Bug 1121857 - CSP: document.baseURI should not get blocked if baseURI is null - tests (r=sstamm)

dom/base/test/csp/file_null_baseuri.html

@@ -0,0 +1,21 @@
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>Bug 1121857 - document.baseURI should not get blocked if baseURI is null</title>
+  </head>
+  <body>
+  <script type="text/javascript">
+    // check the initial base-uri
+    window.parent.postMessage({baseURI: document.baseURI, test: "initial_base_uri"}, "*");
+
+    // append a child and check the base-uri
+    var baseTag = document.head.appendChild(document.createElement('base'));
+    baseTag.href = 'http://www.base-tag.com';
+    window.parent.postMessage({baseURI: document.baseURI, test: "changed_base_uri"}, "*");
+
+    // remove the child and check that the base-uri is back to the initial one
+    document.head.remove(baseTag);
+    window.parent.postMessage({baseURI: document.baseURI, test: "initial_base_uri"}, "*");
+  </script>
+</body>
+</html>

dom/base/test/csp/mochitest.ini

@@ -100,6 +100,7 @@ support-files =
   file_multi_policy_injection_bypass.html^headers^
   file_multi_policy_injection_bypass_2.html
   file_multi_policy_injection_bypass_2.html^headers^
+  file_null_baseuri.html
   file_form-action.html
   file_worker_redirect.html
   file_worker_redirect.sjs
@@ -151,6 +152,7 @@ skip-if = buildapp == 'b2g' # intermittent orange (bug 1028490)
 [test_subframe_run_js_if_allowed.html]
 [test_leading_wildcard.html]
 [test_multi_policy_injection_bypass.html]
+[test_null_baseuri.html]
 [test_CSP_referrerdirective.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_worker_redirect.html]

dom/base/test/csp/test_null_baseuri.html

@@ -0,0 +1,67 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1121857 - document.baseURI should not get blocked if baseURI is null</title>
+  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+  <p id="display"></p>
+  <div id="content" style="visibility: hidden">
+    <iframe style="width:100%;" id="testframe"></iframe>
+  </div>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * Creating a 'base' element and appending that element
+ * to document.head. After setting baseTag.href and finally
+ * removing the created element from the head, the baseURI
+ * should be the inital baseURI of the page.
+ */
+
+const TOTAL_TESTS = 3;
+var test_counter = 0;
+
+// a postMessage handler to communicate the results back to the parent.
+window.addEventListener("message", receiveMessage, false);
+
+function receiveMessage(event)
+{
+  // make sure the base-uri before and after the test is the initial base uri of the page
+  if (event.data.test === "initial_base_uri") {
+    ok(event.data.baseURI.startsWith("http://mochi.test"), "baseURI should be 'http://mochi.test'!");
+  }
+  // check that appending the child and setting the base tag actually affects the base-uri
+  else if (event.data.test === "changed_base_uri") {
+    ok(event.data.baseURI === "http://www.base-tag.com/", "baseURI should be 'http://www.base-tag.com'!");
+  }
+  // we shouldn't get here, but just in case, throw an error.
+  else {
+    ok(false, "unrecognized test!");
+  }
+
+  if (++test_counter === TOTAL_TESTS) {
+    SimpleTest.finish();
+  }
+}
+
+function startTest() {
+  var src = "file_csp_testserver.sjs";
+  // append the file that should be served
+  src += "?file=" + escape("tests/dom/base/test/csp/file_null_baseuri.html");
+  // using 'unsafe-inline' since we load the testcase using an inline script
+  // within file_null_baseuri.html
+  src += "&csp=" + escape("default-src * 'unsafe-inline';");
+
+  document.getElementById("testframe").src = src;
+}
+
+
+SimpleTest.waitForExplicitFinish();
+startTest();
+
+</script>
+</body>
+</html>