tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_block_all_mixed_content.html (2808B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Bug 1122236 - CSP: Implement block-all-mixed-content</title>
      6  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
      7  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      8  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      9 </head>
     10 <body>
     11 <iframe style="width:100%;" id="testframe"></iframe>
     12 
     13 <script class="testbody" type="text/javascript">
     14 
     15 /* Description of the tests:
     16 * Test 1:
     17 * We load mixed display content in a frame using the CSP
     18 * directive 'block-all-mixed-content' and observe that the image is blocked.
     19 *
     20 * Test 2:
     21 * We load mixed display content in a frame using a CSP that allows the load
     22 * and observe that the image is loaded.
     23 *
     24 * Test 3:
     25 * We load mixed display content in a frame not using a CSP at all
     26 * and observe that the image is loaded.
     27 *
     28 * Test 4:
     29 * We load mixed display content in a frame using the CSP
     30 * directive 'block-all-mixed-content' and observe that the image is blocked.
     31 * Please note that Test 3 loads the image we are about to load in Test 4 into
     32 * the img cache. Let's make sure the cached (mixed display content) image is
     33 * not allowed to be loaded.
     34 */
     35 
     36 const BASE_URI = "https://example.com/tests/dom/security/test/csp/";
     37 
     38 const tests = [
     39  { // Test 1
     40    query: "csp-block",
     41    expected: "img-blocked",
     42    description: "(csp-block) block-all-mixed content should block mixed display content"
     43  },
     44  { // Test 2
     45    query: "csp-allow",
     46    expected: "img-loaded",
     47    description: "(csp-allow) mixed display content should be loaded"
     48  },
     49  { // Test 3
     50    query: "no-csp",
     51    expected: "img-loaded",
     52    description: "(no-csp) mixed display content should be loaded"
     53  },
     54  { // Test 4
     55    query: "csp-block",
     56    expected: "img-blocked",
     57    description: "(csp-block) block-all-mixed content should block insecure cache loads"
     58  },
     59  { // Test 5
     60    query: "cspro-block",
     61    expected: "img-loaded",
     62    description: "(cspro-block) block-all-mixed in report only mode should not block"
     63  },
     64 ];
     65 
     66 var curTest;
     67 var counter = -1;
     68 
     69 function checkResults(result) {
     70  is(result, curTest.expected, curTest.description);
     71  loadNextTest();
     72 }
     73 
     74 window.addEventListener("message", receiveMessage);
     75 function receiveMessage(event) {
     76  checkResults(event.data.result);
     77 }
     78 
     79 function loadNextTest() {
     80  counter++;
     81  if (counter == tests.length) {
     82    window.removeEventListener("message", receiveMessage);
     83    SimpleTest.finish();
     84    return;
     85  }
     86  curTest = tests[counter];
     87  testframe.src =   BASE_URI + "file_block_all_mcb.sjs?" + curTest.query;
     88 }
     89 
     90 SimpleTest.waitForExplicitFinish();
     91 
     92 SpecialPowers.pushPrefEnv(
     93  { 'set': [["security.mixed_content.block_display_content", false]] },
     94  function() { loadNextTest(); }
     95 );
     96 
     97 </script>
     98 </body>
     99 </html>