tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_mixedContentFromOnunload.js (2732B)

      1 /*
      2 * Any copyright is dedicated to the Public Domain.
      3 * http://creativecommons.org/publicdomain/zero/1.0/
      4 *
      5 * Tests for Bug 947079 - Fix bug in nsSecureBrowserUIImpl that sets the wrong
      6 * security state on a page because of a subresource load that is not on the
      7 * same page.
      8 */
      9 
     10 // We use different domains for each test and for navigation within each test
     11 const HTTP_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
     12  "chrome://mochitests/content",
     13  // eslint-disable-next-line @microsoft/sdl/no-insecure-url
     14  "http://example.com"
     15 );
     16 const HTTPS_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
     17  "chrome://mochitests/content",
     18  "https://test1.example.com"
     19 );
     20 const HTTP_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
     21  "chrome://mochitests/content",
     22  // eslint-disable-next-line @microsoft/sdl/no-insecure-url
     23  "http://example.net"
     24 );
     25 const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
     26  "chrome://mochitests/content",
     27  "https://test2.example.com"
     28 );
     29 
     30 add_task(async function () {
     31  let url = HTTP_TEST_ROOT_1 + "file_mixedContentFromOnunload.html";
     32  await BrowserTestUtils.withNewTab(url, async function (browser) {
     33    await SpecialPowers.pushPrefEnv({
     34      set: [
     35        ["security.mixed_content.block_active_content", true],
     36        ["security.mixed_content.block_display_content", false],
     37        ["security.mixed_content.upgrade_display_content", false],
     38      ],
     39    });
     40    // Navigation from an http page to a https page with no mixed content
     41    // The http page loads an http image on unload
     42    url = HTTPS_TEST_ROOT_1 + "file_mixedContentFromOnunload_test1.html";
     43    BrowserTestUtils.startLoadingURIString(browser, url);
     44    await BrowserTestUtils.browserLoaded(browser);
     45    // check security state.  Since current url is https and doesn't have any
     46    // mixed content resources, we expect it to be secure.
     47    isSecurityState(browser, "secure");
     48    await assertMixedContentBlockingState(browser, {
     49      activeLoaded: false,
     50      activeBlocked: false,
     51      passiveLoaded: false,
     52    });
     53    // Navigation from an http page to a https page that has mixed display content
     54    // The https page loads an http image on unload
     55    url = HTTP_TEST_ROOT_2 + "file_mixedContentFromOnunload.html";
     56    BrowserTestUtils.startLoadingURIString(browser, url);
     57    await BrowserTestUtils.browserLoaded(browser);
     58    url = HTTPS_TEST_ROOT_2 + "file_mixedContentFromOnunload_test2.html";
     59    BrowserTestUtils.startLoadingURIString(browser, url);
     60    await BrowserTestUtils.browserLoaded(browser);
     61    isSecurityState(browser, "broken");
     62    await assertMixedContentBlockingState(browser, {
     63      activeLoaded: false,
     64      activeBlocked: false,
     65      passiveLoaded: true,
     66    });
     67  });
     68 });