Bug 1049289 - CSP: Test that fragments are stripped in csp-reports. r=sstamm, a=sledru
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Thu, 07 Aug 2014 12:51:50 -0700
changeset 217654 237034de34d90c941dea67c6fdf8414cf2e24e72
parent 217653 7321b41a03415ef630a6e6931f058327696c0806
child 217655 d3fe7588f7ffe7cd1a30c0337e7310b675291bd1
push id515
push userraliiev@mozilla.com
push dateMon, 06 Oct 2014 12:51:51 +0000
treeherdermozilla-release@267c7a481bef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm, sledru
bugs1049289
milestone33.0a2
Bug 1049289 - CSP: Test that fragments are stripped in csp-reports. r=sstamm, a=sledru
content/base/test/csp/test_csp_report.html
--- a/content/base/test/csp/test_csp_report.html
+++ b/content/base/test/csp/test_csp_report.html
@@ -32,16 +32,21 @@ const reportURI = "http://mochi.test:888
 const policy = "script-src 'none'; report-uri " + reportURI;
 const docUri = "http://mochi.test:8888/tests/content/base/test/csp/file_csp_testserver.sjs" +
                "?file=tests/content/base/test/csp/file_csp_report.html" +
                "&csp=script-src%20%27none%27%3B%20report-uri%20http%3A//mochi.test%3A8888/foo.sjs";
 
 window.checkResults = function(reportObj) {
   var cspReport = reportObj["csp-report"];
 
+  // The following uris' fragments should be stripped before reporting:
+  //    * document-uri
+  //    * blocked-uri
+  //    * source-file
+  // see http://www.w3.org/TR/CSP11/#violation-reports
   is(cspReport["document-uri"], docUri, "Incorrect document-uri");
 
   // we can not test for the whole referrer since it includes platform specific information
   ok(cspReport["referrer"].startsWith("http://mochi.test:8888/tests/content/base/test/csp/test_csp_report.html"),
      "Incorrect referrer");
 
   is(cspReport["blocked-uri"], "self", "Incorrect blocked-uri");
 
@@ -125,14 +130,17 @@ SimpleTest.waitForExplicitFinish();
 
 // load the resource which will generate a CSP violation report
 // save this for last so that our listeners are registered.
 var src = "file_csp_testserver.sjs";
 // append the file that should be served
 src += "?file=" + escape(testfile);
 // append the CSP that should be used to serve the file
 src += "&csp=" + escape(policy);
+// appending a fragment so we can test that it's correctly stripped
+// for document-uri and source-file.
+src += "#foo";
 document.getElementById("cspframe").src = src;
 
 </script>
 </pre>
 </body>
 </html>