Bug 1328824 - Test if about:blocked can be loaded in a secure context. r=Gijs
☠☠ backed out by b84c8830194f ☠ ☠
authorHenry <hchang@mozilla.com>
Fri, 13 Jan 2017 00:08:45 +0800
changeset 377170 10f82a72aa0288f3a6bde5fd495412a821508b36
parent 377169 b881939c4ee38bf8ca4453613812317f46adabda
child 377171 b84c8830194f9ebca8753e4761dc62c55773fb3c
push id1419
push userjlund@mozilla.com
push dateMon, 10 Apr 2017 20:44:07 +0000
treeherdermozilla-release@5e6801b73ef6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersGijs
bugs1328824
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1328824 - Test if about:blocked can be loaded in a secure context. r=Gijs MozReview-Commit-ID: GQAfd4xuRJT
browser/base/content/blockedSite.xhtml
browser/components/safebrowsing/content/test/browser.ini
browser/components/safebrowsing/content/test/browser_mixedcontent_aboutblocked.js
browser/components/safebrowsing/content/test/empty_file.html
build/pgo/server-locations.txt
--- a/browser/base/content/blockedSite.xhtml
+++ b/browser/base/content/blockedSite.xhtml
@@ -130,17 +130,17 @@
         if (!getOverride()) {
           var btn = document.getElementById("ignoreWarningButton");
           if (btn) {
             btn.parentNode.removeChild(btn);
           }
         }
 
         // Inform the test harness that we're done loading the page
-        var event = new CustomEvent("AboutBlockedLoaded");
+        var event = new CustomEvent("AboutBlockedLoaded", {bubbles:true});
         document.dispatchEvent(event);
       }
     ]]></script>
   </head>
 
   <body dir="&locale.dir;">
     <div id="errorPageContainer" class="container">
 
--- a/browser/components/safebrowsing/content/test/browser.ini
+++ b/browser/components/safebrowsing/content/test/browser.ini
@@ -1,8 +1,11 @@
 [DEFAULT]
-support-files = head.js
+support-files =
+  head.js
+  empty_file.html
 
 [browser_bug400731.js]
 [browser_bug415846.js]
 # Disabled on Mac because of its bizarre special-and-unique snowflake of a help menu.
 skip-if = os == "mac" || e10s # e10s: Bug 1248632
 [browser_whitelisted.js]
+[browser_mixedcontent_aboutblocked.js]
new file mode 100644
--- /dev/null
+++ b/browser/components/safebrowsing/content/test/browser_mixedcontent_aboutblocked.js
@@ -0,0 +1,74 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+const { classes: Cc, interfaces: Ci, results: Cr } = Components;
+
+// This url must sync with the table, url in SafeBrowsing.jsm addMozEntries
+const PHISH_TABLE = "test-phish-simple";
+const PHISH_URL = "https://www.itisatrap.org/firefox/its-a-trap.html";
+
+const SECURE_CONTAINER_URL = "https://example.com/browser/browser/components/safebrowsing/content/test/empty_file.html";
+
+// This function is mostly ported from classifierCommon.js
+// under toolkit/components/url-classifier/tests/mochitest.
+function waitForDBInit(callback) {
+  // Since there are two cases that may trigger the callback,
+  // we have to carefully avoid multiple callbacks and observer
+  // leaking.
+  let didCallback = false;
+  function callbackOnce() {
+    Services.obs.removeObserver(obsFunc, "mozentries-update-finished");
+    if (!didCallback) {
+      callback();
+    }
+    didCallback = true;
+  }
+
+  // The first part: listen to internal event.
+  function obsFunc() {
+    ok(true, "Received internal event!");
+    callbackOnce();
+  }
+  Services.obs.addObserver(obsFunc, "mozentries-update-finished", false);
+
+  // The second part: we might have missed the event. Just do
+  // an internal database lookup to confirm if the url has been
+  // added.
+  let principal = Services.scriptSecurityManager
+    .createCodebasePrincipal(Services.io.newURI(PHISH_URL), {});
+
+  let dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
+    .getService(Ci.nsIUrlClassifierDBService);
+  dbService.lookup(principal, PHISH_TABLE, value => {
+    if (value === PHISH_TABLE) {
+      ok(true, "DB lookup success!");
+      callbackOnce();
+    }
+  });
+}
+
+add_task(function* testNormalBrowsing() {
+  yield BrowserTestUtils.withNewTab(SECURE_CONTAINER_URL, function* (browser) {
+    // Before we load the phish url, we have to make sure the hard-coded
+    // black list has been added to the database.
+    yield new Promise(resolve => waitForDBInit(resolve));
+
+    yield ContentTask.spawn(browser, PHISH_URL, function* (aPhishUrl) {
+      return new Promise(resolve => {
+        // Register listener before loading phish URL.
+        let listener = e => {
+          removeEventListener('AboutBlockedLoaded', listener, false, true);
+          resolve();
+        };
+        addEventListener('AboutBlockedLoaded', listener, false, true);
+
+        // Create an iframe which is going to load a phish url.
+        let iframe = content.document.createElement("iframe");
+        iframe.src = aPhishUrl;
+        content.document.body.appendChild(iframe);
+      });
+    });
+
+    ok(true, "about:blocked is successfully loaded!");
+  });
+});
new file mode 100644
--- /dev/null
+++ b/browser/components/safebrowsing/content/test/empty_file.html
@@ -0,0 +1,1 @@
+<html><body></body></html>
\ No newline at end of file
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@@ -20,19 +20,19 @@
 # number is the default for the protocol.
 #
 # Unrecognized options are ignored.  Recognized options are "primary" and
 # "privileged", "nocert", "cert=some_cert_nickname", "redir=hostname" and
 # "failHandshake".
 #
 # "primary" denotes a location which is the canonical location of
 # the server; this location is the one assumed for requests which don't
-# otherwise identify a particular origin (e.g. HTTP/1.0 requests).  
+# otherwise identify a particular origin (e.g. HTTP/1.0 requests).
 #
-# "privileged" denotes a location which should have the ability to request 
+# "privileged" denotes a location which should have the ability to request
 # elevated privileges; the default is no privileges.
 #
 # "nocert" makes sense only for https:// hosts and means there is not
 # any certificate automatically generated for this host.
 #
 # "failHandshake" causes the tls handshake to fail (by sending a client hello to
 # the client).
 #
@@ -120,16 +120,17 @@ https://mismatch.untrusted-expired.examp
 
 # This is here so that we don't load the default live bookmark over
 # the network in every test suite.
 http://fxfeeds.mozilla.com:80
 
 # Prevent safebrowsing tests from hitting the network for its-a-trap.html and
 # its-an-attack.html.
 http://www.itisatrap.org:80
+https://www.itisatrap.org:443
 
 #
 # These are subdomains of <ält.example.org>.
 #
 http://sub1.xn--lt-uia.example.org:8000   privileged
 http://sub2.xn--lt-uia.example.org:80     privileged
 http://xn--exmple-cua.test:80             privileged
 http://sub1.xn--exmple-cua.test:80        privileged