test_link_stylesheet.html (8565B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Test link policy attribute for Bug 1264165</title> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 8 9 <!-- 10 Testing that link referrer attributes are honoured correctly 11 https://bugzilla.mozilla.org/show_bug.cgi?id=1264165 12 --> 13 14 <script type="application/javascript"> 15 16 const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?"; 17 const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "REL", "SCHEME_FROM", "SCHEME_TO"]; 18 19 const testCases = [ 20 {ACTION: ["generate-link-policy-test"], 21 TESTS: [ 22 {ATTRIBUTE_POLICY: 'unsafe-url', 23 NAME: 'stylesheet-unsafe-url-with-origin-in-meta', 24 META_POLICY: 'origin', 25 REL: 'stylesheet', 26 DESC: "stylesheet-unsafe-url with origin in meta", 27 RESULT: 'full'}, 28 {ATTRIBUTE_POLICY: 'origin', 29 NAME: 'stylesheet-origin-with-unsafe-url-in-meta', 30 META_POLICY: 'unsafe-url', 31 REL: 'stylesheet', 32 DESC: "stylesheet-origin with unsafe-url in meta", 33 RESULT: 'origin'}, 34 {ATTRIBUTE_POLICY: 'no-referrer', 35 NAME: 'stylesheet-no-referrer-with-origin-in-meta', 36 META_POLICY: 'origin', 37 REL: 'stylesheet', 38 DESC: "stylesheet-no-referrer with origin in meta", 39 RESULT: 'none'}, 40 {ATTRIBUTE_POLICY: 'same-origin', 41 NAME: 'stylesheet-same-origin-with-origin-in-meta', 42 META_POLICY: 'origin', 43 REL: 'stylesheet', 44 DESC: "stylesheet-same-origin with origin in meta", 45 RESULT: 'full'}, 46 {NAME: 'stylesheet-no-referrer-in-meta', 47 META_POLICY: 'no-referrer', 48 REL: 'stylesheet', 49 DESC: "stylesheet-no-referrer in meta", 50 RESULT: 'none'}, 51 52 // Downgrade. 53 {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', 54 NAME: 'stylesheet-origin-in-meta-downgrade-in-attr', 55 META_POLICY: 'origin', 56 DESC: 'stylesheet-origin in meta downgrade in attr', 57 REL: 'stylesheet', 58 SCHEME_FROM: 'https', 59 SCHEME_TO: 'http', 60 RESULT: 'none'}, 61 {ATTRIBUTE_POLICY: 'strict-origin', 62 NAME: 'stylesheet-origin-in-meta-strict-origin-in-attr', 63 META_POLICY: 'origin', 64 DESC: 'stylesheet-origin in meta strict-origin in attr', 65 REL: 'stylesheet', 66 SCHEME_FROM: 'https', 67 SCHEME_TO: 'http', 68 RESULT: 'none'}, 69 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 70 NAME: 'stylesheet-origin-in-meta-strict-origin-when-cross-origin-in-attr', 71 META_POLICY: 'origin', 72 DESC: 'stylesheet-origin in meta strict-origin-when-cross-origin in attr', 73 REL: 'stylesheet', 74 SCHEME_FROM: 'https', 75 SCHEME_TO: 'http', 76 RESULT: 'none'}, 77 78 // No downgrade. 79 {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', 80 NAME: 'stylesheet-origin-in-meta-downgrade-in-attr', 81 META_POLICY: 'origin', 82 DESC: 'stylesheet-origin in meta downgrade in attr', 83 REL: 'stylesheet', 84 SCHEME_FROM: 'https', 85 SCHEME_TO: 'https', 86 RESULT: 'full'}, 87 88 {ATTRIBUTE_POLICY: 'origin', 89 NAME: 'stylesheet-origin-with-no-meta', 90 META_POLICY: '', 91 REL: 'stylesheet', 92 DESC: "stylesheet-origin with no meta", 93 RESULT: 'origin'}, 94 95 {ATTRIBUTE_POLICY: 'strict-origin', 96 NAME: 'stylesheet-origin-in-meta-strict-origin-in-attr', 97 META_POLICY: 'origin', 98 DESC: 'stylesheet-origin in meta strict-origin in attr', 99 REL: 'stylesheet', 100 SCHEME_FROM: 'https', 101 SCHEME_TO: 'https', 102 RESULT: 'origin'}, 103 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 104 NAME: 'stylesheet-origin-in-meta-strict-origin-when-cross-origin-in-attr', 105 META_POLICY: 'origin', 106 DESC: 'stylesheet-origin in meta strict-origin-when-cross-origin in attr', 107 REL: 'stylesheet', 108 SCHEME_FROM: 'https', 109 SCHEME_TO: 'https', 110 RESULT: 'full'}, 111 112 // Cross origin 113 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 114 NAME: 'stylesheet-origin-when-cross-origin-with-no-meta', 