=other&id=frame-src-redir-spec-compliant"></iframe>');
return;
}
// image that redirects to another site
if (query["testid"] == "img-src") {
response.write('<img src="'+resource+'?res=image&redir=other&id=img-src-redir" />');
return;
}
if (query["testid"] == "img-src-spec-compliant") {
response.write('<img src="'+resource+'?res=image&redir=other&id=img-src-redir-spec-compliant" />');
return;
}
// video content that redirects to another site
if (query["testid"] == "media-src") {
response.write('<video src="'+resource+'?res=media&redir=other&id=media-src-redir"></video>');
return;
}
if (query["testid"] == "media-src-spec-compliant") {
response.write('<video src="'+resource+'?res=media&redir=other&id=media-src-redir-spec-compliant"></video>');
return;
}
// object content that redirects to another site
if (query["testid"] == "object-src") {
response.write('<object type="text/html" data="'+resource+'?res=object&redir=other&id=object-src-redir"></object>');
return;
}
if (query["testid"] == "object-src-spec-compliant") {
response.write('<object type="text/html" data="'+resource+'?res=object&redir=other&id=object-src-redir-spec-compliant"></object>');
return;
}
// external script that redirects to another site
if (query["testid"] == "script-src") {
response.write('<script src="'+resource+'?res=script&redir=other&id=script-src-redir"></script>');
return;
}
if (query["testid"] == "script-src-spec-compliant") {
response.write('<script src="'+resource+'?res=script&redir=other&id=script-src-redir-spec-compliant"></script>');
return;
}
// external stylesheet that redirects to another site
if (query["testid"] == "style-src") {
response.write('<link rel="stylesheet" type="text/css" href="'+resource+'?res=style&redir=other&id=style-src-redir"></script>');
return;
}
if (query["testid"] == "style-src-spec-compliant") {
response.write('<link rel="stylesheet" type="text/css" href="'+resource+'?res=style&redir=other&id=style-src-redir-spec-compliant"></script>');
return;
}
// worker script resource that redirects to another site
if (query["testid"] == "worker") {
response.write('<script src="'+resource+'?res=worker&redir=other&id=worker-redir"></script>');
return;
}
if (query["testid"] == "worker-spec-compliant") {
response.write('<script src="'+resource+'?res=worker&redir=other&id=worker-redir-spec-compliant"></script>');
return;
}
// script that XHR's to a resource that redirects to another site
if (query["testid"] == "xhr-src") {
response.write('<script src="'+resource+'?res=xhr"></script>');
return;
}
if (query["testid"] == "xhr-src-spec-compliant") {
response.write('<script src="'+resource+'?res=xhr-spec-compliant"></script>');
return;
}
}

13
content/base/test/csp/file_csp_redirects_resource.sjs
View File

@ -43,13 +43,6 @@ function handleRequest(request, response)
return;
}
if (query["res"] == "font-spec-compliant") {
response.setHeader("Access-Control-Allow-Origin", "*", false);
response.setHeader("Content-Type", "text/plain", false);
response.write("font data...");
return;
}
// iframe with arbitrary content
if (query["res"] == "iframe") {
response.setHeader("Content-Type", "text/html", false);
@ -109,17 +102,17 @@ function handleRequest(request, response)
return;
}
if (query["res"] == "xhr-spec-compliant") {
if (query["res"] == "xhr") {
response.setHeader("Content-Type", "text/html", false);
var resp = 'var x = new XMLHttpRequest(); x.open("GET", "' + otherSite +
resource+'?res=xhr-resp-spec-compliant&testid=xhr-src-redir-spec-compliant", false); ' +
resource+'?res=xhr-resp&testid=xhr-src-redir", false); ' +
'x.send(null);';
response.write(resp);
return;
}
// response to XHR
if (query["res"] == "xhr-resp-spec-compliant") {
if (query["res"] == "xhr-resp") {
response.setHeader("Access-Control-Allow-Origin", "*", false);
response.setHeader("Content-Type", "text/html", false);
response.write('XHR response...');

4
content/base/test/csp/file_csp_report.sjs
View File

@ -14,8 +14,8 @@ function handleRequest(request, response)
response.setHeader("Cache-Control", "no-cache", false);
// set CSP header
response.setHeader("X-Content-Security-Policy",
"allow 'self'; report-uri http://mochi.test:8888/csp-report.cgi",
response.setHeader("Content-Security-Policy",
"default-src 'self'; report-uri http://mochi.test:8888/csp-report.cgi",
false);
// content which will trigger a violation report

2
content/base/test/csp/file_multi_policy_injection_bypass.html^headers^
View File

@ -1 +1 @@
X-Content-Security-Policy: default-src 'self', allow *
Content-Security-Policy: default-src 'self', default-src *

2
content/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^
View File

@ -1 +1 @@
X-Content-Security-Policy: default-src 'self' , allow *
Content-Security-Policy: default-src 'self' , default-src *

2
content/base/test/csp/file_redirect_content.sjs
View File

@ -25,7 +25,7 @@ function handleRequest(request, response) {
var csp = "default-src \'self\';report-uri http://mochi.test:8888/tests/content/base/test/csp/file_redirect_report.sjs?" + redirect;
response.setHeader("X-Content-Security-Policy", csp, false);
response.setHeader("Content-Security-Policy", csp, false);
// the actual file content.
// this image load will (intentionally) fail due to the CSP policy of default-src: 'self'

2
content/base/test/csp/file_subframe_run_js_if_allowed.html^headers^
View File

@ -1 +1 @@
X-Content-Security-Policy: default-src *; options inline-script
Content-Security-Policy: default-src *; script-src 'unsafe-inline'

