mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 06:11:37 +00:00
Bug 785310 - Tests. r=bholley
This commit is contained in:
parent
1a5046cc2f
commit
7c919057d8
@ -0,0 +1,15 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test window for other auxiliary navigation by location tests</title>
|
||||
<script>
|
||||
function onNav() {
|
||||
opener.postMessage(window.name, "*");
|
||||
}
|
||||
|
||||
window.onload = onNav;
|
||||
window.onhashchange = onNav;
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
@ -0,0 +1,15 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test window for our auxiliary navigation by location tests</title>
|
||||
<script>
|
||||
function onNav() {
|
||||
opener.parent.postMessage(window.name, "*");
|
||||
}
|
||||
|
||||
window.onload = onNav;
|
||||
window.onhashchange = onNav;
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
@ -0,0 +1,18 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test window for parent navigation by location tests</title>
|
||||
<script>
|
||||
function onNav() {
|
||||
parent.postMessage(window.name, "*");
|
||||
}
|
||||
|
||||
window.onload = onNav;
|
||||
window.onhashchange = onNav;
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<iframe name="childIframe" sandbox="allow-scripts allow-same-origin allow-top-navigation"></iframe>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,15 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test window for sibling navigation by location tests</title>
|
||||
<script>
|
||||
function onNav() {
|
||||
parent.postMessage(window.name, "*");
|
||||
}
|
||||
|
||||
window.onload = onNav;
|
||||
window.onhashchange = onNav;
|
||||
</script>
|
||||
</head>
|
||||
</html>
|
@ -0,0 +1,20 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test window for top navigation by location tests</title>
|
||||
<script>
|
||||
function onNav() {
|
||||
opener.postMessage(window.name, "*");
|
||||
}
|
||||
|
||||
window.onload = onNav;
|
||||
window.onhashchange = onNav;
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<iframe name="if1" sandbox="allow-scripts allow-same-origin"></iframe>
|
||||
<iframe name="if2" sandbox="allow-scripts allow-same-origin allow-top-navigation"></iframe>
|
||||
<iframe name="if3" sandbox="allow-scripts allow-top-navigation"></iframe>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,26 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test window for top navigation by location tests</title>
|
||||
<script>
|
||||
function onBlock() {
|
||||
opener.postMessage({ name: window.name, blocked: true }, '*');
|
||||
}
|
||||
|
||||
function onNav() {
|
||||
opener.postMessage({ name: window.name, blocked: false }, '*');
|
||||
}
|
||||
|
||||
function setOwnHref() {
|
||||
location.href = location.href;
|
||||
}
|
||||
|
||||
window.onload = onNav;
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<iframe name="if1" sandbox="allow-scripts allow-same-origin"></iframe>
|
||||
<iframe name="if2" sandbox="allow-scripts allow-same-origin allow-top-navigation"></iframe>
|
||||
</body>
|
||||
</html>
|
16
docshell/test/iframesandbox/mochitest.ini
Normal file
16
docshell/test/iframesandbox/mochitest.ini
Normal file
@ -0,0 +1,16 @@
|
||||
[DEFAULT]
|
||||
support-files =
|
||||
file_other_auxiliary_navigation_by_location.html
|
||||
file_our_auxiliary_navigation_by_location.html
|
||||
file_parent_navigation_by_location.html
|
||||
file_sibling_navigation_by_location.html
|
||||
file_top_navigation_by_location.html
|
||||
file_top_navigation_by_location_exotic.html
|
||||
|
||||
[test_child_navigation_by_location.html]
|
||||
[test_other_auxiliary_navigation_by_location.html]
|
||||
[test_our_auxiliary_navigation_by_location.html]
|
||||
[test_parent_navigation_by_location.html]
|
||||
[test_sibling_navigation_by_location.html]
|
||||
[test_top_navigation_by_location_exotic.html]
|
||||
[test_top_navigation_by_location.html]
|
@ -0,0 +1,92 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
|
||||
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 785310 - iframe sandbox child navigation by location tests</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
var testHtml = "<script>function onNav() { parent.parent.postMessage('childIframe', '*'); } window.onload = onNav; window.onhashchange = onNav;<\/script>";
|
||||
var testDataUri = "data:text/html," + testHtml;
|
||||
|
||||
function runScriptNavigationTest(testCase) {
|
||||
window.onmessage = function(event) {
|
||||
if (event.data != 'childIframe') {
|
||||
ok(false, "event.data: got '" + event.data + "', expected 'childIframe'");
|
||||
}
|
||||
ok(!testCase.shouldBeBlocked, testCase.desc, "child navigation was NOT blocked");
|
||||
runNextTest();
|
||||
};
|
||||
try {
|
||||
window["parentIframe"].eval(testCase.script);
|
||||
} catch(e) {
|
||||
ok(testCase.shouldBeBlocked, testCase.desc, e.message);
|
||||
runNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
var testCaseIndex = -1;
|
||||
testCases = [
|
||||
{
|
||||
desc: "Test 1: cross origin child location.replace should NOT be blocked",
|
||||
