mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
173 lines
6.4 KiB
HTML
173 lines
6.4 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<title>Test for Login Manager</title>
|
|
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
|
|
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<script type="text/javascript" src="pwmgr_common.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
Login Manager test: 360493
|
|
<p id="display"></p>
|
|
<div id="content" style="display: none">
|
|
|
|
<!-- The tests in this page exercise things that shouldn't work. -->
|
|
|
|
<!-- Change port # of action URL from 8888 to 7777 -->
|
|
<form action="http://localhost:7777/tests/toolkit/components/passwordmgr/test/formtest.js" method="get">
|
|
<input type="text" name="uname1" value="">
|
|
<input type="password" name="pword1" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- No port # in action URL -->
|
|
<form action="http://localhost/tests/toolkit/components/passwordmgr/test/formtest.js" method="get">
|
|
<input type="text" name="uname2" value="">
|
|
<input type="password" name="pword2" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Change protocol from http:// to ftp://, include the expected 8888 port # -->
|
|
<form action="ftp://localhost:8888/tests/toolkit/components/passwordmgr/test/formtest.js" method="get">
|
|
<input type="text" name="uname3" value="">
|
|
<input type="password" name="pword3" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Change protocol from http:// to ftp://, no port # specified -->
|
|
<form action="ftp://localhost/tests/toolkit/components/passwordmgr/test/formtest.js" method="get">
|
|
<input type="text" name="uname4" value="">
|
|
<input type="password" name="pword4" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Try a weird URL. -->
|
|
<form action="about:blank" method="get">
|
|
<input type="text" name="uname5" value="">
|
|
<input type="password" name="pword5" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Try a weird URL. (If the normal embedded action URL doesn't work, that should mean other URLs won't either) -->
|
|
<form action="view-source:http://localhost:8888/tests/toolkit/components/passwordmgr/test/formtest.js" method="get">
|
|
<input type="text" name="uname6" value="">
|
|
<input type="password" name="pword6" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Try a weird URL. -->
|
|
<form action="view-source:formtest.js" method="get">
|
|
<input type="text" name="uname7" value="">
|
|
<input type="password" name="pword7" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Action URL points to a different host (this is the archetypical exploit) -->
|
|
<form action="http://www.cnn.com/" method="get">
|
|
<input type="text" name="uname8" value="">
|
|
<input type="password" name="pword8" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Action URL points to a different host, user field prefilled -->
|
|
<form action="http://www.cnn.com/" method="get">
|
|
<input type="text" name="uname9" value="testuser9">
|
|
<input type="password" name="pword9" value="">
|
|
|
|
<button type="submit">Submit</button>
|
|
<button type="reset"> Reset </button>
|
|
</form>
|
|
|
|
<!-- Try wrapping a evil form around a good form, to see if we can confuse the parser. -->
|
|
<form action="http://www.cnn.com/" method="get">
|
|
<form action="formtest.js" method="get">
|
|
<input type="text" name="uname10" value="">
|
|
<input type="password" name="pword10" value="">
|
|
|
|
<button type="submit">Submit (inner)</button>
|
|
<button type="reset"> Reset (inner)</button>
|
|
</form>
|
|
<button type="submit" id="neutered_submit10">Submit (outer)</button>
|
|
<button type="reset">Reset (outer)</button>
|
|
</form>
|
|
|
|
<!-- Try wrapping a good form around an evil form, to see if we can confuse the parser. -->
|
|
<form action="formtest.js" method="get">
|
|
<form action="http://www.cnn.com/" method="get">
|
|
<input type="text" name="uname11" value="">
|
|
<input type="password" name="pword11" value="">
|
|
|
|
<button type="submit">Submit (inner)</button>
|
|
<button type="reset"> Reset (inner)</button>
|
|
</form>
|
|
<button type="submit" id="neutered_submit11">Submit (outer)</button>
|
|
<button type="reset">Reset (outer)</button>
|
|
</form>
|
|
|
|
<!-- TODO: probably should have some accounts which have no port # in the action url. JS too. And different host/proto. -->
|
|
<!-- TODO: www.site.com vs. site.com? -->
|
|
<!-- TODO: foo.site.com vs. bar.site.com? -->
|
|
|
|
</div>
|
|
<pre id="test">
|
|
<script class="testbody" type="text/javascript">
|
|
|
|
/** Test for Login Manager: 360493 (Cross-Site Forms + Password Manager = Security Failure) **/
|
|
|
|
function startTest() {
|
|
for (var i = 1; i <= 8; i++) {
|
|
// Check form i
|
|
is($_("uname" + i).value, "", "Checking for unfilled username " + i);
|
|
is($_("pword" + i).value, "", "Checking for unfilled password " + i);
|
|
}
|
|
|
|
is($_("uname9").value, "testuser9", "Checking for unmodified username 9");
|
|
is($_("pword9").value, "", "Checking for unfilled password 9");
|
|
|
|
is($_("uname10").value, "", "Checking for unfilled username 10");
|
|
is($_("pword10").value, "", "Checking for unfilled password 10");
|
|
|
|
// The DOM indicates this form could be filled, as the evil inner form
|
|
// is discarded. And yet pwmgr seems not to fill it. Not sure why.
|
|
todo(false, "Mangled form combo not being filled when maybe it could be?");
|
|
is($_("uname11").value, "", "Checking for unfilled username 11");
|
|
is($_("pword11").value, "", "Checking for unfilled password 11");
|
|
|
|
// Verify this by making sure there are no extra forms in the document, and that
|
|
// the submit button for the neutered forms don't do anything.
|
|
// If the test finds extra forms the submit() causes the test to timeout, then
|
|
// there may be a security issue.
|
|
is(document.forms.length, 11, "Checking for unexpected forms");
|
|
$("neutered_submit10").click();
|
|
$("neutered_submit11").click();
|
|
|
|
SimpleTest.finish();
|
|
}
|
|
|
|
window.onload = startTest;
|
|
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
</script>
|
|
</pre>
|
|
</body>
|
|
</html>
|
|
|