50
content/base/test/csp/mochitest.ini
View File

@ -17,53 +17,35 @@ support-files =
file_CSP_bug885433_blocks.html^headers^
file_CSP_bug888172.html
file_CSP_bug888172.sjs
file_CSP_bug916446.html
file_CSP_bug916446.html^headers^
file_CSP_evalscript_main.html
file_CSP_evalscript_main.html^headers^
file_CSP_evalscript_main.js
file_CSP_evalscript_main_allowed.js
file_CSP_evalscript_main_allowed_getCRMFRequest.js
file_CSP_evalscript_main_getCRMFRequest.js
file_CSP_evalscript_main.html
file_CSP_evalscript_main.html^headers^
file_CSP_evalscript_main_allowed.html
file_CSP_evalscript_main_allowed.html^headers^
file_CSP_evalscript_main_allowed_getCRMFRequest.html
file_CSP_evalscript_main_allowed_getCRMFRequest.html^headers^
file_CSP_evalscript_main_getCRMFRequest.html
file_CSP_evalscript_main_getCRMFRequest.html^headers^
file_CSP_evalscript_main_getCRMFRequest.js
file_CSP_evalscript_main_spec_compliant.html
file_CSP_evalscript_main_spec_compliant.html^headers^
file_CSP_evalscript_main_spec_compliant_allowed.html
file_CSP_evalscript_main_spec_compliant_allowed.html^headers^
file_CSP_evalscript_main_spec_compliant_allowed_getCRMFRequest.html
file_CSP_evalscript_main_spec_compliant_allowed_getCRMFRequest.html^headers^
file_CSP_evalscript_main_spec_compliant_getCRMFRequest.html
file_CSP_evalscript_main_spec_compliant_getCRMFRequest.html^headers^
file_CSP_evalscript_no_CSP_at_all.html
file_CSP_evalscript_no_CSP_at_all.html^headers^
file_CSP_evalscript_no_CSP_at_all.js
file_CSP_frameancestors.sjs
file_CSP_frameancestors_main.html
file_CSP_frameancestors_main.js
file_CSP_frameancestors_main_spec_compliant.html
file_CSP_frameancestors_main_spec_compliant.js
file_CSP_frameancestors_spec_compliant.sjs
file_CSP_frameancestors.sjs
file_CSP_inlinescript_main.html
file_CSP_inlinescript_main.html^headers^
file_CSP_inlinescript_main_spec_compliant.html
file_CSP_inlinescript_main_spec_compliant.html^headers^
file_CSP_inlinescript_main_spec_compliant_allowed.html
file_CSP_inlinescript_main_spec_compliant_allowed.html^headers^
file_CSP_inlinescript_main_allowed.html
file_CSP_inlinescript_main_allowed.html^headers^
file_CSP_inlinestyle_main.html
file_CSP_inlinestyle_main.html^headers^
file_CSP_inlinestyle_main_spec_compliant.html
file_CSP_inlinestyle_main_spec_compliant.html^headers^
file_CSP_inlinestyle_main_spec_compliant_allowed.html
file_CSP_inlinestyle_main_spec_compliant_allowed.html^headers^
file_CSP_inlinestyle_main_allowed.html
file_CSP_inlinestyle_main_allowed.html^headers^
file_CSP_main.html
file_CSP_main.html^headers^
file_CSP_main.js
file_CSP_main_spec_compliant.html
file_CSP_main_spec_compliant.html^headers^
file_CSP_main_spec_compliant.js
file_bothCSPheaders.html
file_bothCSPheaders.html^headers^
file_bug836922_npolicies.html
file_bug836922_npolicies.html^headers^
file_bug836922_npolicies_ro_violation.sjs
@ -104,8 +86,6 @@ support-files =
file_CSP_bug941404_xhr.html^headers^
file_hash_source.html
file_hash_source.html^headers^
file_dual_headers_warning.html
file_dual_headers_warning.html^headers^
file_self_none_as_hostname_confusion.html
file_self_none_as_hostname_confusion.html^headers^
file_csp_testserver.sjs
@ -114,8 +94,6 @@ support-files =
file_report_uri_missing_in_report_only_header.html
file_report_uri_missing_in_report_only_header.html^headers^
file_csp_report.sjs
file_policyuri_async_fetch.html
file_policyuri_async_fetch.html^headers^
file_redirect_content.sjs
file_redirect_report.sjs
file_subframe_run_js_if_allowed.html
@ -130,7 +108,6 @@ support-files =
[test_CSP_bug802872.html]
[test_CSP_bug885433.html]
[test_CSP_bug888172.html]
[test_CSP_bug916446.html]
[test_CSP_evalscript.html]
[test_CSP_evalscript_getCRMFRequest.html]
skip-if = buildapp == 'b2g' || toolkit == 'android' || e10s # no (deprecated) window.crypto support in multiprocess (bug 824652)
@ -138,7 +115,6 @@ skip-if = buildapp == 'b2g' || toolkit == 'android' || e10s # no (deprecated) wi
skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug)) || toolkit == 'android' # Times out, not sure why (bug 1008445)
[test_CSP_inlinescript.html]
[test_CSP_inlinestyle.html]
[test_bothCSPheaders.html]
[test_bug836922_npolicies.html]
[test_bug886164.html]
[test_csp_redirects.html]
@ -149,14 +125,12 @@ skip-if = (buildapp == 'b2g' && (toolkit != 'gonk' || debug)) || toolkit == 'and
[test_CSP_bug941404.html]
[test_hash_source.html]
skip-if = e10s || buildapp == 'b2g' # can't compute hashes in child process (bug 958702)
[test_dual_headers_warning.html]
[test_self_none_as_hostname_confusion.html]
[test_bug949549.html]
[test_csp_regexp_parsing.html]
[test_report_uri_missing_in_report_only_header.html]
[test_csp_report.html]
skip-if = e10s || buildapp == 'b2g' # http-on-opening-request observer not supported in child process (bug 1009632)
[test_policyuri_async_fetch.html]
[test_301_redirect.html]
[test_302_redirect.html]
[test_303_redirect.html]

8
content/base/test/csp/test_301_redirect.html
View File

@ -66,7 +66,13 @@ window.done = function(result) {
SimpleTest.waitForExplicitFinish();
// save this for last so that our listeners are registered.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?301';
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?301';
});
</script>
</pre>
</body>

8
content/base/test/csp/test_302_redirect.html
View File

@ -66,7 +66,13 @@ window.done = function(result) {
SimpleTest.waitForExplicitFinish();
// save this for last so that our listeners are registered.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?302';
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?302';
});
</script>
</pre>
</body>

8
content/base/test/csp/test_303_redirect.html
View File

@ -66,7 +66,13 @@ window.done = function(result) {
SimpleTest.waitForExplicitFinish();
// save this for last so that our listeners are registered.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?303';
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?303';
});
</script>
</pre>
</body>

8
content/base/test/csp/test_307_redirect.html
View File

@ -66,7 +66,13 @@ window.done = function(result) {
SimpleTest.waitForExplicitFinish();
// save this for last so that our listeners are registered.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?307';
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('content_iframe').src = 'file_redirect_content.sjs?307';
});
</script>
</pre>
</body>

20
content/base/test/csp/test_CSP.html
View File

@ -10,11 +10,8 @@
<div id="content" style="display: none">
</div>
<iframe style="width:200px;height:200px;" id='cspframe'></iframe>
<iframe style="width:200px;height:200px;" id='cspframe2'></iframe>
<script class="testbody" type="text/javascript">
var path = "/tests/content/base/test/csp/";
// These are test results: -1 means it hasn't run,
// true/false is the pass/fail result.
window.tests = {
@ -34,22 +31,6 @@ window.tests = {
font_bad: -1,
object_good: -1,
object_bad: -1,
img_spec_compliant_good: -1,
img_spec_compliant_bad: -1,
style_spec_compliant_good: -1,
style_spec_compliant_bad: -1,
frame_spec_compliant_good: -1,
frame_spec_compliant_bad: -1,
script_spec_compliant_good: -1,
script_spec_compliant_bad: -1,
xhr_spec_compliant_good: -1,
xhr_spec_compliant_bad: -1,
media_spec_compliant_good: -1,
media_spec_compliant_bad: -1,
font_spec_compliant_good: -1,
font_spec_compliant_bad: -1,
object_spec_compliant_good: -1,
object_spec_compliant_bad: -1,
};
// This is used to watch the blocked data bounce off CSP and allowed data
@ -131,7 +112,6 @@ SpecialPowers.pushPrefEnv(
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_CSP_main.html';
document.getElementById('cspframe2').src = 'file_CSP_main_spec_compliant.html';
});
</script>
</pre>

