Bug 1312272: test that marquee event handlers are subject to CSP r=smaug, a=test-only
☠☠ backed out by 38e66a651374 ☠ ☠
authorFrederik Braun <fbraun+gh@mozilla.com>
Fri, 11 Nov 2016 10:45:27 +0100
changeset 358745 bffe1dac33e896967c485df14d9aeb27446d9e2c
parent 358744 4df4fb77ca319c1ab915c4e813e042cd830b15fc
child 358746 38e66a6513746a40d38783481dca39483c908d76
push id1324
push usermtabara@mozilla.com
push dateMon, 16 Jan 2017 13:07:44 +0000
treeherdermozilla-release@a01c49833940 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, test-only
bugs1312272
milestone51.0a2
Bug 1312272: test that marquee event handlers are subject to CSP r=smaug, a=test-only
dom/security/test/csp/file_bug1312272.html
dom/security/test/csp/file_bug1312272.html^headers^
dom/security/test/csp/file_bug1312272.js
dom/security/test/csp/mochitest.ini
dom/security/test/csp/test_bug1312272.html
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_bug1312272.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<!-- Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/ -->
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>marquee inline script tests for Bug 1312272</title>
+</head>
+<body>
+<marquee id="m" onstart="parent.postMessage('csp-violation-marquee-onstart', '*')">bug 1312272</marquee>
+<script src="file_bug1312272.js"></script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_bug1312272.html^headers^
@@ -0,0 +1,1 @@
+Content-Security-Policy: default-src *; script-src * 'unsafe-eval'
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_bug1312272.js
@@ -0,0 +1,8 @@
+var m = document.getElementById("m");
+m.addEventListener("click", function() {
+  // this will trigger after onstart, obviously.
+  parent.postMessage('finish', '*');
+});
+console.log("finish-handler setup");
+m.click();
+console.log("clicked");
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -17,16 +17,19 @@ support-files =
   file_bug802872.js
   file_bug802872.sjs
   file_bug885433_allows.html
   file_bug885433_allows.html^headers^
   file_bug885433_blocks.html
   file_bug885433_blocks.html^headers^
   file_bug888172.html
   file_bug888172.sjs
+  file_bug1312272.html
+  file_bug1312272.js
+  file_bug1312272.html^headers^
   file_evalscript_main.js
   file_evalscript_main_allowed.js
   file_evalscript_main.html
   file_evalscript_main.html^headers^
   file_evalscript_main_allowed.html
   file_evalscript_main_allowed.html^headers^
   file_frameancestors_main.html
   file_frameancestors_main.js
@@ -78,16 +81,19 @@ support-files =
   file_bug910139.xml
   file_bug910139.xsl
   file_bug909029_star.html
   file_bug909029_star.html^headers^
   file_bug909029_none.html
   file_bug909029_none.html^headers^
   file_bug1229639.html
   file_bug1229639.html^headers^
+  file_bug1312272.html
+  file_bug1312272.js
+  file_bug1312272.html^headers^
   file_policyuri_regression_from_multipolicy.html
   file_policyuri_regression_from_multipolicy.html^headers^
   file_policyuri_regression_from_multipolicy_policy
   file_shouldprocess.html
   file_nonce_source.html
   file_nonce_source.html^headers^
   file_bug941404.html
   file_bug941404_xhr.html
@@ -277,8 +283,10 @@ tags = mcb
 [test_meta_whitespace_skipping.html]
 [test_iframe_sandbox.html]
 [test_iframe_sandbox_top_1.html]
 [test_sandbox.html]
 [test_ping.html]
 [test_require_sri_meta.html]
 [test_sendbeacon.html]
 [test_upgrade_insecure_docwrite_iframe.html]
+[test_bug1312272.html]
+
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/test_bug1312272.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+
+  <title>Test for bug 1312272</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe id="cspframe" style="width:100%"></iframe>
+
+<script type="text/javascript">
+SimpleTest.waitForExplicitFinish();
+function handler(evt) {
+  console.log(evt);
+  if (evt.data === "finish") {
+    ok(true, 'Other events continue to work fine.')
+    SimpleTest.finish();
+    //removeEventListener('message', handler);
+  } else {
+    ok(false, "Should not get any other message")
+  }
+}
+var cspframe = document.getElementById("cspframe");
+cspframe.src = "file_bug1312272.html";
+addEventListener("message", handler);
+console.log("assignign frame");
+</script>
+
+</body>
+</html>