Bug 803225 - Test different protocols that are allowed in nsMixedContentBlocker.cpp. r=bz, r=smaug
☠☠ backed out by 6d4a9a61a335 ☠ ☠
authorTanvi Vyas <tvyas@mozilla.com>
Thu, 15 Nov 2012 20:34:56 -0500
changeset 113450 5bdf8bbcd02f481ea04fef10e255142b0c202ec1
parent 113449 df27137cb7d1a4cb060b72bffed8ffd35212ce0f
child 113451 7f785ec19024ddb5cbb760da3b5c602ab657ef76
push id18158
push userryanvm@gmail.com
push dateFri, 16 Nov 2012 01:34:59 +0000
treeherdermozilla-inbound@90c362bfd156 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, smaug
bugs803225
milestone19.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 803225 - Test different protocols that are allowed in nsMixedContentBlocker.cpp. r=bz, r=smaug
content/base/test/Makefile.in
content/base/test/bug803225_test_mailto.html
content/base/test/file_mixed_content_main_bug803225.html
content/base/test/file_mixed_content_main_bug803225_websocket_wsh.py
content/base/test/test_mixed_content_blocker_bug803225.html
testing/mochitest/android.json
--- a/content/base/test/Makefile.in
+++ b/content/base/test/Makefile.in
@@ -580,16 +580,20 @@ MOCHITEST_FILES_B = \
 		test_XHR_anon.html \
 		file_XHR_anon.sjs \
 		test_XHR_system.html \
 		test_XHR_parameters.html \
 		test_ipc_messagemanager_blob.html \
 		test_mixed_content_blocker.html \
 		file_mixed_content_main.html \
 		file_mixed_content_server.sjs \
+    test_mixed_content_blocker_bug803225.html \
+    file_mixed_content_main_bug803225.html \
+    file_mixed_content_main_bug803225_websocket_wsh.py \
+    bug803225_test_mailto.html \
 		test_bug789856.html \
 		file_bug804395.jar \
 		test_bug804395.html \
 		test_bug809003.html \
 		$(NULL)
 
 # OOP tests don't work on Windows (bug 763081) or native-fennec
 # (see Bug 774939)
new file mode 100644
--- /dev/null
+++ b/content/base/test/bug803225_test_mailto.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Mailto Protocol Compose Page
+https://bugzilla.mozilla.org/show_bug.cgi?id=803225
+-->
+<head> <meta charset="utf-8"> 
+</head>
+<body>
+Hello
+<script>window.close();</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/content/base/test/file_mixed_content_main_bug803225.html
@@ -0,0 +1,160 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Allowed Protocols
+https://bugzilla.mozilla.org/show_bug.cgi?id=803225
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 62178</title>
+  <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
+</head>
+<body>
+<div id="testContent"></div>
+
+<!-- Test additional schemes the Mixed Content Blocker should not block
+     "about" protocol URIs that are URI_SAFE_FOR_UNTRUSTED_CONTENT (moz-safe-about; see nsAboutProtocolHandler::NewURI
+     "data",
+     "javascript",
+     "mailto",
+     "resource",
+     "moz-icon",
+     "wss"
+-->
+
+<script>
+
+  //For tests that require setTimeout, set the timeout interval
+  var TIMEOUT_INTERVAL = 100;
+
+  var testContent = document.getElementById("testContent");
+
+  // Test 1 & 2: about and javascript protcols within an iframe
+  var data = Array(2,2);
+  var protocols = [
+                    ["about", ""], //When no source is specified, the frame gets a source of about:blank
+                    ["javascript", "javascript:document.open();document.write='<h1>SUCCESS</h1>';document.close();"],
+                  ];
+  for(var i=0; i < protocols.length; i++)
+  {
+    var generic_frame = document.createElement("iframe");
+    generic_frame.src = protocols[i][1];
+    generic_frame.name="generic_protocol";
+
+    generic_frame.onload = function(i) {
+      data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol loaded"};
+      parent.postMessage(data, "http://mochi.test:8888");
+    }.bind(generic_frame, i)
+
+    generic_frame.onerror = function(i) {
+      data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol did not load"};
+      parent.postMessage(data, "http://mochi.test:8888");
+    }.bind(generic_frame, i);
+
+    testContent.appendChild(generic_frame, i);
+  }
+
+  // Test 3: for resource within a script tag
+  var resource_script=document.createElement("script");
+  resource_script.src = "resource://gre/modules/XPCOMUtils.jsm";
+  resource_script.name = "resource_protocol";
+  resource_script.onload = function() {
+    parent.postMessage({"test": "resource", "msg": "resource with resource protocol loaded"}, "http://mochi.test:8888");
+  }
+  resource_script.onerror = function() {
+    parent.postMessage({"test": "resource", "msg": "resource with resource protocol did not load"}, "http://mochi.test:8888");
+  }
+
+  testContent.appendChild(resource_script);
+
+  // Test 4: moz-icon within an img tag
+  var image=document.createElement("img");
+  image.src = "moz-icon://dummy.exe?size=16";
+  image.onload = function() {
+    parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol loaded"}, "http://mochi.test:8888");
+  }
+  image.onerror = function() {
+    parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol did not load"}, "http://mochi.test:8888");
+  }
+  // We don't need to append the image to the document. Doing so causes the image test to run twice.