9
content/base/test/csp/test_CSP_evalscript.html
View File

@ -11,14 +11,11 @@
</div>
<iframe style="width:100%;height:300px;" id='cspframe'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe3'></iframe>
<script class="testbody" type="text/javascript">
var path = "/tests/content/base/test/csp/";
var evalScriptsThatRan = 0;
var evalScriptsBlocked = 0;
var evalScriptsTotal = 24;
var evalScriptsTotal = 16;
// called by scripts that run
var scriptRan = function(shouldrun, testname, data) {
@ -55,9 +52,7 @@ SpecialPowers.pushPrefEnv(
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_CSP_evalscript_main.html';
document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_spec_compliant.html';
document.getElementById('cspframe3').src = 'file_CSP_evalscript_main_spec_compliant_allowed.html';
// document.getElementById('cspframe4').src = 'file_CSP_evalscript_no_CSP_at_all.html';
document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_allowed.html';
});
</script>
</pre>

8
content/base/test/csp/test_CSP_evalscript_getCRMFRequest.html
View File

@ -12,14 +12,13 @@
<iframe style="width:100%;height:300px;" id='cspframe'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe3'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe4'></iframe>
<script class="testbody" type="text/javascript">
var path = "/tests/content/base/test/csp/";
var evalScriptsThatRan = 0;
var evalScriptsBlocked = 0;
var evalScriptsTotal = 4;
var evalScriptsTotal = 3;
// called by scripts that run
var scriptRan = function(shouldrun, testname, data) {
@ -55,9 +54,8 @@ SpecialPowers.pushPrefEnv(
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_CSP_evalscript_main_getCRMFRequest.html';
document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_spec_compliant_getCRMFRequest.html';
document.getElementById('cspframe3').src = 'file_CSP_evalscript_main_spec_compliant_allowed_getCRMFRequest.html';
document.getElementById('cspframe4').src = 'file_CSP_evalscript_no_CSP_at_all.html';
document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_allowed_getCRMFRequest.html';
document.getElementById('cspframe3').src = 'file_CSP_evalscript_no_CSP_at_all.html';
});
</script>
</pre>

18
content/base/test/csp/test_CSP_frameancestors.html
View File

@ -10,15 +10,12 @@
<div id="content" style="display: none">
</div>
<iframe style="width:100%;height:300px;" id='cspframe'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
<script class="testbody" type="text/javascript">
var path = "/tests/content/base/test/csp/";
// These are test results: -1 means it hasn't run,
// true/false is the pass/fail result.
var framesThatShouldLoad = {
aa_allow: -1, /* innermost frame allows a */
aa_allow: -1, /* innermost frame allows a *
//aa_block: -1, /* innermost frame denies a */
ab_allow: -1, /* innermost frame allows a */
//ab_block: -1, /* innermost frame denies a */
@ -28,19 +25,9 @@ var framesThatShouldLoad = {
abb_allow: -1, /* innermost frame allows b,a */
//abb_block: -1, /* innermost frame denies b */
//abb2_block: -1, /* innermost frame denies a */
aa_allow_spec_compliant: -1, /* innermost frame allows a *
//aa_block_spec_compliant: -1, /* innermost frame denies a */
ab_allow_spec_compliant: -1, /* innermost frame allows a */
//ab_block_spec_compliant: -1, /* innermost frame denies a */
aba_allow_spec_compliant: -1, /* innermost frame allows b,a */
//aba_block_spec_compliant: -1, /* innermost frame denies b */
//aba2_block_spec_compliant: -1, /* innermost frame denies a */
abb_allow_spec_compliant: -1, /* innermost frame allows b,a */
//abb_block_spec_compliant: -1, /* innermost frame denies b */
//abb2_block_spec_compliant: -1, /* innermost frame denies a */
};
var expectedViolationsLeft = 12;
var expectedViolationsLeft = 6;
// This is used to watch the blocked data bounce off CSP and allowed data
// get sent out to the wire.
@ -127,7 +114,6 @@ SpecialPowers.pushPrefEnv(
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_CSP_frameancestors_main.html';
document.getElementById('cspframe2').src = 'file_CSP_frameancestors_main_spec_compliant.html';
});
</script>

33
content/base/test/csp/test_CSP_inlinescript.html
View File

@ -11,16 +11,13 @@
<div id="content" style="display: none">
</div>
<iframe style="width:100%;height:300px;" id='cspframe'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe1'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe3'></iframe>
<script class="testbody" type="text/javascript">
var path = "/tests/content/base/test/csp/";
var inlineScriptsThatRan = 0;
var inlineScriptsBlocked = 0;
var inlineScriptsTotal = 12;
var inlineScriptsTotal = 8;
// This is used to watch the blocked data bounce off CSP and allowed data
// get sent out to the wire.
@ -79,8 +76,8 @@ var checkTestResults = function() {
// The four scripts in the page with 'unsafe-inline' should run.
is(inlineScriptsThatRan, 4, "there should be 4 inline scripts that ran");
// The other eight scripts in the other two pages should be blocked.
is(inlineScriptsBlocked, 8, "there should be 8 inline scripts that were blocked");
// The four scripts in the other page should be blocked.
is(inlineScriptsBlocked, 4, "there should be 4 inline scripts that were blocked");
// ... otherwise, finish
window.examiner.remove();
@ -92,10 +89,10 @@ var checkTestResults = function() {
window.examiner = new examiner();
SimpleTest.waitForExplicitFinish();
function clickit() {
var cspframe = document.getElementById('cspframe');
var a = cspframe.contentDocument.getElementById('anchortoclick');
sendMouseEvent({type:'click'}, a, cspframe.contentWindow);
function clickit1() {
var cspframe1 = document.getElementById('cspframe1');
var a = cspframe1.contentDocument.getElementById('anchortoclick');
sendMouseEvent({type:'click'}, a, cspframe1.contentWindow);
}
function clickit2() {
@ -104,23 +101,15 @@ function clickit2() {
sendMouseEvent({type:'click'}, a, cspframe2.contentWindow);
}
function clickit3() {
var cspframe3 = document.getElementById('cspframe3');
var a = cspframe3.contentDocument.getElementById('anchortoclick');
sendMouseEvent({type:'click'}, a, cspframe3.contentWindow);
}
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_CSP_inlinescript_main.html';
document.getElementById('cspframe').addEventListener('load', clickit, false);
document.getElementById('cspframe2').src = 'file_CSP_inlinescript_main_spec_compliant.html';
document.getElementById('cspframe1').src = 'file_CSP_inlinescript_main.html';
document.getElementById('cspframe1').addEventListener('load', clickit1, false);
document.getElementById('cspframe2').src = 'file_CSP_inlinescript_main_allowed.html';
document.getElementById('cspframe2').addEventListener('load', clickit2, false);
document.getElementById('cspframe3').src = 'file_CSP_inlinescript_main_spec_compliant_allowed.html';
document.getElementById('cspframe3').addEventListener('load', clickit3, false);
});
</script>
</pre>

