dom/security/test/general/test_block_toplevel_data_navigation.html
author Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Fri, 03 Nov 2017 13:22:57 +0100
changeset 443314 5d25efb36d34042e37075af204e109d29bc9bded
parent 431271 5fb3040f8887f30b7f86c7d0afe474282c6abaa2
child 457156 d5a5ad1dbbf2c53a80386e7397ba6b32153b2b8e
permissions -rw-r--r--
Bug 1403814 - Update tests for toplevel data URI blocking because we know block after we have received the response. r=smaug

<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title>Bug 1331351 - Block top level window data: URI navigations</title>
  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script class="testbody" type="text/javascript">
SpecialPowers.setBoolPref("security.data_uri.block_toplevel_data_uri_navigations", true);
SimpleTest.registerCleanupFunction(() => {
  SpecialPowers.clearUserPref("security.data_uri.block_toplevel_data_uri_navigations");
});

SimpleTest.waitForExplicitFinish();
SimpleTest.requestFlakyTimeout("have to test that top level data: URI navgiation is blocked");

function test1() {
  // simple data: URI click navigation should be prevented
  let TEST_FILE = "file_block_toplevel_data_navigation.html";
  let win1 = window.open(TEST_FILE);
  setTimeout(function () {
    ok(SpecialPowers.wrap(win1).document.body.innerHTML.indexOf("test1:") !== -1,
      "toplevel data: URI navigation through click() should be blocked");
    win1.close();
    test2();
  }, 1000);
}

function test2() {
  // data: URI in iframe which opens data: URI in _blank should be blocked 
  let win2 = window.open("file_block_toplevel_data_navigation2.html");
  window.addEventListener("message", receiveMessage);
  function receiveMessage(event) {
    window.removeEventListener("message", receiveMessage);
    is(event.data, "blocked",
      "data: URI navigation using _blank from data: URI should be blocked");
    win2.close();
    test3();
  }
}

function test3() {
  // navigating to a data: URI using window.location.href should be blocked
  let win3 = window.open("file_block_toplevel_data_navigation3.html");
  setTimeout(function () {
    ok(win3.document.body.innerHTML.indexOf("test3:") !== -1,
      "data: URI navigation through win.loc.href should be blocked");
    win3.close();
    test4();
  }, 1000);
}

function test4() {
  // navigating to a data: URI using window.open() should be blocked
  let win4 = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>");
  setTimeout(function () {
    // Please note that the data: URI will be displayed in the URL-Bar but not
    // loaded, hence we rather rely on document.body than document.location
    is(win4.document.body.innerHTML, "",
      "navigating to a data: URI using window.open() should be blocked");
    test5();
  }, 1000);
}

function test5() {
  // navigating to a URI which redirects to a data: URI using window.open() should be blocked
  let win5 = window.open("file_block_toplevel_data_redirect.sjs");
  setTimeout(function () {
    // Please note that the data: URI will be displayed in the URL-Bar but not
    // loaded, hence we rather rely on document.body than document.location
    is(SpecialPowers.wrap(win5).document.body.innerHTML, "",
      "navigating to URI which redirects to a data: URI using window.open() should be blocked");
    win5.close();
    SimpleTest.finish();
  }, 1000);
}

// fire up the tests
test1();

</script>
</body>
</html>