Bug 947079 - When navigating away from a page that is doing an insecure resource load, ensure that the securtiy state of the new page is not affected by the previous page's load. r=keeler, jaws
authorTanvi Vyas <tanvi@mozilla.com>
Thu, 26 Mar 2015 11:54:56 -0700
changeset 266280 23edaf5ea79a6c0df12a54541426ce34e4ad532d
parent 266279 a2882af29c29c556704d0a201e5e94fc8aa5fe4b
child 266281 791f8195e4dd341022ae79f0f8f264ef26a33050
push id830
push userraliiev@mozilla.com
push dateFri, 19 Jun 2015 19:24:37 +0000
treeherdermozilla-release@932614382a68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, jaws
bugs947079
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 947079 - When navigating away from a page that is doing an insecure resource load, ensure that the securtiy state of the new page is not affected by the previous page's load. r=keeler, jaws
browser/base/content/test/general/browser.ini
browser/base/content/test/general/browser_mixedContentFromOnunload.js
browser/base/content/test/general/file_mixedContentFromOnunload.html
browser/base/content/test/general/file_mixedContentFromOnunload_test1.html
browser/base/content/test/general/file_mixedContentFromOnunload_test2.html
--- a/browser/base/content/test/general/browser.ini
+++ b/browser/base/content/test/general/browser.ini
@@ -45,16 +45,19 @@ support-files =
   file_bug902156_2.html
   file_bug902156_3.html
   file_bug906190_1.html
   file_bug906190_2.html
   file_bug906190_3_4.html
   file_bug906190_redirected.html
   file_bug906190.js
   file_bug906190.sjs
+  file_mixedContentFromOnunload.html
+  file_mixedContentFromOnunload_test1.html
+  file_mixedContentFromOnunload_test2.html
   file_bug970276_popup1.html
   file_bug970276_popup2.html
   file_bug970276_favicon1.ico
   file_bug970276_favicon2.ico
   file_dom_notifications.html
   file_double_close_tab.html
   file_favicon_change.html
   file_favicon_change_not_in_document.html
@@ -278,16 +281,17 @@ skip-if = e10s
 [browser_bug832435.js]
 [browser_bug839103.js]
 [browser_bug880101.js]
 skip-if = e10s # Bug 1126316 - New e10s windows erroneously fire initial about:blank location through nsIWebProgressListener
 [browser_bug882977.js]
 [browser_bug902156.js]
 [browser_bug906190.js]
 skip-if = buildapp == "mulet" || e10s # Bug 1093642 - test manipulates content and relies on content focus
+[browser_mixedContentFromOnunload.js]
 [browser_bug970746.js]
 skip-if = e10s # Bug 1093155 - tries to use context menu from browser-chrome and gets in a mess when in e10s mode
 [browser_bug1015721.js]
 skip-if = os == 'win' || e10s # Bug 1056146 - zoom tests use FullZoomHelper and break in e10s
 [browser_bug1064280_changeUrlInPinnedTab.js]
 [browser_bug1070778.js]
 [browser_canonizeURL.js]
 skip-if = e10s # Bug 1094510 - test hits the network in e10s mode only
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/general/browser_mixedContentFromOnunload.js
@@ -0,0 +1,107 @@
+/*
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ *
+ * Tests for Bug 947079 - Fix bug in nsSecureBrowserUIImpl that sets the wrong
+ * security state on a page because of a subresource load that is not on the
+ * same page.