133
content/base/test/csp/test_CSP_inlinestyle.html
View File

@ -10,33 +10,68 @@
<div id="content" style="display: none">
</div>
<iframe style="width:100%;height:300px;" id='cspframe'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe1'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe3'></iframe>
<script class="testbody" type="text/javascript">
var path = "/tests/content/base/test/csp/";
//////////////////////////////////////////////////////////////////////
// set up and go
SimpleTest.waitForExplicitFinish();
var done = 0;
// Our original CSP implementation does not block inline styles.
// When a CSP 1.0 compliant policy is specified we should block inline
// styles applied by <style> element, style attribute, and SMIL <animate> and <set> tags
// (when it's not explicitly allowed.)
function checkStyles(evt) {
var cspframe = document.getElementById('cspframe');
var cspframe = document.getElementById('cspframe1');
var color;
// black means the style wasn't applied. green colors are used for styles
//expected to be applied. A color is red if a style is erroneously applied
color = window.getComputedStyle(cspframe.contentDocument.getElementById('linkstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'External Stylesheet (original CSP implementation) (' + color + ')');
ok('rgb(0, 255, 0)' === color, 'External Stylesheet (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('inlinestylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Inline Style TAG (original CSP implementation) (' + color + ')');
ok('rgb(0, 0, 0)' === color, 'Inline Style TAG (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('attrstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Style Attribute (original CSP implementation) (' + color + ')');
ok('rgb(0, 0, 0)' === color, 'Style Attribute (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('csstextstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'cssText (' + color + ')');
// SMIL tests
color = window.getComputedStyle(cspframe.contentDocument.getElementById('xmlTest',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'XML Attribute styling (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssOverrideTest',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'CSS Override styling (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssOverrideTestById',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'CSS Override styling via ID lookup (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssSetTestById',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'CSS Set Element styling via ID lookup (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('modifycsstextdiv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Modify loaded style sheet via cssText (' + color + ')');
checkIfDone();
}
// When a CSP 1.0 compliant policy is specified we should allow inline
// styles when it is explicitly allowed.
function checkStylesAllowed(evt) {
var cspframe = document.getElementById('cspframe2');
var color;
// black means the style wasn't applied. green colors are used for styles
// expected to be applied. A color is red if a style is erroneously applied
color = window.getComputedStyle(cspframe.contentDocument.getElementById('linkstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'External Stylesheet (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('inlinestylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Inline Style TAG (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('attrstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Style Attribute (' + color + ')');
// Note that the below test will fail if "script-src: 'unsafe-inline'" breaks,
// since it relies on executing script to set .cssText
color = window.getComputedStyle(cspframe.contentDocument.getElementById('csstextstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'style.cssText (' + color + ')');
// SMIL tests
color = window.getComputedStyle(cspframe.contentDocument.getElementById('xmlTest',null))['fill'];
ok('rgb(0, 255, 0)' === color, 'XML Attribute styling (SMIL) (' + color + ')');
@ -46,72 +81,8 @@ function checkStyles(evt) {
ok('rgb(0, 255, 0)' === color, 'CSS Override styling via ID lookup (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssSetTestById',null))['fill'];
ok('rgb(0, 255, 0)' === color, 'CSS Set Element styling via ID lookup (SMIL) (' + color + ')');
checkIfDone();
}
// When a CSP 1.0 compliant policy is specified we should block inline
// styles applied by <style> element, style attribute, and SMIL <animate> and <set> tags
// (when it's not explicitly allowed.)
function checkStylesSpecCompliant(evt) {
var cspframe = document.getElementById('cspframe2');
var color;
// black means the style wasn't applied. green colors are used for styles
//expected to be applied. A color is red if a style is erroneously applied
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('linkstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'External Stylesheet (CSP 1.0 spec compliant) (' + color + ')');
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('inlinestylediv'),null)['color'];
ok('rgb(0, 0, 0)' === color, 'Inline Style TAG (CSP 1.0 spec compliant) (' + color + ')');
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('attrstylediv'),null)['color'];
ok('rgb(0, 0, 0)' === color, 'Style Attribute (CSP 1.0 spec compliant) (' + color + ')');
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('csstextstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'cssText (CSP 1.0 spec compliant) (' + color + ')');
// SMIL tests
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('xmlTest',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'XML Attribute styling (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('cssOverrideTest',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'CSS Override styling (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('cssOverrideTestById',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'CSS Override styling via ID lookup (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('cssSetTestById',null))['fill'];
ok('rgb(0, 0, 0)' === color, 'CSS Set Element styling via ID lookup (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe2.contentDocument.getElementById('modifycsstextdiv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Modify loaded style sheet via cssText (' + color + ')');
checkIfDone();
}
// When a CSP 1.0 compliant policy is specified we should allow inline
// styles when it is explicitly allowed.
function checkStylesSpecCompliantAllowed(evt) {
var cspframe = document.getElementById('cspframe3');
var color;
// black means the style wasn't applied. green colors are used for styles
// expected to be applied. A color is red if a style is erroneously applied
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('linkstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'External Stylesheet (CSP 1.0 spec compliant, allowed) (' + color + ')');
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('inlinestylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Inline Style TAG (CSP 1.0 spec compliant, allowed) (' + color + ')');
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('attrstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Style Attribute (CSP 1.0 spec compliant, allowed) (' + color + ')');
// Note that the below test will fail if "script-src: 'unsafe-inline'" breaks,
// since it relies on executing script to set .cssText
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('csstextstylediv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'style.cssText (CSP 1.0 spec compliant, allowed) (' + color + ')');
// SMIL tests
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('xmlTest',null))['fill'];
ok('rgb(0, 255, 0)' === color, 'XML Attribute styling (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('cssOverrideTest',null))['fill'];
ok('rgb(0, 255, 0)' === color, 'CSS Override styling (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('cssOverrideTestById',null))['fill'];
ok('rgb(0, 255, 0)' === color, 'CSS Override styling via ID lookup (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('cssSetTestById',null))['fill'];
ok('rgb(0, 255, 0)' === color, 'CSS Set Element styling via ID lookup (SMIL) (' + color + ')');
color = window.getComputedStyle(cspframe3.contentDocument.getElementById('modifycsstextdiv'),null)['color'];
color = window.getComputedStyle(cspframe.contentDocument.getElementById('modifycsstextdiv'),null)['color'];
ok('rgb(0, 255, 0)' === color, 'Modify loaded style sheet via cssText (' + color + ')');
checkIfDone();
@ -119,7 +90,7 @@ function checkStylesSpecCompliantAllowed(evt) {
function checkIfDone() {
done++;
if (done == 3)
if (done == 2)
SimpleTest.finish();
}
@ -128,12 +99,10 @@ SpecialPowers.pushPrefEnv(
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_CSP_inlinestyle_main.html';
document.getElementById('cspframe').addEventListener('load', checkStyles, false);
document.getElementById('cspframe2').src = 'file_CSP_inlinestyle_main_spec_compliant.html';
document.getElementById('cspframe2').addEventListener('load', checkStylesSpecCompliant, false);
document.getElementById('cspframe3').src = 'file_CSP_inlinestyle_main_spec_compliant_allowed.html';
document.getElementById('cspframe3').addEventListener('load', checkStylesSpecCompliantAllowed, false);
document.getElementById('cspframe1').src = 'file_CSP_inlinestyle_main.html';
document.getElementById('cspframe1').addEventListener('load', checkStyles, false);
document.getElementById('cspframe2').src = 'file_CSP_inlinestyle_main_allowed.html';
document.getElementById('cspframe2').addEventListener('load', checkStylesAllowed, false);
}
);
</script>

