mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-28 04:35:33 +00:00
Backed out changeset 5e1a99955893 (bug 1162772)
This commit is contained in:
parent
a17fb5bfed
commit
beeb3876c4
@ -35376,18 +35376,6 @@
|
||||
"url": "/html/webappapis/scripting/processing-model-2/window-onerror-with-cross-frame-event-listeners-4.html"
|
||||
}
|
||||
],
|
||||
"secure-contexts/basic-popup-and-iframe-tests.html": [
|
||||
{
|
||||
"path": "secure-contexts/basic-popup-and-iframe-tests.html",
|
||||
"url": "/secure-contexts/basic-popup-and-iframe-tests.html"
|
||||
}
|
||||
],
|
||||
"secure-contexts/basic-popup-and-iframe-tests.https.html": [
|
||||
{
|
||||
"path": "secure-contexts/basic-popup-and-iframe-tests.https.html",
|
||||
"url": "/secure-contexts/basic-popup-and-iframe-tests.https.html"
|
||||
}
|
||||
],
|
||||
"service-workers/service-worker/navigate-window.https.html": [
|
||||
{
|
||||
"path": "service-workers/service-worker/navigate-window.https.html",
|
||||
|
@ -1,25 +0,0 @@
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Test Window.isSecureContext for HTTP creator</title>
|
||||
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
|
||||
<meta name="author" title="Jonathan Watt" href="https://jwatt.org/">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src="server-locations.sub.js"></script>
|
||||
<script>
|
||||
|
||||
// This file is the equivasent of the https version, but rather than
|
||||
// having a copy of its script file we figure out the URI of the script on the
|
||||
// https server and load it here.
|
||||
let script = document.createElement("script");
|
||||
script.setAttribute("src", https_dir + "basic-popup-and-iframe-tests.https.js");
|
||||
document.head.appendChild(script);
|
||||
|
||||
</script>
|
||||
</head>
|
||||
<body onload="begin();">
|
||||
</body>
|
||||
</html>
|
||||
|
@ -1,16 +0,0 @@
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Test Window.isSecureContext for HTTPS creator</title>
|
||||
<meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
|
||||
<meta name="author" title="Jonathan Watt" href="https://jwatt.org/">
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script src="server-locations.sub.js"></script>
|
||||
<script src="basic-popup-and-iframe-tests.https.js"></script>
|
||||
</head>
|
||||
<body onload="begin();">
|
||||
</body>
|
||||
</html>
|
||||
|
@ -1,279 +0,0 @@
|
||||
|
||||
/**
|
||||
* This test checks the Secure Context state of documents for various
|
||||
* permutations of document URI types and loading methods.
|
||||
*
|
||||
* The hierarchy that is tested is:
|
||||
*
|
||||
* creator-doc > createe-doc
|
||||
*
|
||||
* The creator-doc is one of:
|
||||
*
|
||||
* http:
|
||||
* https:
|
||||
*
|
||||
* The createe-doc is loaded as either a:
|
||||
*
|
||||
* popup
|
||||
* iframe
|
||||
* sandboxed-iframe
|
||||
*
|
||||
* into which we load and test:
|
||||
*
|
||||
* http:
|
||||
* https:
|
||||
* blob:
|
||||
* javascript:
|
||||
* about:blank
|
||||
* initial about:blank
|
||||
* srcdoc
|
||||
*
|
||||
* TODO once web-platform-tests supports it:
|
||||
* - test http://localhost
|
||||
* - test file:
|
||||
*
|
||||
* TODO once https://github.com/w3c/webappsec-secure-contexts/issues/26 is resolved
|
||||
* - test data:
|
||||
*/
|
||||
|
||||
|
||||
setup({explicit_done:true});
|
||||
|
||||
|
||||
const host_and_dirname = location.host +
|
||||
location.pathname.substr(0, location.pathname.lastIndexOf("/") + 1);
|
||||
|
||||
|
||||
// Flags to indicate where document types should be loaded for testing:
|
||||
const eLoadInPopup = (1 << 0);
|
||||
const eLoadInUnsandboxedIframe = (1 << 1);
|
||||
const eLoadInSandboxedIframe = (1 << 2);
|
||||
const eLoadInEverything = eLoadInPopup | eLoadInUnsandboxedIframe | eLoadInSandboxedIframe;
|
||||
|
||||
// Flags indicating if a document type is expected to be a Secure Context:
|
||||
const eSecureNo = 1;
|
||||
const eSecureIfCreatorSecure = 2;
|
||||
|
||||
// Flags indicating how the result of a test is obtained:
|
||||
const eResultFromPostMessage = 1;
|
||||
const eResultFromExaminationOnLoad = 2;
|
||||
const eResultFromExaminationSync = 3;
|
||||
|
||||
|
||||
const loadTypes = [
|
||||
new LoadType("an http: URI",
|
||||
eLoadInEverything,
|
||||
http_dir + "postMessage-helper.html",
|
||||
eSecureNo,
|
||||
eResultFromPostMessage),
|
