browser_simple_unknown_uris.js (3792B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 ChromeUtils.defineESModuleGetters(this, { 6 RemoteSettings: "resource://services-settings/remote-settings.sys.mjs", 7 }); 8 9 const { 10 checkInputAndSerializationMatch, 11 checkInputAndSerializationMatchChild, 12 checkSerializationMissingSecondColon, 13 checkSerializationMissingSecondColonChild, 14 removeSecondColon, 15 } = ChromeUtils.importESModule( 16 "resource://testing-common/simple_unknown_uri_helpers.sys.mjs" 17 ); 18 19 add_setup(async () => { 20 await SpecialPowers.pushPrefEnv({ 21 set: [ 22 ["network.url.useDefaultURI", true], 23 ["network.url.simple_uri_unknown_schemes_enabled", true], 24 ["network.url.simple_uri_unknown_schemes", "simpleprotocol,otherproto"], 25 ], 26 }); 27 }); 28 29 add_task(async function test_bypass_remote_settings_static_parent() { 30 // sanity check 31 checkInputAndSerializationMatch("https://example.com/"); 32 33 // nsStandardURL removes second colon when nesting protocols 34 checkSerializationMissingSecondColon("https://https://example.com/"); 35 36 // no-bypass unknown protocol uses defaultURI 37 checkSerializationMissingSecondColon( 38 "nonsimpleprotocol://https://example.com" 39 ); 40 41 // simpleURI keeps the second colon 42 // an unknown protocol in the bypass list will use simpleURI 43 // despite network.url.useDefaultURI being enabled 44 let same = "simpleprotocol://https://example.com"; 45 checkInputAndSerializationMatch(same); 46 47 // scheme bypass from static remote-settings 48 checkInputAndSerializationMatch("ed2k://https://example.com"); 49 50 // check the pref-specified scheme again (remote settings shouldn't overwrite) 51 checkInputAndSerializationMatch(same); 52 }); 53 54 add_task(async function test_bypass_remote_settings_static_child() { 55 await SpecialPowers.pushPrefEnv({ 56 set: [["security.allow_eval_with_system_principal", true]], 57 }); 58 59 const URL_EXAMPLE = "https://example.com"; 60 const tab = BrowserTestUtils.addTab(gBrowser, URL_EXAMPLE); 61 const browser = gBrowser.getBrowserForTab(tab); 62 await BrowserTestUtils.browserLoaded(browser); 63 64 await SpecialPowers.spawn( 65 browser, 66 67 [ 68 removeSecondColon.toString(), 69 checkSerializationMissingSecondColonChild.toString(), 70 checkInputAndSerializationMatchChild.toString(), 71 ], 72 (rscSource, csmscSource, ciasmcSource) => { 73 /* eslint-disable no-eval */ 74 // eslint-disable-next-line no-unused-vars 75 let removeSecondColon = eval(`(${rscSource})`); // used by check fns 76 let checkSerializationMissingSecondColonChild = eval(`(${csmscSource})`); 77 let checkInputAndSerializationMatchChild = eval(`(${ciasmcSource})`); 78 /* eslint-enable no-eval */ 79 80 checkInputAndSerializationMatchChild("https://example.com/"); 81 82 // nsStandardURL removes second colon when nesting protocols 83 checkSerializationMissingSecondColonChild("https://https://example.com"); 84 85 // no-bypass protocol uses defaultURI 86 checkSerializationMissingSecondColonChild( 87 "nonsimpleprotocol://https://example.com" 88 ); 89 90 // simpleURI keeps the second colon 91 // an unknown protocol in the bypass list will use simpleURI 92 // despite network.url.useDefaultURI being enabled 93 let same = "simpleprotocol://https://example.com"; 94 checkInputAndSerializationMatchChild(same); 95 96 // scheme bypass from static remote-settings 97 checkInputAndSerializationMatchChild("ed2k://https://example.com"); 98 99 // pref-specified scheme shouldn't be overwritten by remote settings schemes 100 checkInputAndSerializationMatchChild(same); 101 } 102 ); 103 104 // Cleanup 105 BrowserTestUtils.removeTab(tab); 106 Services.cookies.removeAll(); 107 });