tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_innerhtml_sanitizer.xhtml (2322B)

      1 <!DOCTYPE HTML>
      2 <html xmlns="http://www.w3.org/1999/xhtml">
      3 <head>
      4  <title>Test for Bug 1667113</title>
      5  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
      6  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
      7 </head>
      8 <body>
      9 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a>
     10 <div></div>
     11 <script><![CDATA[
     12 SimpleTest.waitForExplicitFinish();
     13 
     14 // Please note that 'fakeServer' does not exist because the test relies
     15 // on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
     16 // which fire if either the request is blocked or fires. The test does
     17 // not rely on the result of the load.
     18 
     19 function fail() {
     20  ok(false, "Should not call this")
     21 }
     22 
     23 function examiner() {
     24  SpecialPowers.addObserver(this, "csp-on-violate-policy");
     25  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
     26 }
     27 examiner.prototype  = {
     28  observe(subject, topic, data) {
     29    if (topic === "csp-on-violate-policy") {
     30      let asciiSpec = SpecialPowers.getPrivilegedProps(
     31                       SpecialPowers.do_QueryInterface(subject, "nsIURI"),
     32                       "asciiSpec");
     33      if (asciiSpec.includes("fakeServer")) {
     34        ok (false, "Should not attempt fetch, not even blocked by CSP.");
     35      }
     36    }
     37 
     38    if (topic === "specialpowers-http-notify-request") {
     39      if (data.includes("fakeServer")) {
     40        ok (false, "Should not try fetch");
     41      }
     42    }
     43  },
     44  remove() {
     45    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
     46    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
     47  }
     48 }
     49 
     50 window.examiner = new examiner();
     51 
     52 let div = document.getElementsByTagName("div")[0];
     53 div.innerHTML = "<svg xmlns='http://www.w3.org/2000/svg'><style><title><audio xmlns='http://www.w3.org/1999/xhtml' src='fakeServer' onerror='fail()' onload='fail()'></audio></title></style></svg>";
     54 
     55 let svg = div.firstChild;
     56 is(svg.nodeName, "svg", "Node name should be svg");
     57 
     58 let style = svg.firstChild;
     59 if (style) {
     60  is(style.firstChild, null, "Style should not have child nodes.");
     61 } else {
     62  ok(false, "Should have gotten a node.");
     63 }
     64 
     65 
     66 SimpleTest.executeSoon(function() {
     67  window.examiner.remove();
     68  SimpleTest.finish();
     69 });
     70 
     71 ]]></script>
     72 </body>
     73 </html>