mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 20:05:49 +00:00
Backed out changesets 772945b1130d, cb83b6efa9ea, and 5f23080673ee (bug 1086999) for Gaia context_menu_test.js failures.
CLOSED TREE
This commit is contained in:
parent
f827302d4c
commit
5a963d1339
@ -1,49 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1086999 - Wildcard should not match blob:, data:</title>
|
||||
</head>
|
||||
<body>
|
||||
<script type="text/javascript">
|
||||
|
||||
var base64data =
|
||||
"iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
|
||||
"P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==";
|
||||
|
||||
|
||||
// construct an image element using *data:*
|
||||
var data_src = "data:image/png;base64," + base64data;
|
||||
var data_img = document.createElement('img');
|
||||
data_img.onload = function() {
|
||||
window.parent.postMessage({scheme: "data", result: "allowed"}, "*");
|
||||
}
|
||||
data_img.onerror = function() {
|
||||
window.parent.postMessage({scheme: "data", result: "blocked"}, "*");
|
||||
}
|
||||
data_img.src = data_src;
|
||||
document.body.appendChild(data_img);
|
||||
|
||||
|
||||
// construct an image element using *blob:*
|
||||
var byteCharacters = atob(base64data);
|
||||
var byteNumbers = new Array(byteCharacters.length);
|
||||
for (var i = 0; i < byteCharacters.length; i++) {
|
||||
byteNumbers[i] = byteCharacters.charCodeAt(i);
|
||||
}
|
||||
var byteArray = new Uint8Array(byteNumbers);
|
||||
var blob = new Blob([byteArray], {type: "image/png"});
|
||||
var imageUrl = URL.createObjectURL( blob );
|
||||
|
||||
var blob_img = document.createElement('img');
|
||||
blob_img.onload = function() {
|
||||
window.parent.postMessage({scheme: "blob", result: "allowed"}, "*");
|
||||
}
|
||||
blob_img.onerror = function() {
|
||||
window.parent.postMessage({scheme: "blob", result: "blocked"}, "*");
|
||||
}
|
||||
blob_img.src = imageUrl;
|
||||
document.body.appendChild(blob_img);
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
@ -1,7 +1,6 @@
|
||||
[DEFAULT]
|
||||
support-files =
|
||||
file_base-uri.html
|
||||
file_blob_data_schemes.html
|
||||
file_connect-src.html
|
||||
file_connect-src-fetch.html
|
||||
file_CSP.css
|
||||
@ -111,7 +110,6 @@ support-files =
|
||||
referrerdirective.sjs
|
||||
|
||||
[test_base-uri.html]
|
||||
[test_blob_data_schemes.html]
|
||||
[test_connect-src.html]
|
||||
[test_CSP.html]
|
||||
[test_csp_allow_https_schemes.html]
|
||||
|
@ -1,89 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1086999 - Wildcard should not match blob:, data:</title>
|
||||
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<iframe style="width:100%;" id="testframe"></iframe>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
/* Description of the test:
|
||||
* We load an image using a data: and a blob: scheme and make
|
||||
* sure a CSP containing a single ASTERISK (*) does not whitelist
|
||||
* those loads. The single ASTERISK character should not match a
|
||||
* URI's scheme of a type designating globally unique identifier
|
||||
* (such as blob:, data:, or filesystem:)
|
||||
*/
|
||||
|
||||
var tests = [
|
||||
{
|
||||
policy : "default-src 'unsafe-inline' blob: data:",
|
||||
expected : "allowed",
|
||||
},
|
||||
{
|
||||
policy : "default-src 'unsafe-inline' *",
|
||||
expected : "blocked"
|
||||
}
|
||||
];
|
||||
|
||||
var testIndex = 0;
|
||||
var messageCounter = 0;
|
||||
var curTest;
|
||||
|
||||
// onError handler is over-reporting, hence we make sure that
|
||||
// we get an error for both testcases: data and blob before we
|
||||
// move on to the next test.
