tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_allow_https_schemes.html (2370B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Bug 826805 - Allow http and https for scheme-less sources</title>
      5  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      6  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      8 </head>
      9 <body>
     10  <p id="display"></p>
     11  <div id="content" style="visibility: hidden">
     12    <iframe style="width:100%;" id="testframe"></iframe>
     13  </div>
     14 
     15 <script class="testbody" type="text/javascript">
     16 
     17 SimpleTest.waitForExplicitFinish();
     18 
     19 /* Description of the test:
     20 * We are loading the following url (including a fragment portion):
     21 *   https://example.com/tests/dom/security/test/csp/file_path_matching.js#foo
     22 * using different policies that lack specification of a scheme.
     23 *
     24 * Since the file is served over http:, the upgrade to https should be
     25 * permitted by CSP in case no port is specified.
     26 */
     27 
     28 var policies = [
     29  ["allowed", "example.com"],
     30  ["allowed", "example.com:443"],
     31  ["allowed", "example.com:80"],
     32  ["allowed", "http://*:80"],
     33  ["allowed", "https://*:443"],
     34  // our testing framework only supports :80 and :443, but
     35  // using :8000 in a policy does the trick for the test.
     36  ["blocked", "example.com:8000"],
     37 ]
     38 
     39 var counter = 0;
     40 var policy;
     41 
     42 function loadNextTest() {
     43  if (counter == policies.length) {
     44    SimpleTest.finish();
     45  }
     46  else {
     47    policy = policies[counter++];
     48    var src = "file_testserver.sjs";
     49    // append the file that should be served
     50    src += "?file=" + escape("tests/dom/security/test/csp/file_allow_https_schemes.html");
     51    // append the CSP that should be used to serve the file
     52    src += "&csp=" + escape("default-src 'none'; script-src " + policy[1]);
     53 
     54    document.getElementById("testframe").addEventListener("load", test);
     55    document.getElementById("testframe").src = src;
     56  }
     57 }
     58 
     59 function test() {
     60  try {
     61    document.getElementById("testframe").removeEventListener('load', test);
     62    var testframe = document.getElementById("testframe");
     63    var divcontent = testframe.contentWindow.document.getElementById('testdiv').innerHTML;
     64    is(divcontent, policy[0], "should be " + policy[0] + " in test " + (counter - 1) + "!");
     65  }
     66  catch (e) {
     67    ok(false, "ERROR: could not access content in test " + (counter - 1) + "!");
     68  }
     69  loadNextTest();
     70 }
     71 
     72 loadNextTest();
     73 
     74 </script>
     75 </body>
     76 </html>