+
+  // Test 5: about unsafe protocol within an iframe
+  var unsafe_about_frame = document.createElement("iframe");
+  unsafe_about_frame.src = "about:config";
+  unsafe_about_frame.name = "unsafe_about_protocol";
+  unsafe_about_frame.onload = function() {
+    parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol loaded"}, "http://mochi.test:8888");
+  }
+  unsafe_about_frame.onerror = function() {
+    parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol did not load"}, "http://mochi.test:8888");
+  }
+  testContent.appendChild(unsafe_about_frame);
+
+  // Test 6: data protocol within a script tag
+  var x = 2;
+  var newscript = document.createElement("script");
+  newscript.src= "data:text/javascript,var x = 4;";
+  newscript.onload = function() {
+    parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol protocol loaded"}, "http://mochi.test:8888");
+  }
+  newscript.onerror = function() {
+    parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol protocol did not load"}, "http://mochi.test:8888");
+  }
+  testContent.appendChild(newscript);
+
+  // Test 7: mailto protocol
+  var ioService = SpecialPowers.Cc["@mozilla.org/network/io-service;1"].
+     getService(SpecialPowers.Ci.nsIIOService);
+
+  var webHandler = SpecialPowers.Cc["@mozilla.org/uriloader/web-handler-app;1"].
+                   createInstance(SpecialPowers.Ci.nsIWebHandlerApp);
+  webHandler.name = "Web Handler";
+  webHandler.uriTemplate = "http://example.com/tests/content/base/test/bug803225_test_mailto.html?s=%";
+
+  var uri = ioService.newURI("mailto:foo@bar.com", null, null);
+  webHandler.launchWithURI(uri);
+
+  var mailto = false;
+
+  // listen for a messages from a new window
+  var observer = {
+    observe: function(subject, topic, data) {
+      if(topic == "content-document-global-created" && data =="http://example.com") {
+         parent.postMessage({"test": "mailto", "msg": "resource with mailto protocol loaded"}, "http://mochi.test:8888");
+         mailto = true;
+      }
+    }
+  }
+  var os = SpecialPowers.Cc["@mozilla.org/observer-service;1"].
+     getService(SpecialPowers.Components.interfaces.nsIObserverService);
+  os.addObserver(observer, "content-document-global-created", false);
+
+  function mailtoProtocolStatus() {
+    if(!mailto) {
+      //There is no onerror event associated with the WebHandler, and hence we need a setTimeout to check the status
+      setTimeout(mailtoProtocolStatus, TIMEOUT_INTERVAL);
+    }
+  }
+
+  mailtoProtocolStatus();
+
+  // Test 8: wss protocol
+  var wss;
+  wss = new WebSocket("wss://example.com/tests/content/base/test/file_mixed_content_main_bug803225_websocket");
+
+  var status_wss = "started";
+  wss.onopen = function(e) {
+     status_wss = "opened";
+     wss.close();
+  }
+  wss.onclose = function(e) {
+    if(status_wss == "opened") {
+      parent.postMessage({"test": "wss", "msg": "resource with wss protocol loaded"}, "http://mochi.test:8888");
+    } else {
+      parent.postMessage({"test": "wss", "msg": "resource with wss protocol did not load"}, "http://mochi.test:8888");
+    }
+  }
+
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/content/base/test/file_mixed_content_main_bug803225_websocket_wsh.py
@@ -0,0 +1,7 @@
+from mod_pywebsocket import msgutil
+
+def web_socket_do_extra_handshake(request):
+  pass
+
+def web_socket_transfer_data(request):
+  resp = ""
new file mode 100644
--- /dev/null
+++ b/content/base/test/test_mixed_content_blocker_bug803225.html
@@ -0,0 +1,148 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Testing Whitelist of Resource Schemed for Mixed Content Blocker
+https://bugzilla.mozilla.org/show_bug.cgi?id=803225
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 803225</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+  <script>
+
+  var origBlockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
+  var origBlockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+
+  var counter = 0;
+  var settings = [ [true, true], [true, false], [false, true], [false, false] ];
+
+  var blockActive;
+  var blockDisplay;
+
+  //Cycle through 4 different preference settings.
+  function changePrefs(x) {
+    SpecialPowers.setBoolPref("security.mixed_content.block_display_content", settings[x][0]);
+    SpecialPowers.setBoolPref("security.mixed_content.block_active_content", settings[x][1]);
+    blockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
+    blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+  }
+
+  //Set the first set of settings (true, true) and increment the counter.
