horok/firefox
1
0
Fork 0
Code Activity
firefox/browser/base/content/test/siteIdentity/browser_mixedContentFromOnunload.js
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

68 lines
2.7 KiB
JavaScript
Raw Permalink Blame History

/*
* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*
* Tests for Bug 947079 - Fix bug in nsSecureBrowserUIImpl that sets the wrong
* security state on a page because of a subresource load that is not on the
* same page.
*/
// We use different domains for each test and for navigation within each test
const HTTP_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
"http://example.com"
);
const HTTPS_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://test1.example.com"
);
const HTTP_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
"http://example.net"
);
const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://test2.example.com"
);
add_task(async function () {
let url = HTTP_TEST_ROOT_1 + "file_mixedContentFromOnunload.html";
await BrowserTestUtils.withNewTab(url, async function (browser) {
await SpecialPowers.pushPrefEnv({
set: [
["security.mixed_content.block_active_content", true],
["security.mixed_content.block_display_content", false],
["security.mixed_content.upgrade_display_content", false],
],
});
// Navigation from an http page to a https page with no mixed content
// The http page loads an http image on unload
url = HTTPS_TEST_ROOT_1 + "file_mixedContentFromOnunload_test1.html";
BrowserTestUtils.startLoadingURIString(browser, url);
await BrowserTestUtils.browserLoaded(browser);
// check security state. Since current url is https and doesn't have any
// mixed content resources, we expect it to be secure.
isSecurityState(browser, "secure");
await assertMixedContentBlockingState(browser, {
activeLoaded: false,
activeBlocked: false,
passiveLoaded: false,
});
// Navigation from an http page to a https page that has mixed display content
// The https page loads an http image on unload
url = HTTP_TEST_ROOT_2 + "file_mixedContentFromOnunload.html";
BrowserTestUtils.startLoadingURIString(browser, url);
await BrowserTestUtils.browserLoaded(browser);
url = HTTPS_TEST_ROOT_2 + "file_mixedContentFromOnunload_test2.html";
BrowserTestUtils.startLoadingURIString(browser, url);
await BrowserTestUtils.browserLoaded(browser);
isSecurityState(browser, "broken");
await assertMixedContentBlockingState(browser, {
activeLoaded: false,
activeBlocked: false,
passiveLoaded: true,
});
});
});
View git blame Copy permalink