Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-01-26 23:23:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
gecko-dev/dom/security/test/csp/test_bug910139.html
Brian Grinstead 0d460e3432 Bug 1544322 - Part 2.2 - Remove the [type] attribute for one-liner <script> tags loading files in /tests/SimpleTest/ in dom/ r=bzbarsky 
This is split from the previous changeset since if we include dom/ the file size is too
large for phabricator to handle.

This is an autogenerated commit to handle scripts loading mochitest harness files, in
the simple case where the script src is on the same line as the tag.

This was generated with https://bug1544322.bmoattachments.org/attachment.cgi?id=9058170
using the `--part 2` argument.

Differential Revision: https://phabricator.services.mozilla.com/D27457

--HG--
extra : moz-landing-system : lando
2019-04-16 03:53:28 +00:00

67 lines
2.2 KiB
HTML
Raw Blame History

<!DOCTYPE HTML>
<html>
<head>
<title>CSP should block XSLT as script, not as style</title>
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none"></div>
<iframe style="width:100%;" id='xsltframe'></iframe>
<iframe style="width:100%;" id='xsltframe2'></iframe>
<script class="testbody" type="text/javascript">
SimpleTest.waitForExplicitFinish();
// define the expected output of this test
var header = "this xml file should be formatted using an xsl file(lower iframe should contain xml dump)!";
function checkAllowed () {
/* The policy for this test is:
* Content-Security-Policy: default-src 'self'; script-src 'self'
*
* we load the xsl file using:
* <?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
*/
try {
var cspframe = document.getElementById('xsltframe');
var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML;
is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!");
}
catch (e) {
ok(false, "Error: could not access content in xsltframe!")
}
// continue with the next test
document.getElementById('xsltframe2').addEventListener('load', checkBlocked);
document.getElementById('xsltframe2').src = 'file_bug910139.sjs';
}
function checkBlocked () {
/* The policy for this test is:
* Content-Security-Policy: default-src 'self'; script-src *.example.com
*
* we load the xsl file using:
* <?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
*/
try {
var cspframe = document.getElementById('xsltframe2');
var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader');
is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!");
}
catch (e) {
ok(false, "Error: could not access content in xsltframe2!")
}
SimpleTest.finish();
}
document.getElementById('xsltframe').addEventListener('load', checkAllowed);
document.getElementById('xsltframe').src = 'file_bug910139.sjs';
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink