tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_main_bug803225.html (6811B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 Tests for Mixed Content Blocker - Allowed Protocols
      5 https://bugzilla.mozilla.org/show_bug.cgi?id=803225
      6 -->
      7 <head>
      8  <meta charset="utf-8">
      9  <title>Tests for Bug 62178</title>
     10  <script src="/tests/SimpleTest/EventUtils.js"></script>
     11 </head>
     12 <body>
     13 <div id="testContent"></div>
     14 
     15 <!-- Test additional schemes the Mixed Content Blocker should not block
     16     "about" protocol URIs that are URI_SAFE_FOR_UNTRUSTED_CONTENT (moz-safe-about; see nsAboutProtocolHandler::NewURI
     17     "data",
     18     "javascript",
     19     "mailto",
     20     "resource",
     21     "wss"
     22 -->
     23 
     24 <script>
     25  const { AppConstants } = SpecialPowers.ChromeUtils.importESModule(
     26    "resource://gre/modules/AppConstants.sys.mjs"
     27  );
     28 
     29  //For tests that require setTimeout, set the timeout interval
     30  var TIMEOUT_INTERVAL = 100;
     31 
     32  var testContent = document.getElementById("testContent");
     33 
     34  // Test 1 & 2: about and javascript protcols within an iframe
     35  var data = Array(2,2);
     36  var protocols = [
     37                    ["about", ""], //When no source is specified, the frame gets a source of about:blank
     38                    ["javascript", "javascript:document.open();document.write='<h1>SUCCESS</h1>';document.close();"],
     39                  ];
     40  for(var i=0; i < protocols.length; i++)
     41  {
     42    var generic_frame = document.createElement("iframe");
     43    generic_frame.src = protocols[i][1];
     44    generic_frame.name="generic_protocol";
     45 
     46    generic_frame.onload = function(i) {
     47      data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol loaded"};
     48      parent.postMessage(data, "http://mochi.test:8888");
     49    }.bind(generic_frame, i)
     50 
     51    generic_frame.onerror = function(i) {
     52      data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol did not load"};
     53      parent.postMessage(data, "http://mochi.test:8888");
     54    }.bind(generic_frame, i);
     55 
     56    testContent.appendChild(generic_frame, i);
     57  }
     58 
     59  // Test 3: for resource within a script tag
     60  // Note: the script we load throws an exception, but the script element's
     61  // onload listener is called after we successfully fetch the script,
     62  // independently of whether it throws an exception.
     63  var resource_script=document.createElement("script");
     64  resource_script.src = "resource://gre/modules/XPCOMUtils.sys.mjs";
     65  resource_script.name = "resource_protocol";
     66  resource_script.onload = function() {
     67    parent.postMessage({"test": "resource", "msg": "resource with resource protocol loaded"}, "http://mochi.test:8888");
     68  }
     69  resource_script.onerror = function() {
     70    parent.postMessage({"test": "resource", "msg": "resource with resource protocol did not load"}, "http://mochi.test:8888");
     71  }
     72 
     73  testContent.appendChild(resource_script);
     74 
     75  // Test 4: about unsafe protocol within an iframe
     76  var unsafe_about_frame = document.createElement("iframe");
     77  unsafe_about_frame.src = "about:config";
     78  unsafe_about_frame.name = "unsafe_about_protocol";
     79  unsafe_about_frame.onload = function() {
     80    parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol loaded"}, "http://mochi.test:8888");
     81  }
     82  unsafe_about_frame.onerror = function() {
     83    parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol did not load"}, "http://mochi.test:8888");
     84  }
     85  testContent.appendChild(unsafe_about_frame);
     86 
     87  // Test 5: data protocol within a script tag
     88  var x = 2;
     89  var newscript = document.createElement("script");
     90  newscript.src= "data:text/javascript,var x = 4;";
     91  newscript.onload = function() {
     92    parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol loaded"}, "http://mochi.test:8888");
     93  }
     94  newscript.onerror = function() {
     95    parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol did not load"}, "http://mochi.test:8888");
     96  }
     97  testContent.appendChild(newscript);
     98 
     99  // Test 6: mailto protocol
    100  let mm = SpecialPowers.loadChromeScript(function launchHandler() {
    101    /* eslint-env mozilla/chrome-script */
    102    var ioService = Cc["@mozilla.org/network/io-service;1"].
    103                      getService(Ci.nsIIOService);
    104 
    105    var webHandler = Cc["@mozilla.org/uriloader/web-handler-app;1"].
    106                       createInstance(Ci.nsIWebHandlerApp);
    107    webHandler.name = "Web Handler";
    108    webHandler.uriTemplate = "http://example.com/tests/dom/security/test/mixedcontentblocker/file_bug803225_test_mailto.html?s=%";
    109 
    110    Services.ppmm.addMessageListener("Test:content-ready", function contentReadyListener() {
    111      Services.ppmm.removeMessageListener("Test:content-ready", contentReadyListener);
    112      sendAsyncMessage("Test:content-ready-forward");
    113      Services.ppmm.removeDelayedProcessScript(pScript);
    114    })
    115 
    116    var pScript = "data:,new " + function () {
    117      /* eslint-env mozilla/process-script */
    118      var os = Cc["@mozilla.org/observer-service;1"]
    119        .getService(Ci.nsIObserverService);
    120      var observer = {
    121        observe(subject, topic, data) {
    122        if (topic == "content-document-global-created" && data == "http://example.com") {
    123           sendAsyncMessage("Test:content-ready");
    124           os.removeObserver(observer, "content-document-global-created");
    125        }
    126      }
    127      };
    128      os.addObserver(observer, "content-document-global-created");
    129    }
    130 
    131    Services.ppmm.loadProcessScript(pScript, true);
    132 
    133    var uri = ioService.newURI("mailto:foo@bar.com");
    134    webHandler.launchWithURI(uri);
    135  });
    136 
    137  var mailto = false;
    138 
    139  mm.addMessageListener("Test:content-ready-forward", function contentReadyListener() {
    140    mm.removeMessageListener("Test:content-ready-forward", contentReadyListener);
    141    mailto = true;
    142    parent.postMessage({"test": "mailto", "msg": "resource with mailto protocol loaded"}, "http://mochi.test:8888");
    143  });
    144 
    145  function mailtoProtocolStatus() {
    146    if(!mailto) {
    147      //There is no onerror event associated with the WebHandler, and hence we need a setTimeout to check the status
    148      setTimeout(mailtoProtocolStatus, TIMEOUT_INTERVAL);
    149    }
    150  }
    151 
    152  mailtoProtocolStatus();
    153 
    154  // Test 7: wss protocol
    155  // WebSocket tests are not supported on Android Yet. Bug 1566168.
    156  if (AppConstants.platform !== "android") {
    157    var wss;
    158    wss = new WebSocket("wss://example.com/tests/dom/security/test/mixedcontentblocker/file_main_bug803225_websocket");
    159 
    160    var status_wss = "started";
    161    wss.onopen = function(e) {
    162       status_wss = "opened";
    163       wss.close();
    164    }
    165    wss.onclose = function(e) {
    166      if(status_wss == "opened") {
    167        parent.postMessage({"test": "wss", "msg": "resource with wss protocol loaded"}, "http://mochi.test:8888");
    168      } else {
    169        parent.postMessage({"test": "wss", "msg": "resource with wss protocol did not load"}, "http://mochi.test:8888");
    170      }
    171    }
    172  }
    173 </script>
    174 </body>
    175 </html>