Bug 1086999 - CSP: Asterisk (*) wildcard should not allow blob:, data:, or filesystem: when matching source expressions - tests (r=sstamm)
☠☠ backed out by 84f7fa96af4f ☠ ☠
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Tue, 10 Feb 2015 14:54:36 -0800
changeset 263930 cb83b6efa9ea1c9fd68725add50252df0670cf2b
parent 263929 5f23080673ee28422ca0e31a2e6e6337becf17f8
child 263931 772945b1130d44087ad2009c3112cb69e307549e
push id4718
push userraliiev@mozilla.com
push dateMon, 11 May 2015 18:39:53 +0000
treeherdermozilla-beta@c20c4ef55f08 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm
bugs1086999
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1086999 - CSP: Asterisk (*) wildcard should not allow blob:, data:, or filesystem: when matching source expressions - tests (r=sstamm)
dom/base/test/csp/file_blob_data_schemes.html
dom/base/test/csp/mochitest.ini
dom/base/test/csp/test_blob_data_schemes.html
new file mode 100644
--- /dev/null
+++ b/dom/base/test/csp/file_blob_data_schemes.html
@@ -0,0 +1,49 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1086999 - Wildcard should not match blob:, data:</title>
+</head>
+<body>
+<script type="text/javascript">
+
+var base64data =
+"iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+"P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==";
+
+
+// construct an image element using *data:*
+var data_src = "data:image/png;base64," + base64data;
+var data_img = document.createElement('img');
+data_img.onload = function() {
+  window.parent.postMessage({scheme: "data", result: "allowed"}, "*");
+}
+data_img.onerror = function() {
+  window.parent.postMessage({scheme: "data", result: "blocked"}, "*");
+}
+data_img.src = data_src;
+document.body.appendChild(data_img);
+
+
+// construct an image element using *blob:*
+var byteCharacters = atob(base64data);
+var byteNumbers = new Array(byteCharacters.length);
+for (var i = 0; i < byteCharacters.length; i++) {
+  byteNumbers[i] = byteCharacters.charCodeAt(i);
+}
+var byteArray = new Uint8Array(byteNumbers);
+var blob = new Blob([byteArray], {type: "image/png"});
+var imageUrl = URL.createObjectURL( blob );
+
+var blob_img = document.createElement('img');
+blob_img.onload = function() {
+  window.parent.postMessage({scheme: "blob", result: "allowed"}, "*");
+}
+blob_img.onerror = function() {
+  window.parent.postMessage({scheme: "blob", result: "blocked"}, "*");
+}
+blob_img.src = imageUrl;
+document.body.appendChild(blob_img);
+
+</script>
+</body>
+</html>
--- a/dom/base/test/csp/mochitest.ini
+++ b/dom/base/test/csp/mochitest.ini
@@ -1,11 +1,12 @@
 [DEFAULT]
 support-files =
   file_base-uri.html
+  file_blob_data_schemes.html
   file_connect-src.html
   file_connect-src-fetch.html
   file_CSP.css
   file_CSP.sjs
   file_csp_allow_https_schemes.html
   file_CSP_bug663567.xsl
   file_CSP_bug663567_allows.xml
   file_CSP_bug663567_allows.xml^headers^
@@ -105,16 +106,17 @@ support-files =
   file_null_baseuri.html
   file_form-action.html
   file_worker_redirect.html
   file_worker_redirect.sjs
   file_csp_referrerdirective.html
   referrerdirective.sjs
 
 [test_base-uri.html]
+[test_blob_data_schemes.html]
 [test_connect-src.html]
 [test_CSP.html]
 [test_csp_allow_https_schemes.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_CSP_bug663567.html]
 [test_CSP_bug802872.html]
 [test_CSP_bug885433.html]
 [test_CSP_bug888172.html]
new file mode 100644
--- /dev/null
+++ b/dom/base/test/csp/test_blob_data_schemes.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1086999 - Wildcard should not match blob:, data:</title>
+  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+  <iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * We load an image using a data: and a blob: scheme and make
+ * sure a CSP containing a single ASTERISK (*) does not whitelist
+ * those loads. The single ASTERISK character should not match a
+ * URI's scheme of a type designating globally unique identifier
+ * (such as blob:, data:, or filesystem:)
+ */
+
+var tests = [
+  {
+    policy : "default-src 'unsafe-inline' blob: data:",
+    expected : "allowed",
+  },
+  {
+    policy : "default-src 'unsafe-inline' *",
+    expected : "blocked"
+  }
+];
+
+var testIndex = 0;
+var messageCounter = 0;
+var curTest;
+
+// onError handler is over-reporting, hence we make sure that
+// we get an error for both testcases: data and blob before we
+// move on to the next test.
+var dataRan = false;
+var blobRan = false;
+
+// a postMessage handler to communicate the results back to the parent.
+window.addEventListener("message", receiveMessage, false);
+
+function receiveMessage(event)
+{
+  is(event.data.result, curTest.expected, event.data.scheme + " should be " + curTest.expected);
+
+  if (event.data.scheme === "data") {
+    dataRan = true;
+  }
+  if (event.data.scheme === "blob") {
+    blobRan = true;
+  }
+  if (dataRan && blobRan) {
+    loadNextTest();
+  }
+}
+
+function loadNextTest() {
+  if (testIndex === tests.length) {
+    window.removeEventListener("message", receiveMessage, false);
+    SimpleTest.finish();
+    return;
+  }
+
+  dataRan = false;
+  blobRan = false;
+
+  curTest = tests[testIndex++];
+  // reset the messageCounter to make sure we receive all the postMessages from the iframe
+  messageCounter = 0;
+
+  var src = "file_csp_testserver.sjs";
+  // append the file that should be served
+  src += "?file=" + escape("tests/dom/base/test/csp/file_blob_data_schemes.html");
+  // append the CSP that should be used to serve the file
+  src += "&csp=" + escape(curTest.policy);
+
+  document.getElementById("testframe").src = src;
+}
+
+SimpleTest.waitForExplicitFinish();
+loadNextTest();
+
+</script>
+</body>
+</html>