Bug 840388 - Mochitests that navigate https frames to http frames, both when a secure parent exists and when no secure parents exist. Tested with the mixed active content pref enabled and disabled. r=smaug
authorTanvi Vyas <tvyas@mozilla.com>
Wed, 27 Mar 2013 22:11:59 -0700
changeset 126526 cdcf6581c682bfef3270e25d3390897cfb71a0de
parent 126525 cf276949f2b65be190249b943557efa629e11c53
child 126527 844ef68557d8339001a1dc7ea25a10737be07bb1
push id24485
push userryanvm@gmail.com
push dateThu, 28 Mar 2013 12:31:20 +0000
treeherdermozilla-central@293498096b28 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs840388
milestone22.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 840388 - Mochitests that navigate https frames to http frames, both when a secure parent exists and when no secure parents exist. Tested with the mixed active content pref enabled and disabled. r=smaug
content/base/test/Makefile.in
content/base/test/file_mixed_content_frameNavigation.html
content/base/test/file_mixed_content_frameNavigation_grandchild.html
content/base/test/file_mixed_content_frameNavigation_innermost.html
content/base/test/file_mixed_content_frameNavigation_secure.html
content/base/test/file_mixed_content_frameNavigation_secure_grandchild.html
content/base/test/test_mixed_content_blocker_frameNavigation.html
testing/mochitest/android.json
testing/mochitest/b2g.json
--- a/content/base/test/Makefile.in
+++ b/content/base/test/Makefile.in
@@ -589,20 +589,26 @@ MOCHITEST_FILES_C= \
 		file_XHR_system_redirect.html \
 		file_XHR_system_redirect.html^headers^ \
 		test_XHR_system.html \
 		test_XHR_parameters.html \
 		test_ipc_messagemanager_blob.html \
 		test_mixed_content_blocker.html \
 		file_mixed_content_main.html \
 		file_mixed_content_server.sjs \
-    test_mixed_content_blocker_bug803225.html \
-    file_mixed_content_main_bug803225.html \
-    file_mixed_content_main_bug803225_websocket_wsh.py \
-    bug803225_test_mailto.html \
+		test_mixed_content_blocker_bug803225.html \
+		file_mixed_content_main_bug803225.html \
+		file_mixed_content_main_bug803225_websocket_wsh.py \
+		bug803225_test_mailto.html \
+		test_mixed_content_blocker_frameNavigation.html \
+		file_mixed_content_frameNavigation.html \
+		file_mixed_content_frameNavigation_innermost.html \
+		file_mixed_content_frameNavigation_grandchild.html \
+		file_mixed_content_frameNavigation_secure.html \
+		file_mixed_content_frameNavigation_secure_grandchild.html \
 		test_bug789856.html \
 		file_bug804395.jar \
 		test_bug804395.html \
 		test_bug809003.html \
 		test_bug810494.html \
 		test_bug819051.html \
 		bug819051.sjs \
 		test_textnode_split_in_selection.html \
new file mode 100644
--- /dev/null
+++ b/content/base/test/file_mixed_content_frameNavigation.html
@@ -0,0 +1,74 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker related to navigating children, grandchildren, etc
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+<div id="testContent"></div>
+
+<script>
+  var baseUrlHttps = "https://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html";
+
+  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+
+  var testContent = document.getElementById("testContent");
+
+  // Test 1: Navigate secure iframe to insecure iframe on an insecure page
+  var iframe_test1 = document.createElement("iframe");
+  var counter_test1 = 0;
+  iframe_test1.src = baseUrlHttps + "?insecurePage_navigate_child";
+  iframe_test1.setAttribute("id", "test1");
+  iframe_test1.onerror = function() {
+    parent.postMessage({"test": "insecurePage_navigate_child", "msg": "got an onerror alert when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test1);
+
+  function navigationStatus(iframe_test1)
+  {
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      var loc = document.getElementById("test1").contentDocument.location;
+    } catch(e) {
+      if (e.name === "SecurityError") {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter_test1++;
+      return;
+    }
+    if (loc == "http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?insecurePage_navigate_child_response") {
+      return;
+    }
+    else {
+      if(counter_test1 < MAX_COUNT) {
+        counter_test1++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        parent.postMessage({"test": "insecurePage_navigate_child", "msg": "navigating to insecure iframe blocked on insecure page"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+
+  // Test 2: Navigate secure grandchild iframe to insecure grandchild iframe on a page that has no secure parents
+  var iframe_test2 = document.createElement("iframe");
+  iframe_test2.src = "http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_grandchild.html"
+  iframe_test2.onerror = function() {
+    parent.postMessage({"test": "insecurePage_navigate_grandchild", "msg": "got an on error alert when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test2);
+
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/content/base/test/file_mixed_content_frameNavigation_grandchild.html
@@ -0,0 +1,54 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Navigating Grandchild frames when a secure parent doesn't exist
