Bug 1182551 - HTTP top level page with HTTPS mixed passive frame should have STATE_IS_INSECURE. r=ttaubert

2024-11-30 00:01:50 +00:00 · 2015-08-13 17:13:51 -07:00 · 2015-08-13 17:13:51 -07:00 · 550a74f51e
commit 550a74f51e
parent 7b0ea8ee04
7 changed files with 115 additions and 29 deletions
--- a/browser/base/content/test/general/browser.ini
+++ b/browser/base/content/test/general/browser.ini
@ -55,6 +55,8 @@ support-files =
  file_mixedContentFromOnunload.html
  file_mixedContentFromOnunload_test1.html
  file_mixedContentFromOnunload_test2.html
+  file_mixedContentFramesOnHttp.html
+  file_mixedPassiveContent.html
  file_bug970276_popup1.html
  file_bug970276_popup2.html
  file_bug970276_favicon1.ico
@ -271,6 +273,9 @@ tags = mcb
 tags = mcb
 skip-if = buildapp == "mulet" || e10s # Bug 1093642 - test manipulates content and relies on content focus
 [browser_mixedContentFromOnunload.js]
+tags = mcb
+[browser_mixedContentFramesOnHttp.js]
+tags = mcb
 [browser_bug970746.js]
 [browser_bug1015721.js]
 skip-if = os == 'win' || e10s # Bug 1159268 - Need a content-process safe version of synthesizeWheel
@ -488,6 +493,7 @@ skip-if = buildapp == 'mulet'
 skip-if = e10s # Bug 1094240 - has findbar-related failures
 [browser_registerProtocolHandler_notification.js]
 [browser_no_mcb_on_http_site.js]
+tags = mcb
 [browser_bug1104165-switchtab-decodeuri.js]
 [browser_bug1003461-switchtab-override.js]
 [browser_bug1024133-switchtab-override-keynav.js]
--- a/browser/base/content/test/general/browser_mixedContentFramesOnHttp.js
+++ b/browser/base/content/test/general/browser_mixedContentFramesOnHttp.js
@ -0,0 +1,52 @@
+/*
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ *
+ * Test for Bug 1182551 -
+ *
+ * This test has a top level HTTP page with an HTTPS iframe.  The HTTPS iframe
+ * includes an HTTP image.  We check that the top level security state is
+ * STATE_IS_INSECURE.  The mixed content from the iframe shouldn't "upgrade"
+ * the HTTP top level page to broken HTTPS.
+ */
+
+const gHttpTestRoot = "http://example.com/browser/browser/base/content/test/general/";
+
+let gTestBrowser = null;
+
+function SecStateTestsCompleted() {
+  gBrowser.removeCurrentTab();
+  window.focus();
+  finish();
+}
+
+function test() {
+  waitForExplicitFinish();
+  SpecialPowers.pushPrefEnv({"set": [
+    ["security.mixed_content.block_active_content", true],
+    ["security.mixed_content.block_display_content", false]
+  ]}, SecStateTests);
+}
+
+function SecStateTests() {
+  let url = gHttpTestRoot + "file_mixedContentFramesOnHttp.html";
+  gBrowser.selectedTab = gBrowser.addTab();
+  gTestBrowser = gBrowser.selectedBrowser;
+  whenLoaded(gTestBrowser, SecStateTest1);
+  gTestBrowser.contentWindow.location = url;
+}
+
+// The http page loads an https frame with an http image.
