test_viewsource_forbidden_in_iframe.xhtml (5742B)
1 <?xml version="1.0"?> 2 <?xml-stylesheet type="text/css" href="chrome://global/skin/global.css"?> 3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?> 4 <!-- 5 https://bugzilla.mozilla.org/show_bug.cgi?id=624883 6 --> 7 <window title="Mozilla Bug 624883" 8 xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> 9 <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js" /> 10 11 <!-- test results are displayed in the html:body --> 12 <body xmlns="http://www.w3.org/1999/xhtml"> 13 <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=624883" 14 target="_blank">Mozilla Bug 624883</a> 15 </body> 16 17 <!-- test code goes here --> 18 <iframe type="content" onload="startTest()" src="file_viewsource_forbidden_in_iframe.html"></iframe> 19 20 <script type="application/javascript"> 21 <![CDATA[ 22 23 SimpleTest.waitForExplicitFinish(); 24 25 // We create a promise that will resolve with the error message 26 // on a network error page load and reject on any other load. 27 function createNetworkErrorMessagePromise(frame) { 28 return new Promise(function(resolve, reject) { 29 30 // Error pages do not fire "load" events, so use a progressListener. 31 var originalDocumentURI = frame.contentDocument.documentURI; 32 var progressListener = { 33 onLocationChange(aWebProgress, aRequest, aLocation, aFlags) { 34 // Make sure nothing other than an error page is loaded. 35 if (!(aFlags & Ci.nsIWebProgressListener.LOCATION_CHANGE_ERROR_PAGE)) { 36 reject("location change was not to an error page"); 37 } 38 }, 39 40 onStateChange(aWebProgress) { 41 // Wait until the documentURI changes (from about:blank) this should 42 // be the error page URI. 43 var documentURI = frame.contentDocument.documentURI; 44 if (documentURI == originalDocumentURI) { 45 return; 46 } 47 48 aWebProgress.removeProgressListener(progressListener, 49 Ci.nsIWebProgress.NOTIFY_ALL); 50 var matchArray = /about:neterror\?.*&d=([^&]*)/.exec(documentURI); 51 if (!matchArray) { 52 reject("no network error message found in URI") 53 return; 54 } 55 56 var errorMsg = matchArray[1]; 57 resolve(decodeURIComponent(errorMsg)); 58 }, 59 60 QueryInterface: ChromeUtils.generateQI(["nsIWebProgressListener", 61 "nsISupportsWeakReference"]) 62 }; 63 64 frame.contentWindow.docShell 65 .QueryInterface(Ci.nsIInterfaceRequestor) 66 .getInterface(Ci.nsIWebProgress) 67 .addProgressListener(progressListener, 68 Ci.nsIWebProgress.NOTIFY_LOCATION | 69 Ci.nsIWebProgress.NOTIFY_STATE_REQUEST); 70 }); 71 } 72 73 function startTest() { 74 // Get a reference message that we know will be an unknown protocol message, 75 // so we can use it for comparisons in the test cases. 76 var refIframe = window[0].document.getElementById("refIframe"); 77 var refErrorPromise = createNetworkErrorMessagePromise(refIframe); 78 79 refErrorPromise.then( 80 function(msg) { 81 window.refErrorMsg = msg; 82 var testIframe = window[0].document.getElementById("testIframe"); 83 84 // Run test cases on load of "about:blank", so that the URI always changes 85 // and we can detect this in our Promise. 86 testIframe.onload = runNextTestCase; 87 testIframe.src = "about:blank"; 88 }, 89 function(reason) { 90 ok(false, "Could not get reference error message", reason); 91 SimpleTest.finish(); 92 }) 93 .catch(function(e) { 94 ok(false, "Unexpected exception thrown getting reference error message", e); 95 }); 96 97 refIframe.src = "wibble://example.com"; 98 } 99 100 function runTestCase(testCase) { 101 var testIframe = window[0].document.getElementById("testIframe"); 102 var expectedErrorMsg = window.refErrorMsg.replace("wibble", testCase.expectedProtocolList); 103 104 var testErrorPromise = createNetworkErrorMessagePromise(testIframe); 105 testErrorPromise.then( 106 function(actualErrorMsg) { 107 is(actualErrorMsg, expectedErrorMsg, testCase.desc); 108 testIframe.src = "about:blank"; 109 }, 110 function(reason) { 111 ok(false, testCase.desc, reason); 112 testIframe.src = "about:blank"; 113 }) 114 .catch(function(e) { 115 ok(false, testCase.desc + " - unexpected exception thrown", e); 116 }); 117 118 testIframe.src = testCase.protocols + "://example.com/!/"; 119 } 120 121 var testCaseIndex = -1; 122 let testCases = [ 123 { 124 desc: "Test 1: view-source should not be allowed in an iframe", 125 protocols: "view-source:http", 126 expectedProtocolList: "view-source, http" 127 }, 128 { 129 desc: "Test 2: jar:view-source should not be allowed in an iframe", 130 protocols: "jar:view-source:http", 131 expectedProtocolList: "jar, view-source, http" 132 }, 133 { 134 desc: "Test 3: if invalid protocol first should report before view-source", 135 protocols: "wibble:view-source:http", 136 // Nothing after the invalid protocol gets set as a proper nested URI, 137 // so the list stops there. 138 expectedProtocolList: "wibble" 139 }, 140 { 141 desc: "Test 4: if view-source first should report before invalid protocol", 142 protocols: "view-source:wibble:http", 143 expectedProtocolList: "view-source, wibble" 144 } 145 ]; 146 147 function runNextTestCase() { 148 ++testCaseIndex; 149 if (testCaseIndex == testCases.length) { 150 SimpleTest.finish(); 151 return; 152 } 153 154 runTestCase(testCases[testCaseIndex]); 155 } 156 157 ]]> 158 </script> 159 </window>