test_bug704320_policyset.html (3736B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 This checks if the right policies are applied from a given string (including whitespace, invalid policy strings, etc). It doesn't do a complete check for all load types; that's done in another test. 5 https://bugzilla.mozilla.org/show_bug.cgi?id=704320 6 --> 7 8 <head> 9 <meta charset="utf-8"> 10 <title>Test policies for Bug 704320</title> 11 <script src="/tests/SimpleTest/SimpleTest.js"></script> 12 <script type="application/javascript" src="referrerHelper.js"></script> 13 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 14 15 <script type="application/javascript"> 16 17 SimpleTest.waitForExplicitFinish(); 18 var advance = function() { tests.next(); }; 19 20 /** 21 * This is the main test routine -- serialized by use of a generator. 22 * It resets the counter, then performs two tests in sequence using 23 * the same iframe. 24 */ 25 var tests = (function*() { 26 var iframe = document.getElementById("testframe"); 27 const sjs = "/tests/dom/base/test/bug704320.sjs?action=generate-policy-test"; 28 29 30 // basic calibration check 31 // reset the counter 32 yield resetCounter(); 33 34 // load the first test frame 35 // it will call back into this function via postMessage when it finishes loading. 36 // and continue beyond the yield. 37 yield iframe.src = sjs + "&policy=" + escape('default'); 38 39 // check the first test (two images, no referrers) 40 yield checkIndividualResults("default", ["full"]); 41 42 // check invalid policy 43 // According to the spec section Determine token's Policy,if there is a policy 44 // token and it is not one of the expected tokens, Empty string should be the 45 // policy used. 46 yield resetCounter(); 47 yield iframe.src = sjs + "&policy=" + escape('invalid-policy'); 48 yield checkIndividualResults("invalid", ["full"]); 49 50 // whitespace checks. 51 // according to the spec section 4.1, the content attribute's value 52 // is fed to the token policy algorithm after stripping leading and 53 // trailing whitespace. 54 yield resetCounter(); 55 yield iframe.src = sjs + "&policy=" + escape('default '); 56 yield checkIndividualResults("trailing whitespace", ["full"]); 57 58 yield resetCounter(); 59 yield iframe.src = sjs + "&policy=" + escape(' origin\f'); 60 yield checkIndividualResults("trailing form feed", ["origin"]); 61 62 yield resetCounter(); 63 yield iframe.src = sjs + "&policy=" + escape('\f origin'); 64 yield checkIndividualResults("leading form feed", ["origin"]); 65 66 // origin when cross-origin (trimming whitespace) 67 yield resetCounter(); 68 yield iframe.src = sjs + "&policy=" + escape(' origin-when-cross-origin'); 69 yield checkIndividualResults("origin-when-cross-origin", ["origin", "full"]); 70 71 // according to the spec section 4.1: 72 // "If the meta element lacks a content attribute, or if that attribute’s 73 // value is the empty string, then abort these steps." 74 // This means empty or missing content attribute means to ignore the meta 75 // tag and use default policy. 76 // Whitespace here is space, tab, LF, FF and CR. 77 // http://www.w3.org/html/wg/drafts/html/CR/infrastructure.html#space-character 78 yield resetCounter(); 79 yield iframe.src = sjs + "&policy=" + escape(' \t '); 80 yield checkIndividualResults("basic whitespace only policy", ["full"]); 81 82 // and double-check that no-referrer works. 83 yield resetCounter(); 84 yield iframe.src = sjs + "&policy=" + escape('no-referrer'); 85 yield checkIndividualResults("no-referrer", ["none"]); 86 87 // Case insensitive 88 yield resetCounter(); 89 yield iframe.src = sjs + "&policy=" + escape('\f OrigIn'); 90 yield checkIndividualResults("origin case insensitive", ["origin"]); 91 92 // complete. 93 SimpleTest.finish(); 94 })(); 95 96 </script> 97 </head> 98 99 <body onload="tests.next();"> 100 <iframe id="testframe"></iframe> 101 102 </body> 103 </html>