script: "window['crossOriginChildIframe'].location.replace(\"" + testDataUri + "\")",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 2: cross origin child location.assign should be blocked",
|
||||
script: "window['crossOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 3: same origin child location.assign should NOT be blocked",
|
||||
script: "window['sameOriginChildIframe'].location.assign(\"" + testDataUri + "\")",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 4: cross origin child location.href should NOT be blocked",
|
||||
script: "window['crossOriginChildIframe'].location.href = \"" + testDataUri + "\"",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 5: cross origin child location.hash should be blocked",
|
||||
script: "window['crossOriginChildIframe'].location.hash = 'wibble'",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 6: same origin child location.hash should NOT be blocked",
|
||||
script: "window['sameOriginChildIframe'].location.hash = 'wibble'",
|
||||
shouldBeBlocked: false
|
||||
}
|
||||
];
|
||||
|
||||
function runNextTest() {
|
||||
++testCaseIndex;
|
||||
if (testCaseIndex == testCases.length) {
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
runScriptNavigationTest(testCases[testCaseIndex]);
|
||||
}
|
||||
|
||||
addLoadEvent(runNextTest);
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
Tests for Bug 785310
|
||||
</div>
|
||||
|
||||
<iframe name="parentIframe" sandbox="allow-scripts allow-same-origin" src="data:text/html,<iframe name='sameOriginChildIframe'></iframe><iframe name='crossOriginChildIframe' sandbox='allow-scripts'></iframe>"</iframe>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,80 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
|
||||
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 785310 - iframe sandbox other auxiliary navigation by location tests</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
function runScriptNavigationTest(testCase) {
|
||||
window.onmessage = function(event) {
|
||||
if (event.data != "otherWindow") {
|
||||
ok(false, "event.data: got '" + event.data + "', expected 'otherWindow'");
|
||||
}
|
||||
ok(false, testCase.desc, "auxiliary navigation was NOT blocked");
|
||||
runNextTest();
|
||||
};
|
||||
try {
|
||||
window["testIframe"].eval(testCase.script);
|
||||
} catch(e) {
|
||||
ok(true, testCase.desc, e.message);
|
||||
runNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
var testCaseIndex = -1;
|
||||
testCases = [
|
||||
{
|
||||
desc: "Test 1: location.replace on auxiliary NOT opened by us should be blocked",
|
||||
script: "parent.openedWindow.location.replace('file_other_auxiliary_navigation_by_location.html')"
|
||||
},
|
||||
{
|
||||
desc: "Test 2: location.assign on auxiliary NOT opened by us should be blocked",
|
||||
script: "parent.openedWindow.location.assign('file_other_auxiliary_navigation_by_location.html')"
|
||||
},
|
||||
{
|
||||
desc: "Test 3: location.href on auxiliary NOT opened by us should be blocked",
|
||||
script: "parent.openedWindow.location.href = 'file_other_auxiliary_navigation_by_location.html'"
|
||||
},
|
||||
{
|
||||
desc: "Test 4: location.hash on auxiliary NOT opened by us should be blocked",
|
||||
script: "parent.openedWindow.location.hash = 'wibble'"
|
||||
}
|
||||
];
|
||||
|
||||
function runNextTest() {
|
||||
++testCaseIndex;
|
||||
if (testCaseIndex == testCases.length) {
|
||||
openedWindow.close();
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
runScriptNavigationTest(testCases[testCaseIndex]);
|
||||
}
|
||||
|
||||
window.onmessage = runNextTest;
|
||||
|
||||
window.onload = function() {
|
||||
window.openedWindow = window.open("file_other_auxiliary_navigation_by_location.html", "otherWindow");
|
||||
}
|
||||
</script>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
Tests for Bug 785310
|
||||
</div>
|
||||
|
||||
<iframe name="testIframe" sandbox="allow-scripts allow-same-origin allow-top-navigation allow-popups"></iframe>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,84 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
|
||||
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 785310 - iframe sandbox our auxiliary navigation by location tests</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
function runScriptNavigationTest(testCase) {
|
||||
window.onmessage = function(event) {
|
||||
if (event.data != "ourWindow") {
|
||||
ok(false, "event.data: got '" + event.data + "', expected 'ourWindow'");
|
||||
}
|
||||
ok(!testCase.shouldBeBlocked, testCase.desc, "auxiliary navigation was NOT blocked");
|
||||
runNextTest();
|
||||
};
|
||||
try {
|
||||
SpecialPowers.wrap(window["testIframe"]).eval(testCase.script);
|
||||
} catch(e) {
|
||||
ok(testCase.shouldBeBlocked, testCase.desc, SpecialPowers.wrap(e).message);
|
||||
runNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
var testCaseIndex = -1;
|
||||
testCases = [
|
||||
{
|
||||
desc: "Test 1: location.replace on auxiliary opened by us should NOT be blocked",
|
||||
