mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-01-26 23:23:33 +00:00
82 lines
2.1 KiB
HTML
82 lines
2.1 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Bug 1224225 - CSP source matching should work for punycoded domain names</title>
|
|
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
|
|
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
<iframe style="width:100%;" id="testframe"></iframe>
|
|
|
|
<script class="testbody" type="text/javascript">
|
|
|
|
/* Description of the test:
|
|
* We load scripts within an iframe and make sure that the
|
|
* CSP matching is same for punycode domain names as well as IDNA.
|
|
*/
|
|
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
|
|
var curTest;
|
|
var counter = -1;
|
|
|
|
const tests = [
|
|
{ // test 1
|
|
description: "loads script as sub2.ält.example.org, but allowlist in CSP as sub2.xn--lt-uia.example.org",
|
|
action: "script-unicode-csp-punycode",
|
|
csp: "script-src http://sub2.xn--lt-uia.example.org;",
|
|
expected: "script-allowed",
|
|
|
|
},
|
|
{ // test 2
|
|
description: "loads script as sub2.xn--lt-uia.example.org, and allowlist in CSP as sub2.xn--lt-uia.example.org",
|
|
action: "script-punycode-csp-punycode",
|
|
csp: "script-src http://sub2.xn--lt-uia.example.org;",
|
|
expected: "script-allowed",
|
|
|
|
},
|
|
{ // test 3
|
|
description: "loads script as sub2.xn--lt-uia.example.org, and allowlist in CSP as sub2.xn--lt-uia.example.org",
|
|
action: "script-punycode-csp-punycode",
|
|
csp: "script-src *.xn--lt-uia.example.org;",
|
|
expected: "script-allowed",
|
|
|
|
},
|
|
|
|
];
|
|
|
|
function finishTest() {
|
|
window.removeEventListener("message", receiveMessage);
|
|
SimpleTest.finish();
|
|
}
|
|
|
|
function checkResults(result) {
|
|
is(result, curTest.expected, curTest.description);
|
|
loadNextTest();
|
|
}
|
|
|
|
window.addEventListener("message", receiveMessage);
|
|
function receiveMessage(event) {
|
|
checkResults(event.data.result);
|
|
}
|
|
|
|
function loadNextTest() {
|
|
counter++;
|
|
if (counter == tests.length) {
|
|
finishTest();
|
|
return;
|
|
}
|
|
curTest = tests[counter];
|
|
var testframe = document.getElementById("testframe");
|
|
testframe.src = `file_punycode_host_src.sjs?action=${curTest.action}&csp=${curTest.csp}`;
|
|
}
|
|
|
|
loadNextTest();
|
|
|
|
</script>
|
|
</body>
|
|
</html>
|