test_form_action_blocks_url.html (2744B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>Bug 1251043 - Test form-action blocks URL</title> 5 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 8 </head> 9 <body> 10 <iframe id="testframe"></iframe> 11 12 <script class="testbody" type="text/javascript"> 13 /* 14 * Description of the test: 15 * 1) Let's load a form into an iframe which uses a CSP of: form-action 'none'; 16 * 2) Let's hit the submit button and make sure the form is not submitted. 17 * 18 * Since a blocked form submission does not fire any event handler, we have to 19 * use timeout triggered function that verifies that the form didn't get submitted. 20 */ 21 22 SimpleTest.requestFlakyTimeout( 23 "Form submission blocked by CSP does not fire any events " + 24 "hence we have to check back after 300ms to make sure the form " + 25 "is not submitted"); 26 SimpleTest.waitForExplicitFinish(); 27 28 const FORM_SUBMITTED = "form submission succeeded"; 29 var timeOutId; 30 var testframe = document.getElementById("testframe"); 31 32 // In case the form gets submitted, the test would receive an 'load' 33 // event and would trigger the test to fail early. 34 function logFormSubmittedError() { 35 clearTimeout(timeOutId); 36 testframe.removeEventListener('load', logFormSubmittedError); 37 ok(false, "form submission should be blocked"); 38 SimpleTest.finish(); 39 } 40 41 // After 300ms we verify the form did not get submitted. 42 function verifyFormNotSubmitted() { 43 clearTimeout(timeOutId); 44 var frameContent = testframe.contentWindow.document.body.innerHTML; 45 isnot(frameContent.indexOf("CONTROL-TEXT"), -1, 46 "form should not be submitted and still contain the control text"); 47 SimpleTest.finish(); 48 } 49 50 function submitForm() { 51 // Part 1: The form has loaded in the testframe 52 // unregister the current event handler 53 testframe.removeEventListener('load', submitForm); 54 55 // Part 2: Register a new load event handler. In case the 56 // form gets submitted, this load event fires and we can 57 // fail the test right away. 58 testframe.addEventListener("load", logFormSubmittedError); 59 60 // Part 3: Since blocking the form does not throw any kind of error; 61 // Firefox just logs the CSP error to the console we have to register 62 // this timeOut function which then verifies that the form didn't 63 // get submitted. 64 timeOutId = setTimeout(verifyFormNotSubmitted, 300); 65 66 // Part 4: We are ready, let's hit the submit button of the form. 67 var submitButton = testframe.contentWindow.document.getElementById('submitButton'); 68 submitButton.click(); 69 } 70 71 testframe.addEventListener("load", submitForm); 72 testframe.src = "file_form_action_server.sjs?loadframe"; 73 74 </script> 75 </body> 76 </html>