mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-15 22:35:43 +00:00
bug 515443 missing test files
This commit is contained in:
parent
a22f056955
commit
e84d96e645
30
content/base/test/file_CSP_evalscript.sjs
Normal file
30
content/base/test/file_CSP_evalscript.sjs
Normal file
@ -0,0 +1,30 @@
|
||||
// SJS file for CSP eval script mochitests
|
||||
|
||||
function handleRequest(request, response)
|
||||
{
|
||||
var query = {};
|
||||
request.queryString.split('&').forEach(function (val) {
|
||||
var [name, value] = val.split('=');
|
||||
query[name] = unescape(value);
|
||||
});
|
||||
|
||||
//avoid confusing cache behaviors
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
|
||||
if ("main" in query) {
|
||||
var xhr = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
|
||||
.createInstance(Components.interfaces.nsIXMLHttpRequest);
|
||||
//serve the main page with a CSP header!
|
||||
// -- anything served from 'self' (localhost:8888) will be allowed,
|
||||
// -- anything served from other hosts (example.com:80) will be blocked.
|
||||
// -- XHR tests are set up in the file_CSP_main.js file which is sourced.
|
||||
response.setHeader("X-Content-Security-Policy",
|
||||
"allow 'self'",
|
||||
false);
|
||||
xhr.open("GET", "http://localhost:8888/tests/content/base/test/file_CSP_evalscript_main.html", false);
|
||||
xhr.send(null);
|
||||
if(xhr.status == 200) {
|
||||
response.write(xhr.responseText);
|
||||
}
|
||||
}
|
||||
}
|
12
content/base/test/file_CSP_evalscript_main.html
Normal file
12
content/base/test/file_CSP_evalscript_main.html
Normal file
@ -0,0 +1,12 @@
|
||||
<html>
|
||||
<head>
|
||||
<title>CSP eval script tests</title>
|
||||
<script type="application/javascript"
|
||||
src="file_CSP_evalscript_main.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
Foo.
|
||||
|
||||
</body>
|
||||
</html>
|
112
content/base/test/file_CSP_evalscript_main.js
Normal file
112
content/base/test/file_CSP_evalscript_main.js
Normal file
@ -0,0 +1,112 @@
|
||||
// some javascript for the CSP eval() tests
|
||||
|
||||
function logResult(str, passed) {
|
||||
var elt = document.createElement('div');
|
||||
var color = passed ? "#cfc;" : "#fcc";
|
||||
elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
|
||||
elt.innerHTML = str;
|
||||
document.body.appendChild(elt);
|
||||
}
|
||||
|
||||
|
||||
// callback for when stuff is allowed by CSP
|
||||
var onevalexecuted = (function(window) {
|
||||
return function(shouldrun, what, data) {
|
||||
window.parent.scriptRan(shouldrun, what, data);
|
||||
logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
|
||||
};})(window);
|
||||
|
||||
// callback for when stuff is blocked
|
||||
var onevalblocked = (function(window) {
|
||||
return function(shouldrun, what, data) {
|
||||
window.parent.scriptBlocked(shouldrun, what, data);
|
||||
logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
|
||||
};})(window);
|
||||
|
||||
|
||||
// Defer until document is loaded so that we can write the pretty result boxes
|
||||
// out.
|
||||
addEventListener('load', function() {
|
||||
|
||||
// setTimeout(String) test -- should pass
|
||||
try {
|
||||
setTimeout('onevalexecuted(false, "setTimeout(String)", "setTimeout with a string was enabled.");', 10);
|
||||
} catch (e) {
|
||||
onevalblocked(false, "setTimeout(String)",
|
||||
"setTimeout with a string was blocked");
|
||||
}
|
||||
|
||||
// setTimeout(function) test -- should pass
|
||||
try {
|
||||
setTimeout(function() {
|
||||
onevalexecuted(true, "setTimeout(function)",
|
||||
"setTimeout with a function was enabled.")
