test_script_template.html (1696B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1548385 - CSP: Test script template</title> 5 <script src="/tests/SimpleTest/SimpleTest.js"></script> 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 7 </head> 8 <body> 9 <iframe style="width:100%;" id="testframe"></iframe> 10 11 <script class="testbody" type="text/javascript"> 12 13 /** 14 * Description of the test: 15 * We load a document using a CSP of "default-src 'unsafe-inline'" 16 * and make sure that an external script within a template gets 17 * blocked correctly. 18 */ 19 20 const CSP_BLOCKED_SUBJECT = "csp-on-violate-policy"; 21 const CSP_ALLOWED_SUBJECT = "specialpowers-http-notify-request"; 22 23 SimpleTest.waitForExplicitFinish(); 24 25 function examiner() { 26 SpecialPowers.addObserver(this, CSP_BLOCKED_SUBJECT); 27 SpecialPowers.addObserver(this, CSP_ALLOWED_SUBJECT); 28 } 29 30 examiner.prototype = { 31 observe(subject, topic, data) { 32 if (topic == CSP_BLOCKED_SUBJECT) { 33 let jsFileName = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec"); 34 if (jsFileName.endsWith("file_script_template.js")) { 35 ok(true, "js file blocked by CSP"); 36 this.removeAndFinish(); 37 } 38 } 39 40 if (topic == CSP_ALLOWED_SUBJECT) { 41 if (data.endsWith("file_script_template.js")) { 42 ok(false, "js file allowed by CSP"); 43 this.removeAndFinish(); 44 } 45 } 46 }, 47 48 removeAndFinish() { 49 SpecialPowers.removeObserver(this, CSP_BLOCKED_SUBJECT); 50 SpecialPowers.removeObserver(this, CSP_ALLOWED_SUBJECT); 51 SimpleTest.finish(); 52 } 53 } 54 55 window.examiner = new examiner(); 56 document.getElementById("testframe").src = "file_script_template.html"; 57 58 </script> 59 </body> 60 </html>