mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-28 07:13:20 +00:00
Bug 1328824 - Test if about:blocked can be loaded in a secure context. r=Gijs
MozReview-Commit-ID: GQAfd4xuRJT --HG-- extra : amend_source : 65fdbfa64ab205040a5e8a825b9196936167dbaf
This commit is contained in:
parent
2931855a6f
commit
4365be8782
@ -135,7 +135,7 @@
|
||||
}
|
||||
|
||||
// Inform the test harness that we're done loading the page
|
||||
var event = new CustomEvent("AboutBlockedLoaded");
|
||||
var event = new CustomEvent("AboutBlockedLoaded", {bubbles:true});
|
||||
document.dispatchEvent(event);
|
||||
}
|
||||
]]></script>
|
||||
|
@ -1,8 +1,11 @@
|
||||
[DEFAULT]
|
||||
support-files = head.js
|
||||
support-files =
|
||||
head.js
|
||||
empty_file.html
|
||||
|
||||
[browser_bug400731.js]
|
||||
[browser_bug415846.js]
|
||||
# Disabled on Mac because of its bizarre special-and-unique snowflake of a help menu.
|
||||
skip-if = os == "mac" || e10s # e10s: Bug 1248632
|
||||
[browser_whitelisted.js]
|
||||
[browser_mixedcontent_aboutblocked.js]
|
||||
|
@ -0,0 +1,74 @@
|
||||
/* Any copyright is dedicated to the Public Domain.
|
||||
* http://creativecommons.org/publicdomain/zero/1.0/ */
|
||||
|
||||
const { classes: Cc, interfaces: Ci, results: Cr } = Components;
|
||||
|
||||
// This url must sync with the table, url in SafeBrowsing.jsm addMozEntries
|
||||
const PHISH_TABLE = "test-phish-simple";
|
||||
const PHISH_URL = "https://www.itisatrap.org/firefox/its-a-trap.html";
|
||||
|
||||
const SECURE_CONTAINER_URL = "https://example.com/browser/browser/components/safebrowsing/content/test/empty_file.html";
|
||||
|
||||
// This function is mostly ported from classifierCommon.js
|
||||
// under toolkit/components/url-classifier/tests/mochitest.
|
||||
function waitForDBInit(callback) {
|
||||
// Since there are two cases that may trigger the callback,
|
||||
// we have to carefully avoid multiple callbacks and observer
|
||||
// leaking.
|
||||
let didCallback = false;
|
||||
function callbackOnce() {
|
||||
Services.obs.removeObserver(obsFunc, "mozentries-update-finished");
|
||||
if (!didCallback) {
|
||||
callback();
|
||||
}
|
||||
didCallback = true;
|
||||
}
|
||||
|
||||
// The first part: listen to internal event.
|
||||
function obsFunc() {
|
||||
ok(true, "Received internal event!");
|
||||
callbackOnce();
|
||||
}
|
||||
Services.obs.addObserver(obsFunc, "mozentries-update-finished", false);
|
||||
|
||||
// The second part: we might have missed the event. Just do
|
||||
// an internal database lookup to confirm if the url has been
|
||||
// added.
|
||||
let principal = Services.scriptSecurityManager
|
||||
.createCodebasePrincipal(Services.io.newURI(PHISH_URL), {});
|
||||
|
||||
let dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
|
||||
.getService(Ci.nsIUrlClassifierDBService);
|
||||
dbService.lookup(principal, PHISH_TABLE, value => {
|
||||
if (value === PHISH_TABLE) {
|
||||
ok(true, "DB lookup success!");
|
||||
callbackOnce();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
add_task(function* testNormalBrowsing() {
|
||||
yield BrowserTestUtils.withNewTab(SECURE_CONTAINER_URL, function* (browser) {
|
||||
// Before we load the phish url, we have to make sure the hard-coded
|
||||
// black list has been added to the database.
|
||||
yield new Promise(resolve => waitForDBInit(resolve));
|
||||
|
||||
yield ContentTask.spawn(browser, PHISH_URL, function* (aPhishUrl) {
|
||||
return new Promise(resolve => {
|
||||
// Register listener before loading phish URL.
|
||||
let listener = e => {
|
||||
removeEventListener("AboutBlockedLoaded", listener, false, true);
|
||||
resolve();
|
||||
};
|
||||
addEventListener("AboutBlockedLoaded", listener, false, true);
|
||||
|
||||
// Create an iframe which is going to load a phish url.
|
||||
let iframe = content.document.createElement("iframe");
|
||||
iframe.src = aPhishUrl;
|
||||
content.document.body.appendChild(iframe);
|
||||
});
|
||||
});
|
||||
|
||||
ok(true, "about:blocked is successfully loaded!");
|
||||
});
|
||||
});
|
@ -0,0 +1 @@
|
||||
<html><body></body></html>
|
@ -25,9 +25,9 @@
|
||||
#
|
||||
# "primary" denotes a location which is the canonical location of
|
||||
# the server; this location is the one assumed for requests which don't
|
||||
# otherwise identify a particular origin (e.g. HTTP/1.0 requests).
|
||||
# otherwise identify a particular origin (e.g. HTTP/1.0 requests).
|
||||
#
|
||||
# "privileged" denotes a location which should have the ability to request
|
||||
# "privileged" denotes a location which should have the ability to request
|
||||
# elevated privileges; the default is no privileges.
|
||||
#
|
||||
# "nocert" makes sense only for https:// hosts and means there is not
|
||||
@ -125,6 +125,7 @@ http://fxfeeds.mozilla.com:80
|
||||
# Prevent safebrowsing tests from hitting the network for its-a-trap.html and
|
||||
# its-an-attack.html.
|
||||
http://www.itisatrap.org:80
|
||||
https://www.itisatrap.org:443
|
||||
|
||||
#
|
||||
# These are subdomains of <ält.example.org>.
|
||||
|
Loading…
Reference in New Issue
Block a user