3
content/base/test/csp/test_csp_bug768029.html
View File

@ -213,7 +213,8 @@ SpecialPowers.pushPrefEnv({'set': [["dom.mozBrowserFramesEnabled", true],
["security.apps.privileged.CSP.default", DEFAULT_CSP_PRIV],
["security.apps.certified.CSP.default", DEFAULT_CSP_CERT],
["security.mixed_content.block_active_content", false],
["security.mixed_content.block_display_content", false]]},
["security.mixed_content.block_display_content", false],
["security.csp.speccompliant", true]]},
function() { gTestRunner.next(); });

5
content/base/test/csp/test_csp_bug773891.html
View File

@ -1,7 +1,7 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=768029
https://bugzilla.mozilla.org/show_bug.cgi?id=773891
-->
<head>
<meta charset="utf-8">
@ -218,7 +218,8 @@ SpecialPowers.addPermission("browser", true, "https://example.com");
SpecialPowers.pushPrefEnv({'set': [["dom.mozBrowserFramesEnabled", true],
["security.apps.privileged.CSP.default", DEFAULT_CSP_PRIV],
["security.apps.certified.CSP.default", DEFAULT_CSP_CERT]]},
["security.apps.certified.CSP.default", DEFAULT_CSP_CERT],
["security.csp.speccompliant", true]]},
function() { gTestRunner.next(); });

18
content/base/test/csp/test_csp_redirects.html
View File

@ -86,24 +86,6 @@ var testExpectedResults = { "font-src": true,
"worker-redir": false,
"xhr-src": true,
"xhr-src-redir": false,
"font-src-spec-compliant": true,
"font-src-redir-spec-compliant": false,
"frame-src-spec-compliant": true,
"frame-src-redir-spec-compliant": false,
"img-src-spec-compliant": true,
"img-src-redir-spec-compliant": false,
"media-src-spec-compliant": true,
"media-src-redir-spec-compliant": false,
"object-src-spec-compliant": true,
"object-src-redir-spec-compliant": false,
"script-src-spec-compliant": true,
"script-src-redir-spec-compliant": false,
"style-src-spec-compliant": true,
"style-src-redir-spec-compliant": false,
"worker-spec-compliant": true,
"worker-redir-spec-compliant": false,
"xhr-src-spec-compliant": true,
"xhr-src-redir-spec-compliant": false,
};
// takes the name of the test, the URL that was tested, and whether the

9
content/base/test/csp/test_csp_report.html
View File

@ -100,8 +100,13 @@ window.examiner = new examiner();
SimpleTest.waitForExplicitFinish();
// load the resource which will generate a CSP violation report
document.getElementById("cspframe").src = testFile;
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById("cspframe").src = testFile;
});
</script>
</pre>
</body>

12
content/base/test/csp/test_multi_policy_injection_bypass.html
View File

@ -110,11 +110,13 @@ window.testResult = function(testname, result, msg) {
SimpleTest.waitForExplicitFinish();
// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_multi_policy_injection_bypass.html';
document.getElementById('cspframe2').src = 'file_multi_policy_injection_bypass_2.html';
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe').src = 'file_multi_policy_injection_bypass.html';
document.getElementById('cspframe2').src = 'file_multi_policy_injection_bypass_2.html';
});
</script>
</pre>
</body>

7
content/base/test/csp/test_subframe_run_js_if_allowed.html
View File

@ -13,6 +13,7 @@ allows this.
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<iframe id="i"></iframe>
<script class="testbody" type="text/javascript">
var javascript_link_ran = false;
@ -26,7 +27,11 @@ function checkResult()
}
SimpleTest.waitForExplicitFinish();
SpecialPowers.pushPrefEnv(
{'set':[["security.csp.speccompliant", true]]},
function() {
document.getElementById('i').src = 'file_subframe_run_js_if_allowed.html';
});
</script>
<iframe id="i" src="file_subframe_run_js_if_allowed.html"></iframe>
</body>
</html>

1
content/base/test/moz.build
View File

@ -6,6 +6,7 @@
TEST_TOOL_DIRS += [
'csp',
'xcsp',
'websocket_hybi',
]

4
content/base/test/xcsp/chrome.ini Normal file
View File

@ -0,0 +1,4 @@
[DEFAULT]
[test_csp_bug768029.html]
[test_csp_bug773891.html]

20
content/base/test/xcsp/file_CSP.css Normal file
View File

@ -0,0 +1,20 @@
/*
* Moved this CSS from an inline stylesheet to an external file when we added
* inline-style blocking in bug 763879.
* This test may hang if the load for this .css file is blocked due to a
* malfunction of CSP, but should pass if the style_good test passes.
*/
/* CSS font embedding tests */
@font-face {
font-family: "arbitrary_good";
src: url('file_CSP.sjs?testid=font_good&type=application/octet-stream');
}
@font-face {
font-family: "arbitrary_bad";
src: url('http://example.org/tests/content/base/test/xcsp/file_CSP.sjs?testid=font_bad&type=application/octet-stream');
}
.div_arbitrary_good { font-family: "arbitrary_good"; }
.div_arbitrary_bad { font-family: "arbitrary_bad"; }

26
content/base/test/xcsp/file_CSP.sjs Normal file
View File

@ -0,0 +1,26 @@
// SJS file for CSP mochitests
function handleRequest(request, response)
{
var query = {};
request.queryString.split('&').forEach(function (val) {
var [name, value] = val.split('=');
query[name] = unescape(value);
});
var isPreflight = request.method == "OPTIONS";
//avoid confusing cache behaviors
response.setHeader("Cache-Control", "no-cache", false);
if ("type" in query) {
response.setHeader("Content-Type", unescape(query['type']), false);
} else {
response.setHeader("Content-Type", "text/html", false);
}
if ("content" in query) {
response.write(unescape(query['content']));
}
}

0
content/base/test/csp/file_CSP_bug916446.html → content/base/test/xcsp/file_CSP_bug916446.html
View File

0
content/base/test/csp/file_CSP_bug916446.html^headers^ → content/base/test/xcsp/file_CSP_bug916446.html^headers^
View File

0
content/base/test/csp/file_CSP_evalscript_main_spec_compliant.html → content/base/test/xcsp/file_CSP_evalscript_main.html
View File

2
content/base/test/xcsp/file_CSP_evalscript_main.html^headers^ Normal file
View File

@ -0,0 +1,2 @@
Cache-Control: no-cache
X-Content-Security-Policy: default-src 'self'