+function SecStateTest1() {
+  // check security state is insecure
+  isSecurityState("insecure");
+
+  SecStateTestsCompleted();
+}
+
+function whenLoaded(aElement, aCallback) {
+  aElement.addEventListener("load", function onLoad() {
+    aElement.removeEventListener("load", onLoad, true);
+    executeSoon(aCallback);
+  }, true);
+}
--- a/browser/base/content/test/general/browser_mixedContentFromOnunload.js
+++ b/browser/base/content/test/general/browser_mixedContentFromOnunload.js
@ -70,35 +70,6 @@ function SecStateTest2B() {
  SecStateTestsCompleted();
 }

-// Compares the security state of the page with what is expected
-function isSecurityState(expectedState) {
-  let ui = gTestBrowser.securityUI;
-  if (!ui) {
-    ok(false, "No security UI to get the security state");
-    return;
-  }
-
-  const wpl = Components.interfaces.nsIWebProgressListener;
-
-  // determine the security state
-  let isSecure = ui.state & wpl.STATE_IS_SECURE;
-  let isBroken = ui.state & wpl.STATE_IS_BROKEN;
-  let isInsecure = ui.state & wpl.STATE_IS_INSECURE;
-
-  let actualState;
-  if (isSecure && !(isBroken || isInsecure)) {
-    actualState = "secure";
-  } else if (isBroken && !(isSecure || isInsecure)) {
-    actualState = "broken";
-  } else if (isInsecure && !(isSecure || isBroken)) {
-    actualState = "insecure";
-  } else {
-    actualState = "unknown";
-  }
-
-  is(expectedState, actualState, "Expected state " + expectedState + " and the actual state is " + actualState + ".");
-}
-
 function whenLoaded(aElement, aCallback) {
  aElement.addEventListener("load", function onLoad() {
    aElement.removeEventListener("load", onLoad, true);
--- a/browser/base/content/test/general/file_mixedContentFramesOnHttp.html
+++ b/browser/base/content/test/general/file_mixedContentFramesOnHttp.html
@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Test for https://bugzilla.mozilla.org/show_bug.cgi?id=1182551
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1182551</title>
+</head>
+<body>
+  <p>Test for Bug 1182551.  This is an HTTP top level page.  We include an HTTPS iframe that loads mixed passive content.</p>
+  <iframe src="https://example.org/browser/browser/base/content/test/general/file_mixedPassiveContent.html"></iframe>
+</body>
+</html>
--- a/browser/base/content/test/general/file_mixedPassiveContent.html
+++ b/browser/base/content/test/general/file_mixedPassiveContent.html
@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Test for https://bugzilla.mozilla.org/show_bug.cgi?id=1182551
+-->
+<head>
+  <meta charset="utf-8">
+  <title>HTTPS page with HTTP image</title>
+</head>
+<body>
+  <img src="http://mochi.test:8888/tests/image/test/mochitest/blue.png">
+</body>
+</html>
--- a/browser/base/content/test/general/head.js
+++ b/browser/base/content/test/general/head.js
@ -961,3 +961,32 @@ function promiseNewSearchEngine(basename) {
    });
  });
 }
+
+// Compares the security state of the page with what is expected
+function isSecurityState(expectedState) {
+  let ui = gTestBrowser.securityUI;
+  if (!ui) {
+    ok(false, "No security UI to get the security state");
+    return;
+  }
+
+  const wpl = Components.interfaces.nsIWebProgressListener;
+
+  // determine the security state
+  let isSecure = ui.state & wpl.STATE_IS_SECURE;
+  let isBroken = ui.state & wpl.STATE_IS_BROKEN;
+  let isInsecure = ui.state & wpl.STATE_IS_INSECURE;
+
+  let actualState;
+  if (isSecure && !(isBroken || isInsecure)) {
+    actualState = "secure";
+  } else if (isBroken && !(isSecure || isInsecure)) {
+    actualState = "broken";
+  } else if (isInsecure && !(isSecure || isBroken)) {
+    actualState = "insecure";
+  } else {
+    actualState = "unknown";
+  }
+
+  is(expectedState, actualState, "Expected state " + expectedState + " and the actual state is " + actualState + ".");
+}
--- a/dom/security/test/mixedcontentblocker/mochitest.ini
+++ b/dom/security/test/mixedcontentblocker/mochitest.ini
@ -1,4 +1,5 @@
 [DEFAULT]
+tags = mcb
 support-files =
  file_bug803225_test_mailto.html
  file_frameNavigation.html