script: "openedWindow.location.replace('file_our_auxiliary_navigation_by_location.html')",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 2: location.assign on auxiliary opened by us should be blocked without allow-same-origin",
|
||||
script: "openedWindow.location.assign('file_our_auxiliary_navigation_by_location.html')",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 3: location.href on auxiliary opened by us should NOT be blocked",
|
||||
script: "openedWindow.location.href = 'file_our_auxiliary_navigation_by_location.html'",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 4: location.hash on auxiliary opened by us should be blocked without allow-same-origin",
|
||||
script: "openedWindow.location.hash = 'wibble'",
|
||||
shouldBeBlocked: true
|
||||
}
|
||||
];
|
||||
|
||||
function runNextTest() {
|
||||
++testCaseIndex;
|
||||
if (testCaseIndex == testCases.length) {
|
||||
SpecialPowers.wrap(window["testIframe"]).eval("openedWindow.close()");
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
runScriptNavigationTest(testCases[testCaseIndex]);
|
||||
}
|
||||
|
||||
window.onmessage = runNextTest;
|
||||
|
||||
window.onload = function() {
|
||||
SpecialPowers.wrap(window["testIframe"]).eval("var openedWindow = window.open('file_our_auxiliary_navigation_by_location.html', 'ourWindow')");
|
||||
}
|
||||
</script>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
Tests for Bug 785310
|
||||
</div>
|
||||
|
||||
<iframe name="testIframe" sandbox="allow-scripts allow-popups"></iframe>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,75 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
|
||||
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 785310 - iframe sandbox parent navigation by location tests</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
function runScriptNavigationTest(testCase) {
|
||||
window.onmessage = function(event) {
|
||||
if (event.data != "parentIframe") {
|
||||
ok(false, "event.data: got '" + event.data + "', expected 'parentIframe'");
|
||||
}
|
||||
ok(false, testCase.desc, "parent navigation was NOT blocked");
|
||||
runNextTest();
|
||||
};
|
||||
try {
|
||||
window["parentIframe"]["childIframe"].eval(testCase.script);
|
||||
} catch(e) {
|
||||
ok(true, testCase.desc, e.message);
|
||||
runNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
var testCaseIndex = -1;
|
||||
testCases = [
|
||||
{
|
||||
desc: "Test 1: parent.location.replace should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent.location.replace('file_parent_navigation_by_location.html')"
|
||||
},
|
||||
{
|
||||
desc: "Test 2: parent.location.assign should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent.location.assign('file_parent_navigation_by_location.html')"
|
||||
},
|
||||
{
|
||||
desc: "Test 3: parent.location.href should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent.location.href = 'file_parent_navigation_by_location.html'"
|
||||
},
|
||||
{
|
||||
desc: "Test 4: parent.location.hash should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent.location.hash = 'wibble'"
|
||||
}
|
||||
];
|
||||
|
||||
function runNextTest() {
|
||||
++testCaseIndex;
|
||||
if (testCaseIndex == testCases.length) {
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
runScriptNavigationTest(testCases[testCaseIndex]);
|
||||
}
|
||||
|
||||
window.onmessage = runNextTest;
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
Tests for Bug 785310
|
||||
</div>
|
||||
|
||||
<iframe name="parentIframe" src="file_parent_navigation_by_location.html"></iframe>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,78 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
|
||||
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 785310 - iframe sandbox sibling navigation by location tests</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
function runScriptNavigationTest(testCase) {
|
||||
window.onmessage = function(event) {
|
||||
if (event.data != "siblingIframe") {
|
||||
ok(false, "event.data: got '" + event.data + "', expected 'siblingIframe'");
|
||||
}
|
||||
|
||||
ok(false, testCase.desc, "sibling navigation was NOT blocked");
|
||||
runNextTest();
|
||||
};
|
||||
|
||||
try {
|
||||
window["testIframe"].eval(testCase.script);
|
||||
} catch(e) {
|
||||
ok(true, testCase.desc, e.message);
|
||||
runNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
var testCaseIndex = -1;
|
||||
testCases = [
|
||||
{
|
||||
desc: "Test 1: sibling location.replace should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent['siblingIframe'].location.replace('file_sibling_navigation_by_location.html')"
|
||||
},
|
||||
{
|
||||
desc: "Test 2: sibling location.assign should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent['siblingIframe'].location.assign('file_sibling_navigation_by_location.html')"
|
||||
},
|
||||
{
|
||||
desc: "Test 3: sibling location.href should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent['siblingIframe'].location.href = 'file_sibling_navigation_by_location.html'"
|
||||
},
|
||||
{
|
||||
desc: "Test 4: sibling location.hash should be blocked even when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "parent['siblingIframe'].location.hash = 'wibble'"