126
content/base/test/xcsp/file_CSP_evalscript_main.js Normal file
View File

@ -0,0 +1,126 @@
// some javascript for the CSP eval() tests
function logResult(str, passed) {
var elt = document.createElement('div');
var color = passed ? "#cfc;" : "#fcc";
elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
elt.innerHTML = str;
document.body.appendChild(elt);
}
window._testResults = {};
// callback for when stuff is allowed by CSP
var onevalexecuted = (function(window) {
return function(shouldrun, what, data) {
window._testResults[what] = "ran";
window.parent.scriptRan(shouldrun, what, data);
logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
};})(window);
// callback for when stuff is blocked
var onevalblocked = (function(window) {
return function(shouldrun, what, data) {
window._testResults[what] = "blocked";
window.parent.scriptBlocked(shouldrun, what, data);
logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
};})(window);
// Defer until document is loaded so that we can write the pretty result boxes
// out.
addEventListener('load', function() {
// setTimeout(String) test -- mutate something in the window._testResults
// obj, then check it.
{
var str_setTimeoutWithStringRan = 'onevalexecuted(false, "setTimeout(String)", "setTimeout with a string was enabled.");';
function fcn_setTimeoutWithStringCheck() {
if (this._testResults["setTimeout(String)"] !== "ran") {
onevalblocked(false, "setTimeout(String)",
"setTimeout with a string was blocked");
}
}
setTimeout(fcn_setTimeoutWithStringCheck.bind(window), 10);
setTimeout(str_setTimeoutWithStringRan, 10);
}
// setTimeout(function) test -- mutate something in the window._testResults
// obj, then check it.
{
function fcn_setTimeoutWithFunctionRan() {
onevalexecuted(true, "setTimeout(function)",
"setTimeout with a function was enabled.")
}
function fcn_setTimeoutWithFunctionCheck() {
if (this._testResults["setTimeout(function)"] !== "ran") {
onevalblocked(true, "setTimeout(function)",
"setTimeout with a function was blocked");
}
}
setTimeout(fcn_setTimeoutWithFunctionRan.bind(window), 10);
setTimeout(fcn_setTimeoutWithFunctionCheck.bind(window), 10);
}
// eval() test -- should throw exception as per spec
try {
eval('onevalexecuted(false, "eval(String)", "eval() was enabled.");');
} catch (e) {
onevalblocked(false, "eval(String)",
"eval() was blocked");
}
// eval(foo,bar) test -- should throw exception as per spec
try {
eval('onevalexecuted(false, "eval(String,scope)", "eval() was enabled.");',1);
} catch (e) {
onevalblocked(false, "eval(String,object)",
"eval() with scope was blocked");
}
// [foo,bar].sort(eval) test -- should throw exception as per spec
try {
['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval);
} catch (e) {
onevalblocked(false, "[String, obj].sort(eval)",
"eval() with scope via sort was blocked");
}
// [].sort.call([foo,bar], eval) test -- should throw exception as per spec
try {
[].sort.call(['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval);
} catch (e) {
onevalblocked(false, "[].sort.call([String, obj], eval)",
"eval() with scope via sort/call was blocked");
}
// new Function() test -- should throw exception as per spec
try {
var fcn = new Function('onevalexecuted(false, "new Function(String)", "new Function(String) was enabled.");');
fcn();
} catch (e) {
onevalblocked(false, "new Function(String)",
"new Function(String) was blocked.");
}
// setTimeout(eval, 0, str)
{
// error is not catchable here, instead, we're going to side-effect
// 'worked'.
var worked = false;
setTimeout(eval, 0, 'worked = true');
setTimeout(function(worked) {
if (worked) {
onevalexecuted(false, "setTimeout(eval, 0, str)",
"setTimeout(eval, 0, string) was enabled.");
} else {
onevalblocked(false, "setTimeout(eval, 0, str)",
"setTimeout(eval, 0, str) was blocked.");
}
}, 0, worked);
}
}, false);

0
content/base/test/csp/file_CSP_evalscript_main_spec_compliant_getCRMFRequest.html → content/base/test/xcsp/file_CSP_evalscript_main_getCRMFRequest.html
View File

2
content/base/test/xcsp/file_CSP_evalscript_main_getCRMFRequest.html^headers^ Normal file
View File

@ -0,0 +1,2 @@
Cache-Control: no-cache
X-Content-Security-Policy: default-src 'self'

48
content/base/test/xcsp/file_CSP_evalscript_main_getCRMFRequest.js Normal file
View File

@ -0,0 +1,48 @@
// some javascript for the CSP eval() tests
function logResult(str, passed) {
var elt = document.createElement('div');
var color = passed ? "#cfc;" : "#fcc";
elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
elt.innerHTML = str;
document.body.appendChild(elt);
}
window._testResults = {};
// callback for when stuff is allowed by CSP
var onevalexecuted = (function(window) {
return function(shouldrun, what, data) {
window._testResults[what] = "ran";
window.parent.scriptRan(shouldrun, what, data);
logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
};})(window);
// callback for when stuff is blocked
var onevalblocked = (function(window) {
return function(shouldrun, what, data) {
window._testResults[what] = "blocked";
window.parent.scriptBlocked(shouldrun, what, data);
logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
};})(window);
// Defer until document is loaded so that we can write the pretty result boxes
// out.
addEventListener('load', function() {
// generateCRMFRequest test -- make sure we cannot eval the callback if CSP is in effect
try {
var script = 'console.log("dynamic script eval\'d in crypto.generateCRMFRequest should be disallowed")';
crypto.generateCRMFRequest('CN=0', 0, 0, null, script, 384, null, 'rsa-dual-use');
onevalexecuted(false, "crypto.generateCRMFRequest()",
"crypto.generateCRMFRequest() should not run!");
} catch (e) {
onevalblocked(false, "eval(script) inside crypto.generateCRMFRequest",
"eval was blocked during crypto.generateCRMFRequest");
}
}, false);

12
content/base/test/xcsp/file_CSP_evalscript_no_CSP_at_all.html Normal file
View File

@ -0,0 +1,12 @@
<html>
<head>
<title>CSP eval script tests: no CSP specified</title>
<script type="application/javascript"
src="file_CSP_evalscript_no_CSP_at_all.js"></script>
</head>
<body>
Foo. See bug 824652
</body>
</html>

1
content/base/test/xcsp/file_CSP_evalscript_no_CSP_at_all.html^headers^ Normal file
View File

@ -0,0 +1 @@
Cache-Control: no-cache

42
content/base/test/xcsp/file_CSP_evalscript_no_CSP_at_all.js Normal file
View File

