tor-browser

test_registerHandler.html (4087B)

---

<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=402788
-->
<head>
 <title>Test for Bug 402788</title>
 <script src="/tests/SimpleTest/SimpleTest.js"></script>
 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=402788">Mozilla Bug 402788</a>
<p id="display"></p>
<div id="content" style="display: none">

</div>
<pre id="test">
<script class="testbody" type="text/javascript">

/** Test for Bug 402788 */
 SimpleTest.waitForExplicitFinish();

 // return false if an exception has been catched, true otherwise
 function testRegisterHandler(aIsProtocol, aTxt, aUri, aTitle) {
   try {
     navigator.registerProtocolHandler(aTxt, aUri, aTitle);
   } catch (e) {
     return false;
   }

   return true;
 }

 // helper function to build URLs since hostname differs
 // based on whether the test is running in a cross-origin  iframe
 function buildUrl(protocol="http", addFormat=true) {
   return `${protocol}://${window.location.hostname}:${window.location.port}${addFormat ? "/%s" : "/"}`;
 }

 async function tests() {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["dom.registerProtocolHandler.insecure.enabled", true],
     ],
   });

   // testing a generic case
   is(testRegisterHandler(true, "web+foo", buildUrl(), "Foo handler"), true, "registering a web+foo protocol handler should work");

   // testing with wrong uris
   is(testRegisterHandler(true, "web+foo", buildUrl("http", false), "Foo handler"), false, "a protocol handler uri should contain %s");

   // the spec explicitly allows relative urls to be passed
   is(testRegisterHandler(true, "web+foo", "foo/%s", "Foo handler"), true, "a protocol handler uri should be valid");

   // we should only accept to register when the handler has the same host as the current page (bug 402287)
   is(testRegisterHandler(true, "fweb+oo", "http://remotehost:8888/%s", "Foo handler"), false, "registering a web+foo protocol handler with a different host should not work");

   // restriction to http(s) for the uri of the handler (bug 401343)
   // http is already tested in the generic case
   // ftp should not work
   is(testRegisterHandler(true, "web+foo", buildUrl("ftp"), "Foo handler"), false, "registering a web+foo protocol handler with ftp scheme should not work");
   // chrome should not work
   is(testRegisterHandler(true, "web+foo", buildUrl("chrome"), "Foo handler"), false, "registering a web+foo protocol handler with chrome scheme should not work");
   // foo should not work
   is(testRegisterHandler(true, "web+foo", buildUrl("foo"), "Foo handler"), false, "registering a web+foo protocol handler with foo scheme should not work");

   // for security reasons, protocol handlers should never be registered for some schemes (chrome, vbscript, ...) (bug 402788)
   is(testRegisterHandler(true, "chrome", buildUrl(), "chrome handler"), false, "registering a chrome protocol handler should not work");
   is(testRegisterHandler(true, "vbscript", buildUrl(), "vbscript handler"), false, "registering a vbscript protocol handler should not work");
   is(testRegisterHandler(true, "javascript", buildUrl(), "javascript handler"), false, "registering a javascript protocol handler should not work");
   is(testRegisterHandler(true, "moz-icon", buildUrl(), "moz-icon handler"), false, "registering a moz-icon protocol handler should not work");

   // registering anything not on the list of safe schemes and unprefixed by web+ shouldn't work
   is(testRegisterHandler(true, "foo", buildUrl(), "chrome handler"), false, "registering a foo protocol handler should not work");
   is(testRegisterHandler(true, "web+", buildUrl(), "chrome handler"), false, "registering a 'web+' protocol handler should not work");
   is(testRegisterHandler(true, "web+1", buildUrl(), "chrome handler"), false, "registering a 'web+1' protocol handler should not work");


   SimpleTest.finish();
 }

 tests();

</script>
</pre>
</body>
</html>