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+<iframe src="https://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?insecurePage_navigate_grandchild" id="child"></iframe>
+
+<script>
+  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+  var counter = 0;
+
+  var child = document.getElementById("child");
+  function navigationStatus(child)
+  {
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      var loc = child.contentDocument.location;
+    } catch(e) {
+      if (e.message && e.message.indexOf("Permission denied to access property") == -1) {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter++;
+      return;
+    }
+    if (loc == "http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?insecurePage_navigate_grandchild_response") {
+      return;
+    }
+    else {
+      if(counter < MAX_COUNT) {
+        counter++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        parent.parent.postMessage({"test": "insecurePage_navigate_grandchild", "msg": "navigating to insecure grandchild iframe blocked on insecure page"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/content/base/test/file_mixed_content_frameNavigation_innermost.html
@@ -0,0 +1,61 @@
+<!DOCTYPE HTML>
+<html>
+<body>
+<div id="content"></div>
+<script>
+  // get the case from the query string
+  var type = location.search.substring(1);
+
+  switch (type) {
+    case "insecurePage_navigate_child":
+      document.getElementById("content").innerHTML =
+        '<a href="http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?insecurePage_navigate_child_response" id="link">Testing\<\/a>';
+      document.getElementById("link").click();
+      break;
+
+    case "insecurePage_navigate_child_response":
+      parent.parent.postMessage({"test": "insecurePage_navigate_child", "msg": "navigated to insecure iframe on insecure page"}, "http://mochi.test:8888");
+      document.getElementById("content").innerHTML = "Navigated from secure to insecure frame on an insecure page";
+      break;
+
+    case "insecurePage_navigate_grandchild":
+      document.getElementById("content").innerHTML =
+        '<a href="http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?insecurePage_navigate_grandchild_response" id="link">Testing\<\/a>';
+      document.getElementById("link").click();
+      break;
+
+    case "insecurePage_navigate_grandchild_response":
+      parent.parent.parent.postMessage({"test": "insecurePage_navigate_grandchild", "msg": "navigated to insecure grandchild iframe on insecure page"}, "http://mochi.test:8888");
+      document.getElementById("content").innerHTML = "Navigated from secure to insecure grandchild frame on an insecure page";
+      break;
+
+    case "securePage_navigate_child":
+      document.getElementById("content").innerHTML =
+        '<a href="http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?securePage_navigate_child_response" id="link">Testing\<\/a>';
+      document.getElementById("link").click();
+      break;
+
+    case "securePage_navigate_child_response":
+      document.getElementById("content").innerHTML = "<p>Navigated from secure to insecure frame on a secure page</p>";
+      parent.parent.postMessage({"test": "securePage_navigate_child", "msg": "navigated to insecure iframe on secure page"}, "http://mochi.test:8888");
+      break;
+
+    case "securePage_navigate_grandchild":
+      document.getElementById("content").innerHTML=
+        '<a href="http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?securePage_navigate_grandchild_response" id="link">Testing\<\/a>';
+      document.getElementById("link").click();
+      break;
+
+    case "securePage_navigate_grandchild_response":
+      parent.parent.parent.postMessage({"test": "securePage_navigate_grandchild", "msg": "navigated to insecure grandchild iframe on secure page"}, "http://mochi.test:8888");
+      document.getElementById("content").innerHTML = "<p>Navigated from secure to insecure grandchild frame on a secure page</p>";
+      break;
+
+    default:
+      document.getElementById("content").innerHTML = "Hello";
+      break;
+   }
+
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/content/base/test/file_mixed_content_frameNavigation_secure.html
@@ -0,0 +1,75 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker related to navigating children, grandchildren, etc
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+<div id="testContent"></div>
+
+<script>
+  var baseUrl = "https://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html";
+
+  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+
+  var testContent = document.getElementById("testContent");
+
+  // Test 1: Navigate secure iframe to insecure iframe on a secure page
+  var iframe_test1 = document.createElement("iframe");
+  var counter_test1 = 0;
+  iframe_test1.setAttribute("id", "test1");
+  iframe_test1.src = baseUrl + "?securePage_navigate_child";
+  iframe_test1.onerror = function() {
+    parent.postMessage({"test": "securePage_navigate_child", "msg": "got an onerror event when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test1);