|
||||
var dataRan = false;
|
||||
var blobRan = false;
|
||||
|
||||
// a postMessage handler to communicate the results back to the parent.
|
||||
window.addEventListener("message", receiveMessage, false);
|
||||
|
||||
function receiveMessage(event)
|
||||
{
|
||||
is(event.data.result, curTest.expected, event.data.scheme + " should be " + curTest.expected);
|
||||
|
||||
if (event.data.scheme === "data") {
|
||||
dataRan = true;
|
||||
}
|
||||
if (event.data.scheme === "blob") {
|
||||
blobRan = true;
|
||||
}
|
||||
if (dataRan && blobRan) {
|
||||
loadNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
function loadNextTest() {
|
||||
if (testIndex === tests.length) {
|
||||
window.removeEventListener("message", receiveMessage, false);
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
dataRan = false;
|
||||
blobRan = false;
|
||||
|
||||
curTest = tests[testIndex++];
|
||||
// reset the messageCounter to make sure we receive all the postMessages from the iframe
|
||||
messageCounter = 0;
|
||||
|
||||
var src = "file_csp_testserver.sjs";
|
||||
// append the file that should be served
|
||||
src += "?file=" + escape("tests/dom/base/test/csp/file_blob_data_schemes.html");
|
||||
// append the CSP that should be used to serve the file
|
||||
src += "&csp=" + escape(curTest.policy);
|
||||
|
||||
document.getElementById("testframe").src = src;
|
||||
}
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
loadNextTest();
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
@ -378,21 +378,6 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected
|
||||
|
||||
// 2) host matching: Enforce a single *
|
||||
if (mHost.EqualsASCII("*")) {
|
||||
// The single ASTERISK character (*) does not match a URI's scheme of a type
|
||||
// designating a globally unique identifier (such as blob:, data:, or filesystem:)
|
||||
// At the moment firefox does not support filesystem; but for future compatibility
|
||||
// we support it in CSP according to the spec, see: 4.2.2 Matching Source Expressions
|
||||
// Note, that whitelisting any of these schemes would call nsCSPSchemeSrc::permits().
|
||||
bool isBlobScheme =
|
||||
(NS_SUCCEEDED(aUri->SchemeIs("blob", &isBlobScheme)) && isBlobScheme);
|
||||
bool isDataScheme =
|
||||
(NS_SUCCEEDED(aUri->SchemeIs("data", &isDataScheme)) && isDataScheme);
|
||||
bool isFileScheme =
|
||||
(NS_SUCCEEDED(aUri->SchemeIs("filesystem", &isFileScheme)) && isFileScheme);
|
||||
|
||||
if (isBlobScheme || isDataScheme || isFileScheme) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,8 @@
|
||||
[script-src-1_9.html]
|
||||
type: testharness
|
||||
[test inline worker]
|
||||
expected: FAIL
|
||||
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
||||
|
@ -1,20 +1,20 @@
|
||||
(function ()
|
||||
{
|
||||
var test = new async_test("test inline worker");
|
||||
var workerSource = document.getElementById('inlineWorker');
|
||||
|
||||
var blob = new Blob([workerSource.textContent]);
|
||||
|
||||
// can I create a new script tag like this? ack...
|
||||
var url = window.URL.createObjectURL(blob);
|
||||
|
||||
try {
|
||||
var worker = new Worker(url);
|
||||
}
|
||||
catch (e) {
|
||||
done();
|
||||
}
|
||||
var worker = new Worker(url);
|
||||
|
||||
worker.addEventListener('message', function(e) {
|
||||
assert_unreached("script ran");
|
||||
test.step(function () {
|
||||
assert_not_equals(e.data, 'fail', 'inline script ran');
|
||||
test.done();
|
||||
})
|
||||
}, false);
|
||||
|
||||
worker.postMessage('');
|
||||
|
Loading…
Reference in New Issue
Block a user