|
||||
}
|
||||
];
|
||||
|
||||
function runNextTest() {
|
||||
++testCaseIndex;
|
||||
if (testCaseIndex == testCases.length) {
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
runScriptNavigationTest(testCases[testCaseIndex]);
|
||||
}
|
||||
|
||||
window.onmessage = runNextTest;
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
Tests for Bug 785310
|
||||
</div>
|
||||
|
||||
<iframe name="testIframe" sandbox="allow-scripts allow-same-origin allow-top-navigation"></iframe>
|
||||
<iframe name="siblingIframe" src="file_sibling_navigation_by_location.html"></iframe>
|
||||
|
||||
</body>
|
||||
</html>
|
167
docshell/test/iframesandbox/test_top_navigation_by_location.html
Normal file
167
docshell/test/iframesandbox/test_top_navigation_by_location.html
Normal file
@ -0,0 +1,167 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
|
||||
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 785310 - iframe sandbox top navigation by location tests</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
var testWin;
|
||||
|
||||
function runScriptNavigationTest(testCase) {
|
||||
window.onmessage = function(event) {
|
||||
if (event.data != "newTop") {
|
||||
ok(false, "event.data: got '" + event.data + "', expected 'newTop'");
|
||||
}
|
||||
ok(!testCase.shouldBeBlocked, testCase.desc, "top navigation was NOT blocked");
|
||||
runNextTest();
|
||||
};
|
||||
try {
|
||||
SpecialPowers.wrap(testWin[testCase.iframeName]).eval(testCase.script);
|
||||
} catch(e) {
|
||||
ok(testCase.shouldBeBlocked, testCase.desc, SpecialPowers.wrap(e).message);
|
||||
runNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
var testCaseIndex = -1;
|
||||
testCases = [
|
||||
{
|
||||
desc: "Test 1: top.location.replace should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.location.replace('file_top_navigation_by_location.html')",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 2: top.location.assign should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.location.assign('file_top_navigation_by_location.html')",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 3: top.location.href should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.location.href = 'file_top_navigation_by_location.html'",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 4: top.location.pathname should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.location.pathname = top.location.pathname",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 5: top.location should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.location = 'file_top_navigation_by_location.html'",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 6: top.location.hash should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.location.hash = 'wibble'",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 7: top.location.replace should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "top.location.replace('file_top_navigation_by_location.html')",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 8: top.location.assign should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "top.location.assign('file_top_navigation_by_location.html')",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 9: top.location.href should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "top.location.href = 'file_top_navigation_by_location.html'",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 10: top.location.pathname should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "top.location.pathname = top.location.pathname",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 11: top.location should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "top.location = 'file_top_navigation_by_location.html'",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 12: top.location.hash should NOT be blocked when sandboxed with allow-same-origin allow-top-navigation",
|
||||
script: "top.location.hash = 'wibble'",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 13: top.location.replace should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
|
||||
script: "top.location.replace('file_top_navigation_by_location.html')",
|
||||
iframeName: "if3",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 14: top.location.assign should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
|
||||
script: "top.location.assign('file_top_navigation_by_location.html')",
|
||||
iframeName: "if3",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 15: top.location.href should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
|
||||
script: "top.location.href = 'file_top_navigation_by_location.html'",
|
||||
iframeName: "if3",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 16: top.location.pathname should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
|
||||
script: "top.location.pathname = top.location.pathname",
|
||||
iframeName: "if3",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 17: top.location should NOT be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
|
||||
script: "top.location = 'file_top_navigation_by_location.html'",
