file_frameancestors_main.js (3673B)
1 // Script to populate the test frames in the frame ancestors mochitest. 2 // 3 function setupFrames() { 4 var $ = function (v) { 5 return document.getElementById(v); 6 }; 7 var base = { 8 self: "/tests/dom/security/test/csp/file_frameancestors.sjs", 9 a: "http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs", 10 b: "http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs", 11 }; 12 13 // In both cases (base.a, base.b) the path starts with /tests/. Let's make sure this 14 // path within the CSP policy is completely ignored when enforcing frame ancestors. 15 // To test this behavior we use /foo/ and /bar/ as dummy values for the path. 16 var host = { 17 a: "http://mochi.test:8888/foo/", 18 b: "http://example.com:80/bar/", 19 }; 20 21 var innerframeuri = null; 22 var elt = null; 23 24 elt = $("aa_allow"); 25 elt.src = 26 base.a + 27 "?testid=aa_allow&internalframe=aa_a&csp=" + 28 escape( 29 "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'" 30 ); 31 32 elt = $("aa_block"); 33 elt.src = 34 base.a + 35 "?testid=aa_block&internalframe=aa_b&csp=" + 36 escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'"); 37 38 elt = $("ab_allow"); 39 elt.src = 40 base.b + 41 "?testid=ab_allow&internalframe=ab_a&csp=" + 42 escape( 43 "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'" 44 ); 45 46 elt = $("ab_block"); 47 elt.src = 48 base.b + 49 "?testid=ab_block&internalframe=ab_b&csp=" + 50 escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'"); 51 52 /* .... two-level framing */ 53 elt = $("aba_allow"); 54 innerframeuri = 55 base.a + 56 "?testid=aba_allow&double=1&internalframe=aba_a&csp=" + 57 escape( 58 "default-src 'none'; frame-ancestors " + 59 host.a + 60 " " + 61 host.b + 62 "; script-src 'self'" 63 ); 64 elt.src = 65 base.b + 66 "?externalframe=" + 67 escape('<iframe src="' + innerframeuri + '"></iframe>'); 68 69 elt = $("aba_block"); 70 innerframeuri = 71 base.a + 72 "?testid=aba_allow&double=1&internalframe=aba_b&csp=" + 73 escape( 74 "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'" 75 ); 76 elt.src = 77 base.b + 78 "?externalframe=" + 79 escape('<iframe src="' + innerframeuri + '"></iframe>'); 80 81 elt = $("aba2_block"); 82 innerframeuri = 83 base.a + 84 "?testid=aba_allow&double=1&internalframe=aba2_b&csp=" + 85 escape( 86 "default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'" 87 ); 88 elt.src = 89 base.b + 90 "?externalframe=" + 91 escape('<iframe src="' + innerframeuri + '"></iframe>'); 92 93 elt = $("abb_allow"); 94 innerframeuri = 95 base.b + 96 "?testid=abb_allow&double=1&internalframe=abb_a&csp=" + 97 escape( 98 "default-src 'none'; frame-ancestors " + 99 host.a + 100 " " + 101 host.b + 102 "; script-src 'self'" 103 ); 104 elt.src = 105 base.b + 106 "?externalframe=" + 107 escape('<iframe src="' + innerframeuri + '"></iframe>'); 108 109 elt = $("abb_block"); 110 innerframeuri = 111 base.b + 112 "?testid=abb_allow&double=1&internalframe=abb_b&csp=" + 113 escape( 114 "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'" 115 ); 116 elt.src = 117 base.b + 118 "?externalframe=" + 119 escape('<iframe src="' + innerframeuri + '"></iframe>'); 120 121 elt = $("abb2_block"); 122 innerframeuri = 123 base.b + 124 "?testid=abb_allow&double=1&internalframe=abb2_b&csp=" + 125 escape( 126 "default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'" 127 ); 128 elt.src = 129 base.b + 130 "?externalframe=" + 131 escape('<iframe src="' + innerframeuri + '"></iframe>'); 132 } 133 134 window.addEventListener("load", setupFrames);