Bug 1216793 - Add tests for TP in XHRs and fetch(). r=gcp
authorFrancois Marier <francois@mozilla.com>
Mon, 30 Nov 2015 16:28:39 -0800
changeset 308946 eadb3ad94e0f4a3b642280919658a8c8ed4f4652
parent 308945 2cdef2a8ed53a227ed57311754799ce621b4d8f3
child 308947 7bc32b1953a19e17cec6257a054bcbc3dcaf76d2
push id5513
push userraliiev@mozilla.com
push dateMon, 25 Jan 2016 13:55:34 +0000
treeherdermozilla-beta@5ee97dd05b5c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1216793
milestone45.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1216793 - Add tests for TP in XHRs and fetch(). r=gcp
toolkit/components/url-classifier/tests/mochitest/allowlistAnnotatedFrame.html
toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedFrame.html
toolkit/components/url-classifier/tests/mochitest/evil.js^headers^
toolkit/components/url-classifier/tests/mochitest/mochitest.ini
--- a/toolkit/components/url-classifier/tests/mochitest/allowlistAnnotatedFrame.html
+++ b/toolkit/components/url-classifier/tests/mochitest/allowlistAnnotatedFrame.html
@@ -8,37 +8,57 @@
 var scriptItem;
 
 var scriptItem1 = "untouched";
 var imageItem1 = "untouched";
 var frameItem1 = "untouched";
 var scriptItem2 = "untouched";
 var imageItem2 = "untouched";
 var frameItem2 = "untouched";
+var xhrItem = "untouched";
+var fetchItem = "untouched";
 
 function checkLoads() {
   window.parent.is(scriptItem1, "spoiled", "Should not block tracking js 1");
   window.parent.is(scriptItem2, "spoiled", "Should not block tracking js 2");
   window.parent.is(imageItem1, "spoiled", "Should not block tracking img 1");
   window.parent.is(imageItem2, "spoiled", "Should not block tracking img 2");
   window.parent.is(frameItem1, "spoiled", "Should not block tracking iframe 1");
   window.parent.is(frameItem2, "spoiled", "Should not block tracking iframe 2");
+  window.parent.is(xhrItem, "loaded", "Should not block tracking XHR");
+  window.parent.is(fetchItem, "loaded", "Should not block fetches from tracking domains");
   window.parent.is(window.document.blockedTrackingNodeCount, 0,
     "No elements should be blocked");
 
   // End (parent) test.
   window.parent.clearPermissions();
   window.parent.SimpleTest.finish();
 }
 
+var onloadCalled = false;
+var xhrFinished = false;
+var fetchFinished = false;
+function loaded(type) {
+ if (type === "onload") {
+      onloadCalled = true;
+  } else if (type === "xhr") {
+      xhrFinished = true;
+  } else if (type === "fetch") {
+      fetchFinished = true;
+  }
+
+  if (onloadCalled && xhrFinished && fetchFinished) {
+      checkLoads();
+  }
+}
 </script>
 
 </head>
 
-<body onload="checkLoads()">
+<body onload="loaded('onload')">
 
 <!-- Try loading from a tracking script URI (1) -->
 <script id="badscript1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js" onload="scriptItem1 = 'spoiled';"></script>
 
 <!-- Try loading from a tracking image URI (1) -->
 <img id="badimage1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/raptor.jpg" onload="imageItem1 = 'spoiled';"/>
 
 <!-- Try loading from a tracking frame URI (1) -->
@@ -61,12 +81,46 @@ newImage.addEventListener("load", functi
 document.body.appendChild(newImage);
 
 // Try loading from a tracking iframe URI (2)
 var newFrame = document.createElement("iframe");
 newFrame.id = "badframe2";
 newFrame.src = "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/track.html"
 newFrame.addEventListener("load", function onload() {frameItem2 = 'spoiled'});
 document.body.appendChild(newFrame);
+
+// Try doing an XHR against a tracking domain (bug 1216793)
+function reqListener() {
+    xhrItem = "loaded";
+    loaded("xhr");
+}
+function transferFailed() {
+    xhrItem = "failed";
+    loaded("xhr");
+}
+function transferCanceled() {
+    xhrItem = "canceled";
+    loaded("xhr");
+}
+var oReq = new XMLHttpRequest();
+oReq.addEventListener("load", reqListener);
+oReq.addEventListener("error", transferFailed);
+oReq.addEventListener("abort", transferCanceled);
+oReq.open("GET", "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js");
+oReq.send();
+
+// Fetch from a tracking domain
+fetch("http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js").then(function(response) {
+    if(response.ok) {
+        fetchItem = "loaded";
+        loaded("fetch");
+    } else {
+        fetchItem = "badresponse";
+        loaded("fetch");
+    }
+ }).catch(function(error) {
+     fetchItem = "error";
+     loaded("fetch");
+});
 </script>
 </body>
 </html>
 