|
||||
iframeName: "if3",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 18: top.location.hash should be blocked when sandboxed with allow-top-navigation, but without allow-same-origin",
|
||||
script: "top.location.hash = 'wibble'",
|
||||
iframeName: "if3",
|
||||
shouldBeBlocked: true
|
||||
}
|
||||
];
|
||||
|
||||
function runNextTest() {
|
||||
++testCaseIndex;
|
||||
if (testCaseIndex == testCases.length) {
|
||||
testWin.close();
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
runScriptNavigationTest(testCases[testCaseIndex]);
|
||||
}
|
||||
|
||||
window.onmessage = runNextTest;
|
||||
testWin = window.open("file_top_navigation_by_location.html", "newTop");
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
Tests for Bug 785310
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,204 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=785310
|
||||
html5 sandboxed iframe should not be able to perform top navigation with scripts allowed
|
||||
-->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Test for Bug 785310 - iframe sandbox top navigation by location via exotic means tests</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
<script>
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
var testWin;
|
||||
|
||||
function runScriptNavigationTest(testCase) {
|
||||
window.onmessage = function(event) {
|
||||
if (event.data.name != 'newWindow') {
|
||||
ok(false, "event.data.name: got '" + event.data.name + "', expected 'newWindow'");
|
||||
}
|
||||
var diag = "top navigation was " + (event.data.blocked ? "" : "NOT ") + "blocked";
|
||||
ok((testCase.shouldBeBlocked == event.data.blocked), testCase.desc, diag);
|
||||
runNextTest();
|
||||
};
|
||||
try {
|
||||
testWin[testCase.iframeName].eval(testCase.script);
|
||||
} catch(e) {
|
||||
ok(testCase.shouldBeBlocked, testCase.desc, e.message);
|
||||
runNextTest();
|
||||
}
|
||||
}
|
||||
|
||||
var testCaseIndex = -1;
|
||||
testCases = [
|
||||
{
|
||||
desc: "Test 1: location.replace.call(top.location, ...) should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "location.replace.call(top.location, 'file_top_navigation_by_location_exotic.html')",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 2: location.replace.bind(top.location, ...) should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "location.replace.bind(top.location, 'file_top_navigation_by_location_exotic.html')()",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 3: Function.bind.call(location.replace, top.location, ...) should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "Function.bind.call(location.replace, top.location, 'file_top_navigation_by_location_exotic.html')()",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 4: location.replace.call(top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "location.replace.call(top.location, 'file_top_navigation_by_location_exotic.html')",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 5: location.replace.bind(top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "location.replace.bind(top.location, 'file_top_navigation_by_location_exotic.html')()",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 6: Function.bind.call(location.replace, top.location, ...) should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "Function.bind.call(location.replace, top.location, 'file_top_navigation_by_location_exotic.html')()",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 7: top.location.href, via setTimeout, should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "setTimeout(function() { try { top.location.href = 'file_top_navigation_by_location_exotic.html' } catch (e) { top.onBlock() } }, 0)",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 8: top.location.href, via setTimeout, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "setTimeout(function() { try { top.location.href = 'file_top_navigation_by_location_exotic.html' } catch(e) { top.onBlock() } }, 0)",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 9: top.location.href, via eval, should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "eval('top.location.href = \"file_top_navigation_by_location_exotic.html\"')",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 10: top.location.href, via eval, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "eval('top.location.href = \"file_top_navigation_by_location_exotic.html\"')",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 11: top.location.href, via anonymous function, should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' })()",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 12: top.location.href, via anonymous function, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' })()",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 13: top.location.href, via function inserted in top, should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.doTest = function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }; top.doTest();",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 14: top.location.href, via function inserted in top, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "top.doTest = function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }; top.doTest();",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 15: top.location.href, via function inserted in us by top, should NOT be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.eval('window[\"if1\"].doTest = function() { top.location.href = \"file_top_navigation_by_location_exotic.html\" };'), doTest();",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 16: top.location.href, via function inserted in top, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "top.eval('window[\"if2\"].doTest = function() { top.location.href = \"file_top_navigation_by_location_exotic.html\" };'), doTest();",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 17: top.location.href, via function in top, should NOT be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.setOwnHref()",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 18: top.location.href, via function in top, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "top.setOwnHref()",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 19: top.location.href, via eval in top, should NOT be blocked when sandboxed without allow-top-navigation",
|
||||
script: "top.eval('location.href = \"file_top_navigation_by_location_exotic.html\"')",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 20: top.location.href, via eval in top, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "top.eval('location.href = \"file_top_navigation_by_location_exotic.html\"')",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 21: top.location.href, via eval in top calling us, should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "function doTest() { top.location.href = 'file_top_navigation_by_location_exotic.html' } top.eval('window[\"if1\"].doTest()');",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 22: top.location.href, via eval in top calling us, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "function doTest() { top.location.href = 'file_top_navigation_by_location_exotic.html' } top.eval('window[\"if2\"].doTest()');",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
},
|
||||
{
|
||||
desc: "Test 23: top.location.href, via function bound to top, should be blocked when sandboxed without allow-top-navigation",
|
||||
script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }).bind(top)();",
|
||||
iframeName: "if1",
|
||||
shouldBeBlocked: true
|
||||
},
|
||||
{
|
||||
desc: "Test 24: top.location.href, via function bound to top, should NOT be blocked when sandboxed with allow-top-navigation",
|
||||
script: "(function() { top.location.href = 'file_top_navigation_by_location_exotic.html' }).bind(top)();",
|
||||
iframeName: "if2",
|
||||
shouldBeBlocked: false
|
||||
}
|
||||
];
|
||||
|
||||
function runNextTest() {
|
||||
++testCaseIndex;
|
||||
if (testCaseIndex == testCases.length) {
|
||||
testWin.close();
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
runScriptNavigationTest(testCases[testCaseIndex]);
|
||||
}
|
||||
|
||||
window.onmessage = runNextTest;
|
||||
testWin = window.open('file_top_navigation_by_location_exotic.html', "newWindow");
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=785310">Mozilla Bug 785310</a>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
Tests for Bug 785310
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
@ -12,5 +12,7 @@ XPCSHELL_TESTS_MANIFESTS += ['unit/xpcshell.ini']
|
||||
if CONFIG['OS_ARCH'] != 'Darwin':
|
||||
XPCSHELL_TESTS_MANIFESTS += ['unit_ipc/xpcshell.ini']
|
||||
|
||||
MOCHITEST_MANIFESTS += ['mochitest.ini']
|
||||
|
||||
MOCHITEST_MANIFESTS += [
|
||||
'iframesandbox/mochitest.ini',
|
||||
'mochitest.ini'
|
||||
]
|
||||
|
@ -193,8 +193,14 @@
|
||||
"content/html/content/test/test_iframe_sandbox_plugins.html":"plugins not supported",
|
||||
"content/html/content/test/test_object_plugin_nav.html":"plugins not supported",
|
||||
"content/html/document/test/test_bug741266.html":"needs control of popup window size",
|
||||
|
||||
"docshell/test/navigation/test_popup-navigates-children.html":"Needs multiple window.open support, also uses docshelltreenode",
|
||||
"docshell/test/test_bug590573.html":"queryinterfaces into webnavigation, might suffer from something similar as bug 823022",
|
||||
"docshell/test/iframesandbox/test_other_auxiliary_navigation_by_location.html":"bug 948948, NS_ERROR_FAILURE from nsWindowWatcher::GetPrompt",
|
||||
"docshell/test/iframesandbox/test_our_auxiliary_navigation_by_location.html":"bug 948948, NS_ERROR_FAILURE from nsWindowWatcher::GetPrompt",
|
||||
"docshell/test/iframesandbox/test_top_navigation_by_location.html":"bug 948948, NS_ERROR_FAILURE from nsWindowWatcher::GetPrompt",
|
||||
"docshell/test/iframesandbox/test_top_navigation_by_location_exotic.html":"bug 948948, NS_ERROR_FAILURE from nsWindowWatcher::GetPrompt",
|
||||
|
||||
"dom/devicestorage/ipc/test_ipc.html":"nested ipc not working",
|
||||
|
||||
"dom/indexedDB/ipc/test_ipc.html":"nested ipc not working",
|
||||
|
Loading…
Reference in New Issue
Block a user