@ -0,0 +1,42 @@
// some javascript for the CSP eval() tests
// all of these evals should succeed, as the document loading this script
// has script-src 'self' 'unsafe-eval'
function logResult(str, passed) {
var elt = document.createElement('div');
var color = passed ? "#cfc;" : "#fcc";
elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
elt.innerHTML = str;
document.body.appendChild(elt);
}
// callback for when stuff is allowed by CSP
var onevalexecuted = (function(window) {
return function(shouldrun, what, data) {
window.parent.scriptRan(shouldrun, what, data);
logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
};})(window);
// callback for when stuff is blocked
var onevalblocked = (function(window) {
return function(shouldrun, what, data) {
window.parent.scriptBlocked(shouldrun, what, data);
logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
};})(window);
// Defer until document is loaded so that we can write the pretty result boxes
// out.
addEventListener('load', function() {
// test that allows crypto.generateCRMFRequest eval to run when there is no CSP at all in place
try {
var script =
'console.log("dynamic script passed to crypto.generateCRMFRequest should execute")';
crypto.generateCRMFRequest('CN=0', 0, 0, null, script, 384, null, 'rsa-dual-use');
onevalexecuted(true, "eval(script) inside crypto.generateCRMFRequest: no CSP at all",
"eval executed during crypto.generateCRMFRequest where no CSP is set at all");
} catch (e) {
onevalblocked(true, "eval(script) inside crypto.generateCRMFRequest",
"eval was blocked during crypto.generateCRMFRequest");
}
}, false);

8
content/base/test/csp/file_CSP_frameancestors_spec_compliant.sjs → content/base/test/xcsp/file_CSP_frameancestors.sjs
View File

@ -15,7 +15,7 @@ function handleRequest(request, response)
// grab the desired policy from the query, and then serve a page
if (query['csp'])
response.setHeader("Content-Security-Policy",
response.setHeader("X-Content-Security-Policy",
unescape(query['csp']),
false);
if (query['scriptedreport']) {
@ -30,9 +30,9 @@ function handleRequest(request, response)
response.setHeader("Content-Type", "text/html", false);
response.write('<html><head>');
if (query['double'])
response.write('<script src="file_CSP_frameancestors_spec_compliant.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
else
response.write('<script src="file_CSP_frameancestors_spec_compliant.sjs?scriptedreport=' + query['testid'] + '"></script>');
response.write('<script src="file_CSP_frameancestors.sjs?double=1&scriptedreport=' + query['testid'] + '"></script>');
else
response.write('<script src="file_CSP_frameancestors.sjs?scriptedreport=' + query['testid'] + '"></script>');
response.write('</head><body>');
response.write(unescape(query['internalframe']));
response.write('</body></html>');

24
content/base/test/csp/file_CSP_frameancestors_main_spec_compliant.html → content/base/test/xcsp/file_CSP_frameancestors_main.html
View File

@ -3,41 +3,41 @@
<title>CSP frame ancestors tests</title>
<!-- this page shouldn't have a CSP, just the sub-pages. -->
<script src='file_CSP_frameancestors_main_spec_compliant.js'></script>
<script src='file_CSP_frameancestors_main.js'></script>
</head>
<body>
<!-- These iframes will get populated by the attached javascript. -->
<tt> aa_allow: /* innermost frame allows a */</tt><br/>
<iframe id='aa_allow_spec_compliant'></iframe><br/>
<iframe id='aa_allow'></iframe><br/>
<tt> aa_block: /* innermost frame denies a */</tt><br/>
<iframe id='aa_block_spec_compliant'></iframe><br/>
<iframe id='aa_block'></iframe><br/>
<tt> ab_allow: /* innermost frame allows a */</tt><br/>
<iframe id='ab_allow_spec_compliant'></iframe><br/>
<iframe id='ab_allow'></iframe><br/>
<tt> ab_block: /* innermost frame denies a */</tt><br/>
<iframe id='ab_block_spec_compliant'></iframe><br/>
<iframe id='ab_block'></iframe><br/>
<tt> aba_allow: /* innermost frame allows b,a */</tt><br/>
<iframe id='aba_allow_spec_compliant'></iframe><br/>
<iframe id='aba_allow'></iframe><br/>
<tt> aba_block: /* innermost frame denies b */</tt><br/>
<iframe id='aba_block_spec_compliant'></iframe><br/>
<iframe id='aba_block'></iframe><br/>
<tt> aba2_block: /* innermost frame denies a */</tt><br/>
<iframe id='aba2_block_spec_compliant'></iframe><br/>
<iframe id='aba2_block'></iframe><br/>
<tt> abb_allow: /* innermost frame allows b,a */</tt><br/>
<iframe id='abb_allow_spec_compliant'></iframe><br/>
<iframe id='abb_allow'></iframe><br/>
<tt> abb_block: /* innermost frame denies b */</tt><br/>
<iframe id='abb_block_spec_compliant'></iframe><br/>
<iframe id='abb_block'></iframe><br/>
<tt> abb2_block: /* innermost frame denies a */</tt><br/>
<iframe id='abb2_block_spec_compliant'></iframe><br/>
<iframe id='abb2_block'></iframe><br/>
</body>

65
content/base/test/xcsp/file_CSP_frameancestors_main.js Normal file
View File

@ -0,0 +1,65 @@
// Script to populate the test frames in the frame ancestors mochitest.
//
function setupFrames() {
var $ = function(v) { return document.getElementById(v); }
var base = {
self: '/tests/content/base/test/xcsp/file_CSP_frameancestors.sjs',
a: 'http://mochi.test:8888/tests/content/base/test/xcsp/file_CSP_frameancestors.sjs',
b: 'http://example.com/tests/content/base/test/xcsp/file_CSP_frameancestors.sjs'
};
var host = { a: 'http://mochi.test:8888', b: 'http://example.com:80' };
var innerframeuri = null;
var elt = null;
elt = $('aa_allow');
elt.src = base.a + "?testid=aa_allow&internalframe=aa_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt = $('aa_block');
elt.src = base.a + "?testid=aa_block&internalframe=aa_b&csp=" +
escape("allow 'none'; frame-ancestors 'none'; script-src 'self'");
elt = $('ab_allow');
elt.src = base.b + "?testid=ab_allow&internalframe=ab_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt = $('ab_block');
elt.src = base.b + "?testid=ab_block&internalframe=ab_b&csp=" +
escape("allow 'none'; frame-ancestors 'none'; script-src 'self'");
/* .... two-level framing */
elt = $('aba_allow');
innerframeuri = base.a + "?testid=aba_allow&double=1&internalframe=aba_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('aba_block');
innerframeuri = base.a + "?testid=aba_allow&double=1&internalframe=aba_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('aba2_block');
innerframeuri = base.a + "?testid=aba_allow&double=1&internalframe=aba2_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb_allow');
innerframeuri = base.b + "?testid=abb_allow&double=1&internalframe=abb_a&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + " " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb_block');
innerframeuri = base.b + "?testid=abb_allow&double=1&internalframe=abb_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
elt = $('abb2_block');
innerframeuri = base.b + "?testid=abb_allow&double=1&internalframe=abb2_b&csp=" +
escape("allow 'none'; frame-ancestors " + host.b + "; script-src 'self'");
elt.src = base.b + "?externalframe=" + escape('<iframe src="' + innerframeuri + '"></iframe>');
}
window.addEventListener('load', setupFrames, false);

7
content/base/test/csp/file_CSP_inlinescript_main_spec_compliant.html → content/base/test/xcsp/file_CSP_inlinescript_main.html
View File