+
+  function navigationStatus(iframe_test1)
+  {
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      var loc = document.getElementById("test1").contentDocument.location;
+    } catch(e) {
+      if (e.name === "SecurityError") {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter_test1++;
+      return;
+    }
+    if (loc == "http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?insecurePage_navigate_child_response") {
+      return;
+    } else {
+      if(counter_test1 < MAX_COUNT) {
+        counter_test1++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        parent.postMessage({"test": "securePage_navigate_child", "msg": "navigating to insecure iframe blocked on secure page"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
+
+  // Test 2: Navigate secure grandchild iframe to insecure grandchild iframe on a page that has at least one secure parent (in this example, both the parent and grandparent are https)
+
+  var iframe_test2 = document.createElement("iframe");
+  iframe_test2.src = "https://example.com/tests/content/base/test/file_mixed_content_frameNavigation_secure_grandchild.html";
+  iframe_test2.onerror = function() {
+    parent.postMessage({"test": "securePage_navigate_grandchild", "msg": "got an onerror event when loading or navigating testing iframe"}, "http://mochi.test:8888");
+  };
+  testContent.appendChild(iframe_test2);
+
+
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/content/base/test/file_mixed_content_frameNavigation_secure_grandchild.html
@@ -0,0 +1,54 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker - Navigating Grandchild Frames when a secure parent exists
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Mixed Content Frame Navigation</title>
+</head>
+<body>
+
+<iframe src="https://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?securePage_navigate_grandchild" id="child"></iframe>
+<script>
+  // For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
+  var MAX_COUNT = 50;
+  var TIMEOUT_INTERVAL = 100;
+  var counter = 0;
+
+  var child = document.getElementById("child");
+  function navigationStatus(child)
+  {
+    // When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
+    // Catch that specific exception and return
+    try {
+      var loc = child.contentDocument.location;
+    } catch(e) {
+      if (e.message && e.message.indexOf("Permission denied to access property") == -1) {
+        // We received an exception we didn't expect.
+        throw e;
+      }
+      counter++;
+      return;
+    }
+    if (loc == "http://example.com/tests/content/base/test/file_mixed_content_frameNavigation_innermost.html?securePage_navigate_grandchild_response") {
+      return;
+    }
+    else {
+      if(counter < MAX_COUNT) {
+        counter++;
+        setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+      }
+      else {
+        // After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
+        parent.parent.postMessage({"test": "securePage_navigate_grandchild", "msg": "navigating to insecure grandchild iframe blocked on secure page"}, "http://mochi.test:8888");
+      }
+    }
+  }
+
+  setTimeout(navigationStatus, TIMEOUT_INTERVAL, child);
+
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/content/base/test/test_mixed_content_blocker_frameNavigation.html
@@ -0,0 +1,126 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests for Mixed Content Blocker
+https://bugzilla.mozilla.org/show_bug.cgi?id=840388
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Tests for Bug 840388</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+  <script>
+  var counter = 0;
+  var origBlockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+
+  SpecialPowers.setBoolPref("security.mixed_content.block_active_content", true);
+  var blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+
+
+  var testsToRunInsecure = {
+    insecurePage_navigate_child: false,
+    insecurePage_navigate_grandchild: false,
+  };
+
+  var testsToRunSecure = {
+    securePage_navigate_child: false,
+    securePage_navigate_grandchild: false,
+  };
+
+  function log(msg) {
+    document.getElementById("log").textContent += "\n" + msg;
+  }
+
+  var secureTestsStarted = false;
+  function checkTestsCompleted() {
+    for (var prop in testsToRunInsecure) {
+      // some test hasn't run yet so we're not done
+      if (!testsToRunInsecure[prop])
+        return;
+    }
+    // If we are here, all the insecure tests have run.
+    // If we haven't changed the iframe to run the secure tests, change it now.
+    if (!secureTestsStarted) {
+      document.getElementById('testing_frame').src = "https://example.com/tests/content/base/test/file_mixed_content_frameNavigation_secure.html";
+      secureTestsStarted = true;
+    }
+    for (var prop in testsToRunSecure) {
+      // some test hasn't run yet so we're not done
+      if (!testsToRunSecure[prop])
+        return;
+    }
+    //if the secure and insecure testsToRun are all completed, change the block mixed active content pref and run the tests again.