+ */
+
+// We use different domains for each test and for navigation within each test
+const gHttpTestRoot1 = "http://example.com/browser/browser/base/content/test/general/";
+const gHttpsTestRoot1 = "https://test1.example.com/browser/browser/base/content/test/general/";
+const gHttpTestRoot2 = "http://example.net/browser/browser/base/content/test/general/";
+const gHttpsTestRoot2 = "https://test2.example.com/browser/browser/base/content/test/general/";
+
+let gTestBrowser = null;
+
+function SecStateTestsCompleted() {
+  gBrowser.removeCurrentTab();
+  window.focus();
+  finish();
+}
+
+function test() {
+  waitForExplicitFinish();
+  SpecialPowers.pushPrefEnv({"set": [["security.mixed_content.block_active_content", true],
+                            ["security.mixed_content.block_display_content", false]]}, SecStateTests);
+}
+
+function SecStateTests() {
+  gBrowser.selectedTab = gBrowser.addTab();
+  gTestBrowser = gBrowser.selectedBrowser;
+
+  whenLoaded(gTestBrowser, SecStateTest1A);
+  let url = gHttpTestRoot1 + "file_mixedContentFromOnunload.html";
+  gTestBrowser.contentWindow.location = url;
+}
+
+// Navigation from an http page to a https page with no mixed content
+// The http page loads an http image on unload
+function SecStateTest1A() {
+  whenLoaded(gTestBrowser, SecStateTest1B);
+  let url = gHttpsTestRoot1 + "file_mixedContentFromOnunload_test1.html";
+  gTestBrowser.contentWindow.location = url;
+}
+
+function SecStateTest1B() {
+  // check security state.  Since current url is https and doesn't have any
+  // mixed content resources, we expect it to be secure.
+  isSecurityState("secure");
+
+  whenLoaded(gTestBrowser, SecStateTest2A);
+
+  // change locations and proceed with the second test
+  let url = gHttpTestRoot2 + "file_mixedContentFromOnunload.html";
+  gTestBrowser.contentWindow.location = url;
+}
+
+// Navigation from an http page to a https page that has mixed display content
+// The http page loads an http image on unload
+function SecStateTest2A() {
+  whenLoaded(gTestBrowser, SecStateTest2B);
+  let url = gHttpsTestRoot2 + "file_mixedContentFromOnunload_test2.html";
+  gTestBrowser.contentWindow.location = url;
+}
+
+function SecStateTest2B() {
+  isSecurityState("broken");
+
+  SecStateTestsCompleted();
+}
+
+// Compares the security state of the page with what is expected
+function isSecurityState(expectedState) {
+  let ui = gTestBrowser.securityUI;
+  if (!ui) {
+    ok(false, "No security UI to get the security state");
+    return;
+  }
+
+  const wpl = Components.interfaces.nsIWebProgressListener;
+
+  // determine the security state
+  let isSecure = ui.state & wpl.STATE_IS_SECURE;
+  let isBroken = ui.state & wpl.STATE_IS_BROKEN;
+  let isInsecure = ui.state & wpl.STATE_IS_INSECURE;
+
+  let actualState;
+  if (isSecure && !(isBroken || isInsecure)) {
+    actualState = "secure";
+  } else if (isBroken && !(isSecure || isInsecure)) {
+    actualState = "broken";
+  } else if (isInsecure && !(isSecure || isBroken)) {
+    actualState = "insecure";
+  } else {
+    actualState = "unknown";
+  }
+
+  is(expectedState, actualState, "Expected state " + expectedState + " and the actual state is " + actualState + ".");
+}
+
+function whenLoaded(aElement, aCallback) {
+  aElement.addEventListener("load", function onLoad() {
+    aElement.removeEventListener("load", onLoad, true);
+    executeSoon(aCallback);
+  }, true);
+}
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/general/file_mixedContentFromOnunload.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Test for https://bugzilla.mozilla.org/show_bug.cgi?id=947079
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 947079</title>
+</head>
+<body>
+  <p>Test for Bug 947079</p>
+  <script>
+    window.addEventListener('unload', function() {
+        new Image().src = 'http://mochi.test:8888/tests/image/test/mochitest/blue.png';
+    });
+  </script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/general/file_mixedContentFromOnunload_test1.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Test 1 for https://bugzilla.mozilla.org/show_bug.cgi?id=947079
+Page with no insecure subresources
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test 1 for Bug 947079</title>
+</head>
+<body>
+  <p>There are no insecure resource loads on this page</p>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/general/file_mixedContentFromOnunload_test2.html
@@ -0,0 +1,15 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Test 2 for https://bugzilla.mozilla.org/show_bug.cgi?id=947079
+Page with an insecure image load
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test 2 for Bug 947079</title>
+</head>
+<body>
+  <p>Page with http image load</p>
+  <img src="http://test2.example.com/tests/image/test/mochitest/blue.png">
+</body>
+</html>