Bug 1328824 - Test if about:blocked can be loaded in a secure context. r=Gijs

MozReview-Commit-ID: GQAfd4xuRJT

--HG--
extra : amend_source : 65fdbfa64ab205040a5e8a825b9196936167dbaf
This commit is contained in:
Henry 2017-01-13 00:08:45 +08:00
parent 2931855a6f
commit 4365be8782
5 changed files with 83 additions and 4 deletions

View File

@ -135,7 +135,7 @@
}
// Inform the test harness that we're done loading the page
var event = new CustomEvent("AboutBlockedLoaded");
var event = new CustomEvent("AboutBlockedLoaded", {bubbles:true});
document.dispatchEvent(event);
}
]]></script>

View File

@ -1,8 +1,11 @@
[DEFAULT]
support-files = head.js
support-files =
head.js
empty_file.html
[browser_bug400731.js]
[browser_bug415846.js]
# Disabled on Mac because of its bizarre special-and-unique snowflake of a help menu.
skip-if = os == "mac" || e10s # e10s: Bug 1248632
[browser_whitelisted.js]
[browser_mixedcontent_aboutblocked.js]

View File

@ -0,0 +1,74 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
const { classes: Cc, interfaces: Ci, results: Cr } = Components;
// This url must sync with the table, url in SafeBrowsing.jsm addMozEntries
const PHISH_TABLE = "test-phish-simple";
const PHISH_URL = "https://www.itisatrap.org/firefox/its-a-trap.html";
const SECURE_CONTAINER_URL = "https://example.com/browser/browser/components/safebrowsing/content/test/empty_file.html";
// This function is mostly ported from classifierCommon.js
// under toolkit/components/url-classifier/tests/mochitest.
function waitForDBInit(callback) {
// Since there are two cases that may trigger the callback,
// we have to carefully avoid multiple callbacks and observer
// leaking.
let didCallback = false;
function callbackOnce() {
Services.obs.removeObserver(obsFunc, "mozentries-update-finished");
if (!didCallback) {
callback();
}
didCallback = true;
}
// The first part: listen to internal event.
function obsFunc() {
ok(true, "Received internal event!");
callbackOnce();
}
Services.obs.addObserver(obsFunc, "mozentries-update-finished", false);
// The second part: we might have missed the event. Just do
// an internal database lookup to confirm if the url has been
// added.
let principal = Services.scriptSecurityManager
.createCodebasePrincipal(Services.io.newURI(PHISH_URL), {});
let dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
.getService(Ci.nsIUrlClassifierDBService);
dbService.lookup(principal, PHISH_TABLE, value => {
if (value === PHISH_TABLE) {
ok(true, "DB lookup success!");
callbackOnce();
}
});
}
add_task(function* testNormalBrowsing() {
yield BrowserTestUtils.withNewTab(SECURE_CONTAINER_URL, function* (browser) {
// Before we load the phish url, we have to make sure the hard-coded
// black list has been added to the database.
yield new Promise(resolve => waitForDBInit(resolve));
yield ContentTask.spawn(browser, PHISH_URL, function* (aPhishUrl) {
return new Promise(resolve => {
// Register listener before loading phish URL.
let listener = e => {
removeEventListener("AboutBlockedLoaded", listener, false, true);
resolve();
};
addEventListener("AboutBlockedLoaded", listener, false, true);
// Create an iframe which is going to load a phish url.
let iframe = content.document.createElement("iframe");
iframe.src = aPhishUrl;
content.document.body.appendChild(iframe);
});
});
ok(true, "about:blocked is successfully loaded!");
});
});

View File

@ -0,0 +1 @@
<html><body></body></html>

View File

@ -25,9 +25,9 @@
#
# "primary" denotes a location which is the canonical location of
# the server; this location is the one assumed for requests which don't
# otherwise identify a particular origin (e.g. HTTP/1.0 requests).
# otherwise identify a particular origin (e.g. HTTP/1.0 requests).
#
# "privileged" denotes a location which should have the ability to request
# "privileged" denotes a location which should have the ability to request
# elevated privileges; the default is no privileges.
#
# "nocert" makes sense only for https:// hosts and means there is not
@ -125,6 +125,7 @@ http://fxfeeds.mozilla.com:80
# Prevent safebrowsing tests from hitting the network for its-a-trap.html and
# its-an-attack.html.
http://www.itisatrap.org:80
https://www.itisatrap.org:443
#
# These are subdomains of <ält.example.org>.