115 META_POLICY: '', 116 SCHEME_FROM: 'https', 117 SCHEME_TO: 'http', 118 REL: 'stylesheet', 119 DESC: "stylesheet-origin-when-cross-origin with no meta", 120 RESULT: 'origin'}, 121 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 122 NAME: 'stylesheet-origin-when-cross-origin-with-no-referrer-in-meta', 123 META_POLICY: 'no-referrer', 124 SCHEME_FROM: 'https', 125 SCHEME_TO: 'http', 126 REL: 'stylesheet', 127 DESC: "stylesheet-origin-when-cross-origin with no-referrer in meta", 128 RESULT: 'origin'}, 129 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 130 NAME: 'stylesheet-origin-when-cross-origin-with-unsafe-url-in-meta', 131 META_POLICY: 'unsafe-url', 132 SCHEME_FROM: 'https', 133 SCHEME_TO: 'http', 134 REL: 'stylesheet', 135 DESC: "stylesheet-origin-when-cross-origin with unsafe-url in meta", 136 RESULT: 'origin'}, 137 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 138 NAME: 'stylesheet-origin-when-cross-origin-with-origin-in-meta', 139 META_POLICY: 'origin', 140 SCHEME_FROM: 'https', 141 SCHEME_TO: 'http', 142 REL: 'stylesheet', 143 DESC: "stylesheet-origin-when-cross-origin with origin in meta", 144 RESULT: 'origin'}, 145 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 146 NAME: 'stylesheet-strict-origin-when-cross-origin-with-origin-in-meta', 147 META_POLICY: 'origin', 148 SCHEME_FROM: 'http', 149 SCHEME_TO: 'https', 150 REL: 'stylesheet', 151 DESC: "stylesheet-strict-origin-when-cross-origin with origin in meta", 152 RESULT: 'origin'}, 153 {ATTRIBUTE_POLICY: 'same-origin', 154 NAME: 'stylesheet-same-origin-with-origin-in-meta', 155 META_POLICY: 'origin', 156 SCHEME_FROM: 'http', 157 SCHEME_TO: 'https', 158 REL: 'stylesheet', 159 DESC: "stylesheet-same-origin with origin in meta", 160 RESULT: 'none'}, 161 162 // Invalid 163 {ATTRIBUTE_POLICY: 'default', 164 NAME: 'stylesheet-default-with-no-meta', 165 META_POLICY: '', 166 REL: 'stylesheet', 167 DESC: "stylesheet-default with no meta", 168 RESULT: 'full'}, 169 {ATTRIBUTE_POLICY: 'something', 170 NAME: 'stylesheet-something-with-no-meta', 171 META_POLICY: '', 172 REL: 'stylesheet', 173 DESC: "stylesheet-something with no meta", 174 RESULT: 'full'}, 175 ]}, 176 177 {ACTION: ["generate-link-policy-test-set-attribute"], 178 TESTS: [ 179 {ATTRIBUTE_POLICY: 'unsafe-url', 180 NEW_ATTRIBUTE_POLICY: 'no-referrer', 181 NAME: 'stylesheet-no-referrer-unsafe-url-set-attribute-with-origin-in-meta', 182 META_POLICY: 'origin', 183 REL: 'stylesheet', 184 DESC: "stylesheet-no-referrer-set-attribute (originally unsafe-url) with origin in meta", 185 RESULT: 'none'}, 186 {ATTRIBUTE_POLICY: 'origin', 187 NEW_ATTRIBUTE_POLICY: 'unsafe-url', 188 NAME: 'stylesheet-unsafe-url-origin-set-attribute-with-no-referrer-in-meta', 189 META_POLICY: 'no-referrer', 190 REL: 'stylesheet', 191 DESC: "stylesheet-unsafe-url-set-attribute (originally origin) with no-referrer in meta", 192 RESULT: 'full'}, 193 ]}, 194 195 {ACTION: ["generate-link-policy-test-property"], 196 TESTS: [ 197 {ATTRIBUTE_POLICY: 'no-referrer', 198 NEW_ATTRIBUTE_POLICY: 'unsafe-url', 199 NAME: 'stylesheet-unsafe-url-no-referrer-property-with-origin-in-meta', 200 META_POLICY: 'origin', 201 REL: 'stylesheet', 202 DESC: "stylesheet-unsafe-url-property (originally no-referrer) with origin in meta", 203 RESULT: 'full'}, 204 {ATTRIBUTE_POLICY: 'origin', 205 NEW_ATTRIBUTE_POLICY: 'unsafe-url', 206 NAME: 'stylesheet-unsafe-url-origin-property-with-no-referrer-in-meta', 207 META_POLICY: 'no-referrer', 208 REL: 'stylesheet', 209 DESC: "stylesheet-unsafe-url-property (originally origin) with no-referrer in meta", 210 RESULT: 'full'}, 211 ]}, 212 ]; 213 </script> 214 <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script> 215 </head> 216 <body onload="tests.next();"> 217 <iframe id="testframe"></iframe> 218 </body> 219 </html>