test_isOriginPotentiallyTrustworthy.js (1757B)
1 /* Any copyright is dedicated to the Public Domain. 2 http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 /* 5 * Tests the "Is origin potentially trustworthy?" logic from 6 * <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>. 7 */ 8 9 const { NetUtil } = ChromeUtils.importESModule( 10 "resource://gre/modules/NetUtil.sys.mjs" 11 ); 12 13 Services.prefs.setCharPref( 14 "dom.securecontext.allowlist", 15 "example.net,example.org" 16 ); 17 18 Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", false); 19 20 add_task(async function test_isOriginPotentiallyTrustworthy() { 21 for (let [uriSpec, expectedResult] of [ 22 ["http://example.com/", false], 23 ["https://example.com/", true], 24 ["http://localhost/", true], 25 ["http://localhost.localhost/", true], 26 ["http://127.0.0.1/", true], 27 ["file:///", true], 28 ["resource:///", true], 29 ["moz-extension://", true], 30 ["wss://example.com/", true], 31 ["about:config", false], 32 ["http://example.net/", true], 33 ["ws://example.org/", true], 34 ["chrome://example.net/content/messenger.xul", false], 35 ["http://1234567890abcdef.onion/", false], 36 ]) { 37 let uri = NetUtil.newURI(uriSpec); 38 let principal = Services.scriptSecurityManager.createContentPrincipal( 39 uri, 40 {} 41 ); 42 Assert.equal(principal.isOriginPotentiallyTrustworthy, expectedResult); 43 } 44 // And now let's test whether .onion sites are properly treated when 45 // allowlisted, see bug 1382359. 46 Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", true); 47 let uri = NetUtil.newURI("http://1234567890abcdef.onion/"); 48 let principal = Services.scriptSecurityManager.createContentPrincipal( 49 uri, 50 {} 51 ); 52 Assert.equal(principal.isOriginPotentiallyTrustworthy, true); 53 });