@ -1,3 +1,8 @@
<!--
-- The original CSP implementation predates the CSP 1.0 spec and didn't
-- block inline styles, so when the prefixed X-Content-Security-Policy header is used,
-- as it is for this file, inline styles should be allowed.
-->
<html>
<head>
<title>CSP inline script tests</title>
@ -8,7 +13,7 @@
window.parent.scriptRan(false, "textnode", "text node in a script tag executed.");
</script>
<iframe src='javascript:window.parent.parent.scriptRan(false, "jsuri", "javascript: uri in image tag")' ></iframe>
<iframe src='javascript:window.parent.parent.scriptRan(false, "jsuri", "javascript: uri in image tag")'></iframe>
<a id='anchortoclick' href='javascript:window.parent.scriptRan(false, "jsuri", "javascript: uri in anchor tag ran when clicked.");'>stuff</a>
</body>

2
content/base/test/xcsp/file_CSP_inlinescript_main.html^headers^ Normal file
View File

@ -0,0 +1,2 @@
X-Content-Security-Policy: allow 'self'
Cache-Control: no-cache

42
content/base/test/csp/file_CSP_inlinestyle_main_spec_compliant.html → content/base/test/xcsp/file_CSP_inlinestyle_main.html
View File

@ -5,36 +5,20 @@
<!-- content= "div#linkstylediv { color: #0f0; }" -->
<link rel="stylesheet" type="text/css"
href='file_CSP.sjs?type=text/css&content=div%23linkstylediv%20%7B%20color%3A%20%230f0%3B%20%7D' />
<!-- content= "div#modifycsstextdiv { color: #0f0; }" -->
<link rel="stylesheet" type="text/css"
href='file_CSP.sjs?type=text/css&content=div%23modifycsstextdiv%20%7B%20color%3A%20%23f00%3B%20%7D' />
<script>
function cssTest() {
var elem = document.getElementById('csstextstylediv');
elem.style.cssText = "color: #00FF00;";
getComputedStyle(elem, null).color;
document.styleSheets[1].cssRules[0].style.cssText = "color: #00FF00;";
elem = document.getElementById('modifycsstextdiv');
getComputedStyle(elem, null).color;
}
</script>
</head>
<body onload='cssTest()'>
<body>
<style type="text/css">
div#inlinestylediv {
color: #FF0000;
color: #00ff00;
}
</style>
<div id='linkstylediv'>Link tag (external) stylesheet test (should be green)</div>
<div id='inlinestylediv'>Inline stylesheet test (should be black)</div>
<div id='attrstylediv' style="color: #FF0000;">Attribute stylesheet test (should be black)</div>
<div id='csstextstylediv'>cssText test (should be black)</div>
<div id='modifycsstextdiv'> modify rule from style sheet via cssText(should be green) </div>
<div id='attrstylediv' style="color: #00ff00;">Attribute stylesheet test (should be green)</div>
<div id='inlinestylediv'>Inline stylesheet test (should be green)</div>
<!-- tests for SMIL stuff - animations -->
<!-- tests for SMIL stuff - animations -->
<svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
width="100%"
@ -42,38 +26,38 @@
<!-- Animates XML attribute, which is mapped into style. -->
<text id="xmlTest" x="0" y="15">
This shouldn't be red since the animation should be blocked by CSP.
This should be green since the animation should be allowed by CSP.
<animate attributeName="fill" attributeType="XML"
values="red;orange;red" dur="2s"
values="lime;green;lime" dur="2s"
repeatCount="indefinite" />
</text>
<!-- Animates override value for CSS property. -->
<text id="cssOverrideTest" x="0" y="35">
This shouldn't be red since the animation should be blocked by CSP.
This should be green since the animation should be allowed by CSP.
<animate attributeName="fill" attributeType="CSS"
values="red;orange;red" dur="2s"
values="lime;green;lime" dur="2s"
repeatCount="indefinite" />
</text>
<!-- Animates override value for CSS property targeted via ID. -->
<text id="cssOverrideTestById" x="0" y="55">
This shouldn't be red since the animation should be blocked by CSP.
This should be green since the animation should be allowed by CSP.
</text>
<animate xlink:href="#cssOverrideTestById"
attributeName="fill"
values="red;orange;red"
values="lime;green;lime"
dur="2s" repeatCount="indefinite" />
<!-- Sets value for CSS property targeted via ID. -->
<text id="cssSetTestById" x="0" y="75">
This shouldn't be red since the &lt;set&gt; should be blocked by CSP.
This should be green since the &lt;set&gt; should be allowed by CSP.
</text>
<set xlink:href="#cssSetTestById"
attributeName="fill"
to="red" />
to="lime" />
</svg>
</body>
</html>

2
content/base/test/xcsp/file_CSP_inlinestyle_main.html^headers^ Normal file
View File

@ -0,0 +1,2 @@
X-Content-Security-Policy: default-src 'self'
Cache-Control: no-cache

45
content/base/test/xcsp/file_CSP_main.html Normal file
View File

@ -0,0 +1,45 @@
<html>
<head>
<link rel='stylesheet' type='text/css'
href='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=style_bad&type=text/css' />
<link rel='stylesheet' type='text/css'
href='file_CSP.sjs?testid=style_good&type=text/css' />
<!-- Used to embed inline styles here for testing fonts, but can't do that -->
<!-- due to bug 763879 (block inline styles). Moved these to an external, CSS -->
<!-- file (file_CSP.css). -->
<link rel='stylesheet' type='text/css' href='file_CSP.css' />
</head>
<body>
<!-- these should be stopped by CSP. :) -->
<img src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=img_bad&type=img/png"> </img>
<audio src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=media_bad&type=audio/vorbis"></audio>
<script src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=script_bad&type=text/javascript'></script>
<iframe src='http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=frame_bad&content=FAIL'></iframe>
<object width="10" height="10">
<param name="movie" value="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash">
<embed src="http://example.org/tests/content/base/test/csp/file_CSP.sjs?testid=object_bad&type=application/x-shockwave-flash"></embed>
</object>
<!-- these should load ok. :) -->
<img src="file_CSP.sjs?testid=img_good&type=img/png" />
<audio src="file_CSP.sjs?testid=media_good&type=audio/vorbis"></audio>
<script src='file_CSP.sjs?testid=script_good&type=text/javascript'></script>
<iframe src='file_CSP.sjs?testid=frame_good&content=PASS'></iframe>
<object width="10" height="10">
<param name="movie" value="file_CSP.sjs?testid=object_good&type=application/x-shockwave-flash">
<embed src="file_CSP.sjs?testid=object_good&type=application/x-shockwave-flash"></embed>
</object>
<!-- XHR tests... they're taken care of in this script,
and since the URI doesn't have any 'testid' values,
it will just be ignored by the test framework. -->
<script src='file_CSP_main.js'></script>
<!-- Support elements for the @font-face test -->
<div class="div_arbitrary_good">arbitrary good</div>
<div class="div_arbitrary_bad">arbitrary_bad</div>
</body>
</html>

Some files were not shown because too many files have changed in this diff Show More