+    if(counter < 1) {
+       for (var prop in testsToRunSecure) {
+         testsToRunSecure[prop] = false;
+       }
+       for (var prop in testsToRunInsecure) {
+         testsToRunInsecure[prop] = false;
+       }
+      //call to change the preferences
+      counter++;
+      SpecialPowers.setBoolPref("security.mixed_content.block_active_content", false);
+      blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
+      log("blockActive set to "+blockActive+".");
+      secureTestsStarted = false;
+      document.getElementById('framediv').innerHTML = '<iframe src="http://example.com/tests/content/base/test/file_mixed_content_frameNavigation.html" id="testing_frame"></iframe>';
+    }
+    else {
+      //set the prefs back to what they were set to originally
+      SpecialPowers.setBoolPref("security.mixed_content.block_active_content", origBlockActive);
+      SimpleTest.finish();
+    }
+  }
+
+  var firstTestDebugMessage = true;
+
+  // listen for a messages from the mixed content test harness
+  window.addEventListener("message", receiveMessage, false);
+  function receiveMessage(event) {
+    if(firstTestDebugMessage) {
+      log("blockActive set to "+blockActive);
+      firstTestDebugMessage = false;
+    }
+
+    log("test: "+event.data.test+", msg: "+event.data.msg + ".");
+    // test that the load type matches the pref for this type of content
+    // (i.e. active vs. display)
+
+    switch(event.data.test) {
+
+      case "insecurePage_navigate_child":
+        ok((event.data.msg == "navigated to insecure iframe on insecure page"), "navigating to insecure iframe blocked on insecure page");
+        testsToRunInsecure["insecurePage_navigate_child"] = true;
+        break;
+
+      case "insecurePage_navigate_grandchild":
+        ok((event.data.msg == "navigated to insecure grandchild iframe on insecure page"), "navigating to insecure grandchild iframe blocked on insecure page");
+        testsToRunInsecure["insecurePage_navigate_grandchild"] = true;
+        break;
+
+      case "securePage_navigate_child":
+        ok(blockActive == (event.data.msg == "navigating to insecure iframe blocked on secure page"), "navigated to insecure iframe on secure page");
+        testsToRunSecure["securePage_navigate_child"] = true;
+        break;
+
+      case "securePage_navigate_grandchild":
+        ok(blockActive == (event.data.msg == "navigating to insecure grandchild iframe blocked on secure page"), "navigated to insecure granchild iframe on secure page");
+        testsToRunSecure["securePage_navigate_grandchild"] = true;
+        break;
+    }
+    checkTestsCompleted();
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  </script>
+</head>
+
+<body>
+  <div id="framediv">
+    <iframe src="http://example.com/tests/content/base/test/file_mixed_content_frameNavigation.html" id="testing_frame"></iframe>
+  </div>
+
+  <pre id="log"></pre>
+</body>
+</html>
--- a/testing/mochitest/android.json
+++ b/testing/mochitest/android.json
@@ -16,16 +16,17 @@
  "content/base/test/test_bug503481b.html": "TIMED_OUT",
  "content/base/test/test_bug505783.html": "TIMED_OUT",
  "content/base/test/test_copypaste.html": "",
  "content/base/test/test_csp_redirects.html": "TIMED_OUT",
  "content/base/test/test_fileapi_slice.html": "bug 775227",
  "content/base/test/test_mozfiledataurl.html": "TIMED_OUT",
  "content/base/test/test_mixed_content_blocker.html": "TIMED_OUT, SSL_REQUIRED",
  "content/base/test/test_mixed_content_blocker_bug803225.html": "TIMED_OUT, SSL_REQUIRED",
+ "content/base/test/test_mixed_content_blocker_frameNavigation.html": "TIMED_OUT, SSL_REQUIRED",
  "content/base/test/test_mutationobservers.html": "",
  "content/base/test/test_plugin_freezing.html": "CLICK_TO_PLAY",
  "content/base/test/test_object.html": "",
  "content/base/test/test_range_bounds.html": "",
  "content/base/test/test_reentrant_flush.html": "RANDOM",
  "content/base/test/test_sync_xhr_timer.xhtml": "RANDOM",
  "content/base/test/test_websocket.html": "",
  "content/base/test/test_websocket_basic.html": "",
--- a/testing/mochitest/b2g.json
+++ b/testing/mochitest/b2g.json
@@ -89,16 +89,18 @@
 	"content/base/test/test_child_process_shutdown_message.html":"",
 	"content/base/test/test_classList.html":"",
 	"content/base/test/test_copypaste.html":"",
 	"content/base/test/test_csp_redirects.html":"",
 	"content/base/test/test_fileapi.html":"",
 	"content/base/test/test_fileapi_slice.html":"",
 	"content/base/test/test_messagemanager_assertpermission.html":"",
 	"content/base/test/test_mixed_content_blocker.html":"",
+	"content/base/test/test_mixed_content_blocker_bug803225.html": "",
+	"content/base/test/test_mixed_content_blocker_frameNavigation.html": "",
 	"content/base/test/test_mozfiledataurl.html":"",
 	"content/base/test/test_mutationobservers.html":"",
 	"content/base/test/test_range_bounds.html":"",
 	"content/base/test/test_title.html":"",
 	"content/base/test/test_websocket.html":"",
 	"content/base/test/test_websocket_basic.html":"",
 	"content/base/test/test_websocket_hello.html":"",
 	"content/base/test/test_x-frame-options.html":"",