gecko/content/base/test/file_mixed_content_main.html

<!DOCTYPE HTML>
<html>
<!--
Tests for Mixed Content Blocker
https://bugzilla.mozilla.org/show_bug.cgi?id=62178
-->
<head>
  <meta charset="utf-8">
  <title>Tests for Bug 62178</title>
  <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
</head>
<body>
<div id="testContent"></div>

<!-- types the Mixed Content Blocker can block
     /*
  switch (aContentType) {
  case nsIContentPolicy::TYPE_OBJECT:
  case nsIContentPolicy::TYPE_SCRIPT:
  case nsIContentPolicy::TYPE_STYLESHEET:
  case nsIContentPolicy::TYPE_SUBDOCUMENT:
  case nsIContentPolicy::TYPE_XMLHTTPREQUEST:

  case nsIContentPolicy::TYPE_FONT: - NO TEST:
    Load events for external fonts are not detectable by javascript.
  case nsIContentPolicy::TYPE_WEBSOCKET: - NO TEST:
    websocket connections over https require an encrypted websocket protocol (wss:)

  case nsIContentPolicy::TYPE_IMAGE:
  case nsIContentPolicy::TYPE_MEDIA:
  case nsIContentPolicy::TYPE_PING:
    our ping implementation is off by default and does not comply with the current spec (bug 786347)
  case nsIContentPolicy::TYPE_BEACON:

  }
     */
-->

<script>
  var baseUrl = "http://example.com/tests/content/base/test/file_mixed_content_server.sjs";

  //For tests that require setTimeout, set the maximum polling time to 100 x 100ms = 10 seconds.
  var MAX_COUNT = 100;
  var TIMEOUT_INTERVAL = 100;

  var testContent = document.getElementById("testContent");

  /* Part 1: Mixed Script tests */

  // Test 1a: insecure object
  var object = document.createElement("object");
  object.data = baseUrl + "?type=object";
  object.type = "application/x-test";
  object.width = "200";
  object.height = "200";

  testContent.appendChild(object);

  var objectCount = 0;

  function objectStatus(object) {
    // Expose our privileged bits on the object
    object = SpecialPowers.wrap(object);

    if (object.displayedType != SpecialPowers.Ci.nsIObjectLoadingContent.TYPE_NULL) {
      //object loaded
      parent.postMessage({"test": "object", "msg": "insecure object loaded"}, "http://mochi.test:8888");
    }
    else {
      if(objectCount < MAX_COUNT) {
        objectCount++;
        setTimeout(objectStatus, TIMEOUT_INTERVAL, object);
      }
      else {
        //After we have called setTimeout the maximum number of times, assume object is blocked
        parent.postMessage({"test": "object", "msg": "insecure object blocked"}, "http://mochi.test:8888");
      }
    }
  }

  // object does not have onload and onerror events. Hence we need a setTimeout to check the object's status
  setTimeout(objectStatus, TIMEOUT_INTERVAL, object);

  // Test 1b: insecure script
  var script = document.createElement("script");
  var scriptLoad = false;
  var scriptCount = 0;
  script.src = baseUrl + "?type=script";
  script.onload = function() {
    parent.postMessage({"test": "script", "msg": "insecure script loaded"}, "http://mochi.test:8888");
    scriptLoad = true;
  }
  testContent.appendChild(script);

  function scriptStatus(script)
  {
    if(scriptLoad) {
      return;
    }
    else {
      if(scriptCount < MAX_COUNT) {
        scriptCount++;
        setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);
      }
      else {
        //After we have called setTimeout the maximum number of times, assume script is blocked
        parent.postMessage({"test": "script", "msg": "insecure script blocked"}, "http://mochi.test:8888");
      }
    }
  }

  // scripts blocked by Content Policy's do not have onerror events (see bug 789856).  Hence we need a setTimeout to check the script's status
  setTimeout(scriptStatus, TIMEOUT_INTERVAL, script);


  // Test 1c: insecure stylesheet
  var cssStyleSheet = document.createElement("link");
  cssStyleSheet.rel = "stylesheet";
  cssStyleSheet.href = baseUrl + "?type=stylesheet";
  cssStyleSheet.type = "text/css";
  testContent.appendChild(cssStyleSheet);

  var styleCount = 0;

  function styleStatus(cssStyleSheet) {
    if( cssStyleSheet.sheet || cssStyleSheet.styleSheet || cssStyleSheet.innerHTML ) {
      parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet loaded"}, "http://mochi.test:8888");
    } 
    else {
      if(styleCount < MAX_COUNT) {
        styleCount++;
        setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);
      }
      else {
        //After we have called setTimeout the maximum number of times, assume stylesheet is blocked
        parent.postMessage({"test": "stylesheet", "msg": "insecure stylesheet blocked"}, "http://mochi.test:8888");
      }
    }
  }

  // link does not have onload and onerror events. Hence we need a setTimeout to check the link's status
  window.setTimeout(styleStatus, TIMEOUT_INTERVAL, cssStyleSheet);

  // Test 1d: insecure iframe
  var iframe = document.createElement("iframe");
  iframe.src = baseUrl + "?type=iframe";
  iframe.onload = function() {
    parent.postMessage({"test": "iframe", "msg": "insecure iframe loaded"}, "http://mochi.test:8888");
  }
  iframe.onerror = function() {
    parent.postMessage({"test": "iframe", "msg": "insecure iframe blocked"}, "http://mochi.test:8888");
  };
  testContent.appendChild(iframe);


  // Test 1e: insecure xhr
  var xhrsuccess = true;
  var xhr = new XMLHttpRequest;
  try {
    xhr.open("GET", baseUrl + "?type=xhr", true);
  } catch(ex) {
     xhrsuccess = false;
     parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
  }

  if(xhrsuccess) {
    xhr.onreadystatechange = function (oEvent) {
      var result = false;
      if (xhr.readyState == 4) {
        if (xhr.status == 200) {
          parent.postMessage({"test": "xhr", "msg": "insecure xhr loaded"}, "http://mochi.test:8888");
        }
        else {
          parent.postMessage({"test": "xhr", "msg": "insecure xhr blocked"}, "http://mochi.test:8888");
        }
      }
    }

    xhr.send(null);
  }

  /* Part 2: Mixed Display tests */

  // Test 2a: insecure image
  var img = document.createElement("img");
  img.src = "http://mochi.test:8888/tests/image/test/mochitest/blue.png";
  img.onload = function() {
    parent.postMessage({"test": "image", "msg": "insecure image loaded"}, "http://mochi.test:8888");
  }
  img.onerror = function() {
    parent.postMessage({"test": "image", "msg": "insecure image blocked"}, "http://mochi.test:8888");
  }
  // We don't need to append the image to the document. Doing so causes the image test to run twice.


  // Test 2b: insecure media
  var media = document.createElement("video");
  media.src = "http://mochi.test:8888/tests/content/media/test/320x240.ogv?" + Math.floor((Math.random()*1000)+1);
  media.width = "320";
  media.height = "200";
  media.type = "video/ogg";
  media.onloadeddata = function() {
    parent.postMessage({"test": "media", "msg": "insecure media loaded"}, "http://mochi.test:8888");
  }
  media.onerror = function() {
    parent.postMessage({"test": "media", "msg": "insecure media blocked"}, "http://mochi.test:8888");
  }
  // We don't need to append the video to the document. Doing so causes the image test to run twice.

</script>
</body>
</html>