Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-29 03:44:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1054646 - Part 2: test loading of blob and data URLs in unique origin iframe sandbox. r=bz

Browse Source
This commit is contained in:
Bob Owen 2014-09-30 08:51:47 +01:00
parent 3140b4a353
commit 5f0d929d02
2 changed files with 43 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
content/html/content/test/file_iframe_sandbox_b_if3.html
View File

@ -11,23 +11,50 @@
}
function testXHR() {
var xhr = new XMLHttpRequest();
xhr.open("GET", "file_iframe_sandbox_b_if1.html");
xhr.onreadystatechange = function (oEvent) {
var result = false;
if (xhr.readyState == 4) {
if (xhr.status == 0) {
result = true;
// Standard URL should be blocked as we have a unique origin.
var xhr = new XMLHttpRequest();
xhr.open("GET", "file_iframe_sandbox_b_if1.html");
xhr.onreadystatechange = function (oEvent) {
var result = false;
if (xhr.readyState == 4) {
if (xhr.status == 0) {
result = true;
}
ok(result, "XHR should be blocked in an iframe sandboxed WITHOUT 'allow-same-origin'");
}
ok(result, "XHR should be blocked in an iframe sandboxed WITHOUT 'allow-same-origin'");
}
xhr.send(null);
// Blob URL should work as it will have our unique origin.
var blobXhr = new XMLHttpRequest();
var blobUrl = URL.createObjectURL(new Blob(["wibble"], {type: "text/plain"}));
blobXhr.open("GET", blobUrl);
blobXhr.onreadystatechange = function () {
if (this.readyState == 4) {
ok(this.status == 200 && this.response == "wibble", "XHR for a blob URL created in this document should NOT be blocked in an iframe sandboxed WITHOUT 'allow-same-origin'");
}
}
try {
blobXhr.send();
} catch(e) {
ok(false, "failed to send XHR for blob URL: error: " + e);
}
// Data URL should work as it inherits the loader's origin.
var dataXhr = new XMLHttpRequest();
dataXhr.open("GET", "data:text/html,wibble");
dataXhr.onreadystatechange = function () {
if (this.readyState == 4) {
ok(this.status == 200 && this.response == "wibble", "XHR for a data URL should NOT be blocked in an iframe sandboxed WITHOUT 'allow-same-origin'");
}
}
try {
dataXhr.send();
} catch(e) {
ok(false, "failed to send XHR for data URL: error: " + e);
}
}
xhr.send(null);
}
function doStuff() {
try {
window.parent.ok(false, "documents sandboxed without 'allow-same-origin' should NOT be able to access their parent");
@ -56,7 +83,7 @@
ok(true, "a document sandboxed without allow-same-origin should NOT be able to access sessionStorage");
}
testXHR();
testXHR();
}
</script>
<body onLoad="doStuff()">

4
content/html/content/test/test_iframe_sandbox_same_origin.html
View File

@ -28,8 +28,8 @@ function ok_wrapper(result, desc) {
passedTests++;
}
if (completedTests == 12) {
is(passedTests, 12, "There are 12 same-origin tests that should pass");
if (completedTests == 14) {
is(passedTests, completedTests, "There are " + completedTests + " same-origin tests that should pass");
SimpleTest.finish();
}