+  changePrefs(counter);
+  counter++;
+
+  var testsToRun = {
+    /* https - Tests already run as part of bug 62178. */
+    about: false,
+    mozicon: false,
+    resource: false,
+    unsafe_about: false,
+    data_protocol: false,
+    javascript: false,
+    mailto: false,
+    wss: false,
+  };
+
+  function log(msg) {
+    document.getElementById("log").textContent += "\n" + msg;
+  }
+
+  function checkTestsCompleted() {
+    for (var prop in testsToRun) {
+      // some test hasn't run yet so we're not done
+      if (!testsToRun[prop])
+        return;
+    }
+    //if the testsToRun are all completed, change the pref and run the tests again until we have cycled through all the prefs.
+    if(counter < 4) {
+       for (var prop in testsToRun) {
+         testsToRun[prop] = false;
+       }
+      //call to change the preferences
+      changePrefs(counter);
+      counter++;
+      log("\nblockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+".");
+      document.getElementById('framediv').innerHTML = '<iframe id="testHarness" src="https://example.com/tests/content/base/test/file_mixed_content_main_bug803225.html"></iframe>';
+    }
+    else {
+      //set the prefs back to what they were set to originally
+      SpecialPowers.setBoolPref("security.mixed_content.block_display_content", origBlockDisplay);
+      SpecialPowers.setBoolPref("security.mixed_content.block_active_content", origBlockActive);
+      SimpleTest.finish();
+    }
+  }
+
+  var firstTest = true;
+
+  // listen for a messages from the mixed content test harness
+  window.addEventListener("message", receiveMessage, false);
+  function receiveMessage(event) {
+    if(firstTest) {
+      log("blockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+".");
+      firstTest = false;
+    }
+
+    log("test: "+event.data.test+", msg: "+event.data.msg + " logging message.");
+    // test that the load type matches the pref for this type of content
+    // (i.e. active vs. display)
+
+    switch(event.data.test) {
+
+      /* Mixed Script tests */
+      case "about":
+        ok(event.data.msg == "resource with about protocol loaded", "resource with about protocol did not load");
+        testsToRun["about"] = true;
+        break;
+
+      case "resource":
+        ok(event.data.msg == "resource with resource protocol loaded", "resource with resource protocol did not load");
+        testsToRun["resource"] = true;
+        break;
+
+      case "mozicon":
+        ok(event.data.msg == "resource with mozicon protocol loaded", "resource with mozicon protocol did not load");
+        testsToRun["mozicon"] = true;
+        break;
+
+      case "unsafe_about":
+        // This one should not load
+        ok(event.data.msg == "resource with unsafe about protocol did not load", "resource with unsafe about protocol loaded");
+        testsToRun["unsafe_about"] = true;
+        break;
+
+      case "data_protocol":
+        ok(event.data.msg == "resource with data protocol loaded", "resource with data protocol did not load");
+        testsToRun["data_protocol"] = true;
+        break;
+
+      case "javascript":
+        ok(event.data.msg == "resource with javascript protocol loaded", "resource with javascript protocol did not load");
+        testsToRun["javascript"] = true;
+        break;
+
+      case "wss":
+        ok(event.data.msg == "resource with wss protocol loaded", "resource with wss protocol did not load");
+        testsToRun["wss"] = true;
+        break;
+
+      case "mailto":
+        ok(event.data.msg == "resource with mailto protocol loaded", "resource with mailto protocol did not load");
+        testsToRun["mailto"] = true;
+        break;
+    }
+    checkTestsCompleted();
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  </script>
+</head>
+
+<body>
+  <div id="framediv">
+    <iframe id="testHarness" src="https://example.com/tests/content/base/test/file_mixed_content_main_bug803225.html"></iframe>
+  </div>
+  <pre id="log"></pre>
+</body>
+</html>
--- a/testing/mochitest/android.json
+++ b/testing/mochitest/android.json
@@ -15,16 +15,17 @@
  "content/base/test/test_bug503481.html": "TIMED_OUT",
  "content/base/test/test_bug503481b.html": "TIMED_OUT",
  "content/base/test/test_bug505783.html": "TIMED_OUT",
  "content/base/test/test_copypaste.html": "",
  "content/base/test/test_csp_redirects.html": "TIMED_OUT",
  "content/base/test/test_fileapi_slice.html": "bug 775227",
  "content/base/test/test_mozfiledataurl.html": "TIMED_OUT",
  "content/base/test/test_mixed_content_blocker.html": "TIMED_OUT, SSL_REQUIRED",
+ "content/base/test/test_mixed_content_blocker_bug803225.html": "TIMED_OUT, SSL_REQUIRED",
  "content/base/test/test_mutationobservers.html": "",
  "content/base/test/test_plugin_freezing.html": "CLICK_TO_PLAY",
  "content/base/test/test_range_bounds.html": "",
  "content/base/test/test_reentrant_flush.html": "RANDOM",
  "content/base/test/test_sync_xhr_timer.xhtml": "RANDOM",
  "content/base/test/test_websocket.html": "",
  "content/base/test/test_websocket_basic.html": "",
  "content/base/test/test_websocket_hello.html": "",