test_child-src_iframe.html (3240B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1045891</title> 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <p id="display"></p> 11 <div id="content" style="visibility: hidden"> 12 </div> 13 14 <script class="testbody" type="text/javascript"> 15 16 /* 17 * Description of the test: 18 * We load a page with a given CSP and verify that child frames and workers are correctly 19 * evaluated through the "child-src" directive. 20 */ 21 22 SimpleTest.waitForExplicitFinish(); 23 24 var IFRAME_SRC="file_child-src_iframe.html" 25 26 var tests = { 27 'same-src': { 28 id: "same-src", 29 file: IFRAME_SRC, 30 result : "allowed", 31 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888" 32 }, 33 'star-src': { 34 id: "star-src", 35 file: IFRAME_SRC, 36 result : "allowed", 37 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *" 38 }, 39 'other-src': { 40 id: "other-src", 41 file: IFRAME_SRC, 42 result : "blocked", 43 policy : "default-src http://mochi.test:8888; script-src 'unsafe-inline'; child-src http://www.example.com" 44 }, 45 'same-src-by-frame-src': { 46 id: "same-src-by-frame-src", 47 file: IFRAME_SRC, 48 result : "allowed", 49 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'none'; frame-src http://mochi.test:8888" 50 }, 51 'star-src-by-frame-src': { 52 id: "star-src-by-frame-src", 53 file: IFRAME_SRC, 54 result : "allowed", 55 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'none'; frame-src *" 56 }, 57 'other-src-by-frame-src': { 58 id: "other-src-by-frame-src", 59 file: IFRAME_SRC, 60 result : "blocked", 61 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888; frame-src http://www.example.com" 62 }, 63 'none-src-by-frame-src': { 64 id: "none-src-by-frame-src", 65 file: IFRAME_SRC, 66 result : "blocked", 67 policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888; frame-src 'none'" 68 } 69 }; 70 71 finished = {}; 72 73 function checkFinished() { 74 if (Object.keys(finished).length == Object.keys(tests).length) { 75 window.removeEventListener('message', recvMessage); 76 SimpleTest.finish(); 77 } 78 } 79 80 function recvMessage(ev) { 81 is(ev.data.message, tests[ev.data.id].result, "CSP child-src test " + ev.data.id); 82 finished[ev.data.id] = ev.data.message; 83 84 checkFinished(); 85 } 86 87 window.addEventListener('message', recvMessage); 88 89 function loadNextTest() { 90 for (item in tests) { 91 test = tests[item]; 92 var src = "file_testserver.sjs"; 93 // append the file that should be served 94 src += "?file=" + escape("tests/dom/security/test/csp/" + test.file); 95 // append the CSP that should be used to serve the file 96 src += "&csp=" + escape(test.policy); 97 // add our identifier 98 src += "#" + escape(test.id); 99 100 content = document.getElementById('content'); 101 testframe = document.createElement("iframe"); 102 testframe.setAttribute('id', test.id); 103 content.appendChild(testframe); 104 testframe.src = src; 105 } 106 } 107 108 // start running the tests 109 loadNextTest(); 110 111 </script> 112 </body> 113 </html>