tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_upgrade_insecure.html (2803B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <meta charset="utf-8">
      5  <title>Bug 1704454 - HTTPS FIRST Mode</title>
      6  <!-- style -->
      7  <link rel='stylesheet' type='text/css' href='http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?style' media='screen' />
      8 
      9  <!-- font -->
     10  <style>
     11    @font-face {
     12      font-family: "foofont";
     13      src: url('http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?font');
     14    }
     15    .div_foo { font-family: "foofont"; }
     16  </style>
     17 </head>
     18 <body>
     19 
     20  <!-- images: -->
     21  <img src="http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?img"></img>
     22 
     23  <!-- redirects: upgrade http:// to https:// redirect to http:// and then upgrade to https:// again -->
     24  <img src="http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?redirect-image"></img>
     25 
     26  <!-- script: -->
     27  <script src="http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?script"></script>
     28 
     29  <!-- media: -->
     30  <audio src="http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?media"></audio>
     31 
     32  <!-- objects: -->
     33  <object width="10" height="10" data="http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?object"></object>
     34 
     35  <!-- font: (apply font loaded in header to div) -->
     36  <div class="div_foo">foo</div>
     37 
     38  <!-- iframe: (same origin) -->
     39  <iframe src="http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?iframe">
     40    <!-- within that iframe we load an image over http and make sure the requested gets upgraded to https -->
     41  </iframe>
     42 
     43  <!-- toplevel: -->
     44  <script type="application/javascript">
     45    let myWin = window.open("http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?top-level");
     46    //close right after opening
     47    myWin.onunload = function(){
     48      myWin.close();
     49    }
     50  </script>
     51 
     52  <!-- xhr: -->
     53  <script type="application/javascript">
     54    var myXHR = new XMLHttpRequest();
     55    myXHR.open("GET", "http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?xhr");
     56    myXHR.send(null);
     57  </script>
     58 
     59 
     60  <!-- form action: (upgrade POST from http:// to https://) -->
     61  <iframe name='formFrame' id='formFrame'></iframe>
     62  <form target="formFrame" action="http://example.com/tests/dom/security/test/https-first/file_upgrade_insecure_server.sjs?form" method="POST">
     63    <input name="foo" value="foo">
     64    <input type="submit" id="submitButton" formenctype='multipart/form-data' value="Submit form">
     65  </form>
     66  <script type="text/javascript">
     67    var submitButton = document.getElementById('submitButton');
     68    submitButton.click();
     69  </script>
     70 
     71 </body>
     72 </html>