||||
new LoadType("an https: URI",
|
||||
eLoadInEverything,
|
||||
https_dir + "postMessage-helper.https.html",
|
||||
eSecureIfCreatorSecure,
|
||||
eResultFromPostMessage),
|
||||
new LoadType("a blob: URI",
|
||||
eLoadInEverything,
|
||||
URL.createObjectURL(new Blob(["<script>(opener||parent).postMessage(isSecureContext, '*')</script>"])),
|
||||
eSecureIfCreatorSecure,
|
||||
eResultFromPostMessage),
|
||||
new LoadType("a srcdoc",
|
||||
// popup not relevant:
|
||||
eLoadInUnsandboxedIframe | eLoadInSandboxedIframe,
|
||||
"<script>(opener||parent).postMessage(isSecureContext, '*')</script>",
|
||||
eSecureIfCreatorSecure,
|
||||
eResultFromPostMessage),
|
||||
new LoadType("a javascript: URI",
|
||||
// can't load in sandbox:
|
||||
eLoadInUnsandboxedIframe | eLoadInPopup,
|
||||
"javascript:(opener||parent).postMessage(isSecureContext, '*')",
|
||||
eSecureIfCreatorSecure,
|
||||
eResultFromPostMessage),
|
||||
new LoadType("about:blank",
|
||||
// can't obtain state if sandboxed:
|
||||
eLoadInUnsandboxedIframe | eLoadInPopup,
|
||||
"about:blank",
|
||||
eSecureIfCreatorSecure,
|
||||
eResultFromExaminationOnLoad),
|
||||
new LoadType("initial about:blank",
|
||||
// can't obtain state if sandboxed:
|
||||
eLoadInUnsandboxedIframe | eLoadInPopup,
|
||||
"about:blank", // we don't wait for this to load, so whatever
|
||||
eSecureIfCreatorSecure,
|
||||
eResultFromExaminationSync),
|
||||
];
|
||||
|
||||
const loadTargets = [
|
||||
new LoadTarget("an iframe", eLoadInUnsandboxedIframe),
|
||||
new LoadTarget("a sandboxed iframe", eLoadInSandboxedIframe),
|
||||
new LoadTarget("a popup", eLoadInPopup),
|
||||
];
|
||||
|
||||
|
||||
function LoadType(description, loadInFlags, uri, expectedSecureFlag, resultFrom) {
|
||||
this.desc = description;
|
||||
this.loadInFlags = loadInFlags;
|
||||
this.uri = uri;
|
||||
this.expectedSecureFlag = expectedSecureFlag;
|
||||
this.resultFrom = resultFrom;
|
||||
}
|
||||
|
||||
|
||||
function LoadTarget(description, loadInFlag) {
|
||||
this.desc = description;
|
||||
this.loadInFlag = loadInFlag;
|
||||
}
|
||||
|
||||
LoadTarget.prototype.open = function(loadType) {
|
||||
let loadTarget = this;
|
||||
this.currentTest.step(function() {
|
||||
assert_true((loadTarget.loadInFlag & loadType.loadInFlags) != 0,
|
||||
loadType.desc + " cannot be tested in " + loadTarget.desc);
|
||||
});
|
||||
if (this.loadInFlag == eLoadInUnsandboxedIframe) {
|
||||
let iframe = document.createElement("iframe");
|
||||
document.body.appendChild(iframe);
|
||||
iframe[loadType.desc == "a srcdoc" ? "srcdoc" : "src"] = loadType.uri;
|
||||
return iframe;
|
||||
}
|
||||
if (this.loadInFlag == eLoadInSandboxedIframe) {
|
||||
let iframe = document.body.appendChild(document.createElement("iframe"));
|
||||
iframe.setAttribute("sandbox", "allow-scripts");
|
||||
iframe[loadType.desc == "a srcdoc" ? "srcdoc" : "src"] = loadType.uri;
|
||||
return iframe;
|
||||
}
|
||||
if (this.loadInFlag == eLoadInPopup) {
|
||||
return window.open(loadType.uri);
|
||||
}
|
||||
this.currentTest.step(function() {
|
||||
assert_unreached("Unknown load type flag: " + loadInFlags);
|
||||
});
|
||||
return null;
|
||||
}
|
||||
|
||||
LoadTarget.prototype.close = function(domTarget) {
|
||||
if (this.loadInFlag == eLoadInUnsandboxedIframe ||
|
||||
this.loadInFlag == eLoadInSandboxedIframe) {
|
||||
domTarget.remove();
|
||||
return;
|
||||
}
|
||||
if (this.loadInFlag == eLoadInPopup) {
|
||||
domTarget.close();
|
||||
return;
|
||||
}
|
||||
this.currentTest.step(function() {
|
||||
assert_unreached("Unknown load type flag: " + loadInFlags);
|
||||
});
|
||||
}
|
||||
|
||||
LoadTarget.prototype.load_and_get_result_for = function(loadType) {
|
||||
if (!(loadType.loadInFlags & this.loadInFlag)) {
|
||||
return Promise.reject("not applicable");
|
||||
}
|
||||
if (!(this.loadInFlag & eLoadInPopup) &&
|
||||
location.protocol == "https:" &&
|
||||
loadType.uri.substr(0,5) == "http:") {
|
||||
// Mixed content blocker will prevent this load
|
||||
return Promise.reject("not applicable");
|
||||
}
|
||||
this.currentTest = async_test("Test Window.isSecureContext in " + this.desc +
|
||||
" loading " + loadType.desc)
|
||||
if (loadType.resultFrom == eResultFromExaminationSync) {
|
||||
let domTarget = this.open(loadType);
|
||||
let result = domTarget instanceof Window ?