--- a/toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedFrame.html
+++ b/toolkit/components/url-classifier/tests/mochitest/classifiedAnnotatedFrame.html
@@ -7,16 +7,18 @@
 
 var scriptItem = "untouched";
 var scriptItem1 = "untouched";
 var scriptItem2 = "untouched";
 var imageItem1 = "untouched";
 var imageItem2 = "untouched";
 var frameItem1 = "untouched";
 var frameItem2 = "untouched";
+var xhrItem = "untouched";
+var fetchItem = "untouched";
 
 var badids = [
   "badscript1",
   "badscript2",
   "badimage1",
   "badimage2",
   "badframe1",
   "badframe2",
@@ -33,16 +35,20 @@ function checkLoads() {
     imageItem1, "untouched", "Should not load tracking images");
   window.parent.is(
     imageItem2, "untouched", "Should not load tracking images (2)");
 
   window.parent.is(
     frameItem1, "untouched", "Should not load tracking iframes");
   window.parent.is(
     frameItem2, "untouched", "Should not load tracking iframes (2)");
+  window.parent.is(
+    xhrItem, "failed", "Should not load tracking XHRs");
+  window.parent.is(
+    fetchItem, "error", "Should not fetch from tracking URLs");
 
   var elt = document.getElementById("styleCheck");
   var style = document.defaultView.getComputedStyle(elt, "");
   window.parent.isnot(
     style.visibility, "hidden", "Should not load tracking css");
 
   window.parent.is(window.document.blockedTrackingNodeCount, badids.length,
     "Should identify all tracking elements");
@@ -82,24 +88,39 @@ function checkLoads() {
     "All tracking nodes are expected to be annotated as such");
 
   // Unset prefs, etc.
   window.parent.cleanup();
   // End (parent) test.
   window.parent.SimpleTest.finish();
 }
 
+var onloadCalled = false;
+var xhrFinished = false;
+var fetchFinished = false;
+function loaded(type) {
+  if (type === "onload") {
+      onloadCalled = true;
+  } else if (type === "xhr") {
+      xhrFinished = true;
+  } else if (type === "fetch") {
+      fetchFinished = true;
+  }
+  if (onloadCalled && xhrFinished && fetchFinished) {
+      checkLoads();
+  }
+}
 </script>
 
 <!-- Try loading from a tracking CSS URI -->
 <link id="badcss" rel="stylesheet" type="text/css" href="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.css"></link>
 
 </head>
 
-<body onload="checkLoads()">
+<body onload="loaded('onload')">
 
 <!-- Try loading from a tracking script URI (1): evil.js onload will have updated the scriptItem variable -->
 <script id="badscript1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js" onload="scriptItem1 = scriptItem;"></script>
 
 <!-- Try loading from a tracking image URI (1) -->
 <img id="badimage1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/raptor.jpg?reload=true" onload="imageItem1 = 'spoiled';"/>
 
 <!-- Try loading from a tracking frame URI (1) -->
@@ -121,15 +142,49 @@ newImage.addEventListener("load", functi
 document.body.appendChild(newImage);
 
 // Try loading from a tracking iframe URI (2)
 var newFrame = document.createElement("iframe");
 newFrame.id = "badframe2";
 newFrame.src = "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/track.html"
 newFrame.addEventListener("load", function() {frameItem2 = 'spoiled'});
 document.body.appendChild(newFrame);
+
+// Try doing an XHR against a tracking domain (bug 1216793)
+function reqListener() {
+    xhrItem = "loaded";
+    loaded("xhr");
+}
+function transferFailed() {
+    xhrItem = "failed";
+    loaded("xhr");
+}
+function transferCanceled() {
+    xhrItem = "canceled";
+    loaded("xhr");
+}
+var oReq = new XMLHttpRequest();
+oReq.addEventListener("load", reqListener);
+oReq.addEventListener("error", transferFailed);
+oReq.addEventListener("abort", transferCanceled);
+oReq.open("GET", "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js");
+oReq.send();
+
+// Fetch from a tracking domain
+fetch("http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js").then(function(response) {
+    if(response.ok) {
+        fetchItem = "loaded";
+        loaded("fetch");
+    } else {
+        fetchItem = "badresponse";
+        loaded("fetch");
+    }
+ }).catch(function(error) {
+     fetchItem = "error";
+     loaded("fetch");
+});
 </script>
 
 The following should not be hidden:
 <div id="styleCheck">STYLE TEST</div>
 
 </body>
 </html>
new file mode 100644
--- /dev/null
+++ b/toolkit/components/url-classifier/tests/mochitest/evil.js^headers^
@@ -0,0 +1,1 @@
+Access-Control-Allow-Origin: *
--- a/toolkit/components/url-classifier/tests/mochitest/mochitest.ini
+++ b/toolkit/components/url-classifier/tests/mochitest/mochitest.ini
@@ -2,16 +2,17 @@
 skip-if = buildapp == 'b2g' || e10s
 support-files =
   classifiedAnnotatedPBFrame.html
   classifierFrame.html
   cleanWorker.js
   good.js
   evil.css
   evil.js
+  evil.js^headers^
   evilWorker.js
   import.css
   raptor.jpg
   track.html
   unwantedWorker.js
   whitelistFrame.html
   workerFrame.html