browser_ipAddressSpace_mainpage_unaffected.js (4095B)
1 /* Any copyright is dedicated to the Public Domain. 2 https://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const { HttpServer } = ChromeUtils.importESModule( 7 "resource://testing-common/httpd.sys.mjs" 8 ); 9 10 let mainBrowsingContext = null; 11 let iframeBrowsingContext = null; 12 13 // This test verifies that an iframe from a public address does not taint the address space of its parent page. 14 // We load a main page from server1 (localhost) that embeds an iframe loading from server2 (a public address). 15 // A second iframe from server1 (localhost) is then added. If the main page's address space were tainted by the public iframe, 16 // the second iframe would fail to load. This test ensures that does not happen. 17 add_task(async function test_main_ipAddressSpace_unaffected_by_iframe() { 18 // Start server1 19 let server1 = new HttpServer(); 20 server1.start(-1); 21 const server1Port = server1.identity.primaryPort; 22 const server1Base = `http://localhost:${server1Port}`; 23 24 // Start server2 25 let server2 = new HttpServer(); 26 server2.start(-1); 27 const server2Port = server2.identity.primaryPort; 28 const server2Base = `http://localhost:${server2Port}`; 29 // override server2 as public 30 var override_value = `127.0.0.1:${server2Port}`; 31 32 Services.prefs.setCharPref( 33 "network.lna.address_space.public.override", 34 override_value 35 ); 36 Services.prefs.setBoolPref("network.lna.blocking", true); 37 Services.prefs.setBoolPref("network.localhost.prompt.testing", true); 38 Services.prefs.setBoolPref("network.localhost.prompt.testing.allow", false); 39 40 registerCleanupFunction(async () => { 41 await server1.stop(); 42 await server2.stop(); 43 Services.prefs.clearUserPref("network.lna.address_space.public.override"); 44 Services.prefs.clearUserPref("network.lna.blocking"); 45 Services.prefs.clearUserPref("network.localhost.prompt.testing"); 46 Services.prefs.clearUserPref("network.localhost.prompt.testing.allow"); 47 }); 48 49 server1.registerPathHandler("/test", (request, response) => { 50 response.setHeader("Content-Type", "text/html", false); 51 response.write(` 52 <!DOCTYPE html> 53 <html> 54 <body> 55 <iframe src="${server2Base}/iframe" id="childframe1" 56 onload="loadSecondIframe()"></iframe> 57 58 <script> 59 function loadSecondIframe() { 60 const iframe = document.createElement('iframe'); 61 iframe.src = "${server1Base}/test2"; 62 iframe.id = "childframe2"; 63 document.body.appendChild(iframe); 64 } 65 </script> 66 </body> 67 </html> 68 `); 69 }); 70 71 server1.registerPathHandler("/test2", (request, response) => { 72 response.setHeader("Content-Type", "text/html", false); 73 response.write( 74 "<!DOCTYPE html><html><body><p>Dummy content</p></body></html>" 75 ); 76 }); 77 78 server2.registerPathHandler("/iframe", (request, response) => { 79 response.setHeader("Content-Type", "text/html", false); 80 response.write( 81 "<!DOCTYPE html><html><body><p>Iframe content</p></body></html>" 82 ); 83 }); 84 // Set up the http-on-stop-request observer 85 const testURLs = new Set([ 86 `${server1Base}/test`, 87 `${server2Base}/iframe`, 88 `${server1Base}/test2`, 89 ]); 90 91 let observerPromise = new Promise(resolve => { 92 let seen = new Set(); 93 94 var httpObserver = { 95 observe(subject, topic) { 96 if (topic !== "http-on-stop-request") { 97 return; 98 } 99 100 let channel = subject.QueryInterface(Ci.nsIHttpChannel); 101 if (!channel || !testURLs.has(channel.URI.spec)) { 102 return; 103 } 104 105 info(`Observed load of: ${channel.URI.spec}`); 106 is(channel.status, Cr.NS_OK, "Channel should have loaded successfully"); 107 seen.add(channel.URI.spec); 108 if (seen.size === 3) { 109 resolve(); 110 } 111 }, 112 }; 113 114 Services.obs.addObserver(httpObserver, "http-on-stop-request"); 115 }); 116 117 // Open the test page in a new tab 118 let tab = await BrowserTestUtils.openNewForegroundTab( 119 gBrowser, 120 `${server1Base}/test` 121 ); 122 123 await observerPromise; 124 125 // Cleanup 126 gBrowser.removeTab(tab); 127 });