|
||||
domTarget.isSecureContext : domTarget.contentWindow.isSecureContext;
|
||||
this.close(domTarget);
|
||||
return Promise.resolve(result);
|
||||
}
|
||||
let target = this;
|
||||
if (loadType.resultFrom == eResultFromExaminationOnLoad) {
|
||||
return new Promise(function(resolve, reject) {
|
||||
function handleLoad(event) {
|
||||
let result = domTarget instanceof Window ?
|
||||
domTarget.isSecureContext : domTarget.contentWindow.isSecureContext;
|
||||
domTarget.removeEventListener("load", handleLoad);
|
||||
target.close(domTarget);
|
||||
resolve(result);
|
||||
}
|
||||
let domTarget = target.open(loadType);
|
||||
domTarget.addEventListener("load", handleLoad, false);
|
||||
});
|
||||
}
|
||||
if (loadType.resultFrom == eResultFromPostMessage) {
|
||||
return new Promise(function(resolve, reject) {
|
||||
function handleMessage(event) {
|
||||
window.removeEventListener("message", handleMessage);
|
||||
target.close(domTarget);
|
||||
resolve(event.data);
|
||||
}
|
||||
window.addEventListener("message", handleMessage, false);
|
||||
let domTarget = target.open(loadType);
|
||||
});
|
||||
}
|
||||
return Promise.reject("unexpected 'result from' type");
|
||||
}
|
||||
|
||||
|
||||
let current_type_index = -1;
|
||||
let current_target_index = 0;
|
||||
|
||||
function run_next_test() {
|
||||
current_type_index++;
|
||||
if (current_type_index >= loadTypes.length) {
|
||||
current_type_index = 0;
|
||||
current_target_index++;
|
||||
if (current_target_index >= loadTargets.length) {
|
||||
done();
|
||||
return; // all test permutations complete
|
||||
}
|
||||
}
|
||||
let loadTarget = loadTargets[current_target_index];
|
||||
let loadType = loadTypes[current_type_index];
|
||||
loadTarget.load_and_get_result_for(loadType).then(
|
||||
function(value) {
|
||||
run_next_test_soon();
|
||||
loadTarget.currentTest.step(function() {
|
||||
if (loadType.expectedSecureFlag == eSecureNo) {
|
||||
assert_false(value, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context");
|
||||
} else if (loadType.expectedSecureFlag == eSecureIfCreatorSecure) {
|
||||
if (!window.isSecureContext) {
|
||||
assert_false(value, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context when its creator is not a Secure Context.");
|
||||
} else {
|
||||
assert_true(value, loadType.desc + " in " + loadTarget.desc + " should create a Secure Context when its creator is a Secure Context");
|
||||
}
|
||||
} else {
|
||||
assert_unreached(loadType.desc + " - unknown expected secure flag: " + expectedSecureFlag);
|
||||
}
|
||||
loadTarget.currentTest.done();
|
||||
});
|
||||
},
|
||||
function(failReason) {
|
||||
run_next_test_soon();
|
||||
if (failReason == "not applicable") {
|
||||
return;
|
||||
}
|
||||
loadTarget.currentTest.step(function() {
|
||||
assert_unreached(loadType.desc + " - got unexpected rejected promise");
|
||||
});
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
function run_next_test_soon() {
|
||||
setTimeout(run_next_test, 0);
|
||||
}
|
||||
|
||||
function begin() {
|
||||
test(function() {
|
||||
if (location.protocol == "http:") {
|
||||
assert_false(isSecureContext,
|
||||
"http: creator should not be a Secure Context");
|
||||
} else if (location.protocol == "https:") {
|
||||
assert_true(isSecureContext,
|
||||
"https: creator should be a Secure Context");
|
||||
} else {
|
||||
assert_unreached("Unknown location.protocol");
|
||||
}
|
||||
});
|
||||
run_next_test();
|
||||
}
|
||||
|
@ -1 +0,0 @@
|
||||
<script>(opener||parent).postMessage(isSecureContext, '*')</script>
|
@ -1 +0,0 @@
|
||||
<script>(opener||parent).postMessage(isSecureContext, '*')</script>
|
@ -1,6 +0,0 @@
|
||||
var https_dir = "https://{{location[hostname]}}:{{ports[https][0]}}{{location[path]}}";
|
||||
https_dir = https_dir.substr(0, https_dir.lastIndexOf("/") + 1);
|
||||
|
||||
var http_dir = "http://{{location[hostname]}}:{{ports[http][0]}}{{location[path]}}";
|
||||
http_dir = http_dir.substr(0, http_dir.lastIndexOf("/") + 1);
|
||||
|
Loading…
Reference in New Issue
Block a user