browser_webconsole_ineffective_iframe_sandbox_warning.js (1841B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 // Tests that warnings about ineffective iframe sandboxing are logged to the 5 // web console when necessary (and not otherwise). See Bug 752559. 6 7 "use strict"; 8 9 requestLongerTimeout(2); 10 11 const TEST_PATH = 12 "https://example.com/browser/devtools/client/webconsole/" + "test/browser/"; 13 const TEST_URI_WARNING = `${TEST_PATH}test-ineffective-iframe-sandbox-warning0.html`; 14 const TEST_URI_NOWARNING = [ 15 `${TEST_PATH}test-ineffective-iframe-sandbox-warning1.html`, 16 `${TEST_PATH}test-ineffective-iframe-sandbox-warning2.html`, 17 `${TEST_PATH}test-ineffective-iframe-sandbox-warning3.html`, 18 `${TEST_PATH}test-ineffective-iframe-sandbox-warning4.html`, 19 `${TEST_PATH}test-ineffective-iframe-sandbox-warning5.html`, 20 ]; 21 22 const INEFFECTIVE_IFRAME_SANDBOXING_MSG = 23 "An iframe which has both " + 24 "allow-scripts and allow-same-origin for its sandbox attribute can remove " + 25 "its sandboxing."; 26 const SENTINEL_MSG = "testing ineffective sandboxing message"; 27 28 add_task(async function () { 29 await testWarningMessageVisibility(TEST_URI_WARNING, true); 30 31 for (const testUri of TEST_URI_NOWARNING) { 32 await testWarningMessageVisibility(testUri, false); 33 } 34 }); 35 36 async function testWarningMessageVisibility(uri, visible) { 37 const hud = await openNewTabAndConsole(uri, true); 38 39 const sentinel = SENTINEL_MSG + Date.now(); 40 const onSentinelMessage = waitForMessageByType(hud, sentinel, ".console-api"); 41 42 SpecialPowers.spawn(gBrowser.selectedBrowser, [sentinel], function (msg) { 43 content.console.log(msg); 44 }); 45 await onSentinelMessage; 46 47 const warning = findWarningMessage(hud, INEFFECTIVE_IFRAME_SANDBOXING_MSG); 48 is( 49 !!warning, 50 visible, 51 `The warning message is${visible ? "" : " not"} visible on ${uri}` 52 ); 53 }