test_upgrade_insecure_docwrite_iframe.html (1942B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Bug 1273430 - Test CSP upgrade-insecure-requests for doc.write(iframe)</title> 6 <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> 7 <script src="/tests/SimpleTest/SimpleTest.js"></script> 8 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 9 </head> 10 <body> 11 <iframe style="width:100%;" id="testframe"></iframe> 12 13 <script class="testbody" type="text/javascript"> 14 15 /* Description of the test: 16 * Load an iframe which ships with a CSP of upgrade-insecure-requests. 17 * Within that iframe a script performs doc.write(iframe) using an 18 * *http* URL. Make sure, the URL is upgraded to *https*. 19 * 20 * +-----------------------------------------+ 21 * | | 22 * | http(s); csp: upgrade-insecure-requests | | 23 * | +---------------------------------+ | 24 * | | | | 25 * | | doc.write(<iframe src='http'>); | <--------- upgrade to https 26 * | | | | 27 * | +---------------------------------+ | 28 * | | 29 * +-----------------------------------------+ 30 * 31 */ 32 33 const TEST_FRAME_URL = 34 "https://example.com/tests/dom/security/test/csp/file_upgrade_insecure_docwrite_iframe.sjs?testframe"; 35 36 // important: the RESULT should have a scheme of *https* 37 const RESULT = 38 "https://example.com/tests/dom/security/test/csp/file_upgrade_insecure_docwrite_iframe.sjs?docwriteframe"; 39 40 window.addEventListener("message", receiveMessage); 41 function receiveMessage(event) { 42 is(event.data.result, RESULT, "doc.write(iframe) of http should be upgraded to https!"); 43 window.removeEventListener("message", receiveMessage); 44 SimpleTest.finish(); 45 } 46 47 // start the test 48 SimpleTest.waitForExplicitFinish(); 49 var testframe = document.getElementById("testframe"); 50 testframe.src = TEST_FRAME_URL; 51 52 </script> 53 </body> 54 </html>