tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_innerhtml_sanitizer.html (2188B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset=utf-8>
      5  <title>Test for Bug 1667113</title>
      6  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
      7  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
      8 </head>
      9 <body>
     10 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a>
     11 <div></div>
     12 <script>
     13 SimpleTest.waitForExplicitFinish();
     14 
     15 // Please note that 'fakeServer' does not exist because the test relies
     16 // on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
     17 // which fire if either the request is blocked or fires. The test does
     18 // not rely on the result of the load.
     19 
     20 function fail() {
     21  ok(false, "Should not call this")
     22 }
     23 
     24 function examiner() {
     25  SpecialPowers.addObserver(this, "csp-on-violate-policy");
     26  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
     27 }
     28 examiner.prototype  = {
     29  observe(subject, topic, data) {
     30    if (topic === "csp-on-violate-policy") {
     31      let asciiSpec = SpecialPowers.getPrivilegedProps(
     32                       SpecialPowers.do_QueryInterface(subject, "nsIURI"),
     33                       "asciiSpec");
     34      if (asciiSpec.includes("fakeServer")) {
     35        ok (false, "Should not attempt fetch, not even blocked by CSP.");
     36      }
     37    }
     38 
     39    if (topic === "specialpowers-http-notify-request") {
     40      if (data.includes("fakeServer")) {
     41        ok (false, "Should not try fetch");
     42      }
     43    }
     44  },
     45  remove() {
     46    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
     47    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
     48  }
     49 }
     50 
     51 window.examiner = new examiner();
     52 
     53 let div = document.getElementsByTagName("div")[0];
     54 div.innerHTML = "<svg><style><title><audio src=fakeServer onerror=fail() onload=fail()>";
     55 
     56 let svg = div.firstChild;
     57 is(svg.nodeName, "svg", "Node name should be svg");
     58 
     59 let style = svg.firstChild;
     60 if (style) {
     61  is(style.firstChild, null, "Style should not have child nodes.");
     62 } else {
     63  ok(false, "Should have gotten a node.");
     64 }
     65 
     66 
     67 SimpleTest.executeSoon(function() {
     68  window.examiner.remove();
     69  SimpleTest.finish();
     70 });
     71 
     72 </script>
     73 </body>
     74 </html>