|
||||
}, 10);
|
||||
} catch (e) {
|
||||
onevalblocked(true, "setTimeout(function)",
|
||||
"setTimeout with a function was blocked");
|
||||
}
|
||||
|
||||
// eval() test
|
||||
try {
|
||||
eval('onevalexecuted(false, "eval(String)", "eval() was enabled.");');
|
||||
} catch (e) {
|
||||
onevalblocked(false, "eval(String)",
|
||||
"eval() was blocked");
|
||||
}
|
||||
|
||||
// eval(foo,bar) test
|
||||
try {
|
||||
eval('onevalexecuted(false, "eval(String,scope)", "eval() was enabled.");',1);
|
||||
} catch (e) {
|
||||
onevalblocked(false, "eval(String,object)",
|
||||
"eval() with scope was blocked");
|
||||
}
|
||||
|
||||
// [foo,bar].sort(eval) test
|
||||
try {
|
||||
['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval);
|
||||
} catch (e) {
|
||||
onevalblocked(false, "[String, obj].sort(eval)",
|
||||
"eval() with scope via sort was blocked");
|
||||
}
|
||||
|
||||
// [].sort.call([foo,bar], eval) test
|
||||
try {
|
||||
[].sort.call(['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval);
|
||||
} catch (e) {
|
||||
onevalblocked(false, "[].sort.call([String, obj], eval)",
|
||||
"eval() with scope via sort/call was blocked");
|
||||
}
|
||||
|
||||
// new Function() test
|
||||
try {
|
||||
var fcn = new Function('onevalexecuted(false, "new Function(String)", "new Function(String) was enabled.");');
|
||||
fcn();
|
||||
} catch (e) {
|
||||
onevalblocked(false, "new Function(String)",
|
||||
"new Function(String) was blocked.");
|
||||
}
|
||||
|
||||
// setTimeout(eval, 0, str)
|
||||
{
|
||||
// error is not catchable here, instead, we're going to side-effect
|
||||
// 'worked'.
|
||||
var worked = false;
|
||||
|
||||
setTimeout(eval, 0, 'worked = true');
|
||||
setTimeout(function(worked) {
|
||||
if (worked) {
|
||||
onevalexecuted(false, "setTimeout(eval, 0, str)",
|
||||
"setTimeout(eval, 0, string) was enabled.");
|
||||
} else {
|
||||
onevalblocked(false, "setTimeout(eval, 0, str)",
|
||||
"setTimeout(eval, 0, str) was blocked.");
|
||||
}
|
||||
}, 0, worked);
|
||||
}
|
||||
|
||||
}, false);
|
||||
|
||||
|
||||
|
62
content/base/test/test_CSP_evalscript.html
Normal file
62
content/base/test/test_CSP_evalscript.html
Normal file
@ -0,0 +1,62 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Test for Content Security Policy "no eval" base restriction</title>
|
||||
<script type="text/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<p id="display"></p>
|
||||
<div id="content" style="display: none">
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
<iframe style="width:100%;height:300px;" id='cspframe'></iframe>
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
var path = "/tests/content/base/test/";
|
||||
|
||||
var evalScriptsThatRan = 0;
|
||||
var evalScriptsBlocked = 0;
|
||||
var evalScriptsTotal = 8;
|
||||
|
||||
|
||||
// called by scripts that run
|
||||
var scriptRan = function(shouldrun, testname, data) {
|
||||
evalScriptsThatRan++;
|
||||
ok(shouldrun, 'EVAL SCRIPT RAN: ' + testname + '(' + data + ')');
|
||||
checkTestResults();
|
||||
}
|
||||
|
||||
// called when a script is blocked
|
||||
var scriptBlocked = function(shouldrun, testname, data) {
|
||||
evalScriptsBlocked++;
|
||||
ok(!shouldrun, 'EVAL SCRIPT BLOCKED: ' + testname + '(' + data + ')');
|
||||
checkTestResults();
|
||||
}
|
||||
|
||||
|
||||
// Check to see if all the tests have run
|
||||
var checkTestResults = function() {
|
||||
// if any test is incomplete, keep waiting
|
||||
if (evalScriptsTotal - evalScriptsBlocked - evalScriptsThatRan > 0)
|
||||
return;
|
||||
|
||||
// ... otherwise, finish
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
// set up and go
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
// save this for last so that our listeners are registered.
|
||||
// ... this loads the testbed of good and bad requests.
|
||||
document.getElementById('cspframe').src = 'file_CSP_evalscript.sjs?main';
|
||||
|
||||
</script>
|
||||
</pre>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user