Adding upstream version 86.0.1.upstream/86.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
commit: 2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree: b80bf8bf13c3766139fbacc530efd0dd9d54394c /dom/security/test/general/window_nosniff_navigation.html
parent: Initial commit. (diff)
download: firefox-upstream.tar.xz
firefox-upstream.zip
1 files changed, 95 insertions, 0 deletions
diff --git a/dom/security/test/general/window_nosniff_navigation.html b/dom/security/test/general/window_nosniff_navigation.html
new file mode 100644
index 0000000000..cae2b15c65
--- /dev/null
+++ b/dom/security/test/general/window_nosniff_navigation.html
@@ -0,0 +1,95 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1428473 Support X-Content-Type-Options: nosniff when navigating</title>
+  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+  <style>
+    iframe{
+      border: 1px solid orange;
+    }
+  </style>
+
+  <iframe class="no-mime" src="file_nosniff_navigation.sjs?xml"> </iframe>
+  <iframe class="no-mime" src="file_nosniff_navigation.sjs?html"></iframe>
+  <iframe class="no-mime" src="file_nosniff_navigation.sjs?css" ></iframe>
+  <iframe class="no-mime" src="file_nosniff_navigation.sjs?json"></iframe>
+  <iframe class="no-mime" src="file_nosniff_navigation.sjs?img"></iframe>
+  <iframe class="no-mime" src="file_nosniff_navigation.sjs"></iframe>
+ 
+  <hr>
+  <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?html"></iframe>
+  <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?xml"></iframe>
+  <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?css"></iframe>
+  <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?json"></iframe>
+  <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs?img"></iframe>
+  <iframe class="mismatch-mime" src="file_nosniff_navigation_mismatch.sjs"></iframe>
+  <hr>
+
+  <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?xml"> </iframe>
+  <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?html"></iframe>
+  <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?css" ></iframe>
+  <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?json"></iframe>
+  <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs?img"></iframe>
+  <iframe class="garbage-mime" src="file_nosniff_navigation_garbage.sjs"></iframe>
+ 
+
+</head>
+
+<body>
+
+<!-- add the two script tests -->
+<script id="scriptCorrectType"></script>
+<script id="scriptWrongType"></script>
+
+<script class="testbody" type="text/javascript">
+/* Description of the test:
+ * We're testing if Firefox respects the nosniff Header for Top-Level 
+ * Navigations.
+ * If Firefox cant Display the Page, it will prompt a download 
+ * and the URL of the Page will be about:blank.
+ * So we will try to open different content send with
+ * no-mime, mismatched-mime and garbage-mime types.
+ * 
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+window.addEventListener("load", ()=>{
+  let noMimeFrames = Array.from(document.querySelectorAll(".no-mime"));
+
+  noMimeFrames.forEach( frame => {
+    // In case of no Provided Content Type, not rendering or assuming text/plain is valid
+    let result = frame.contentWindow.document.URL == "about:blank" || frame.contentWindow.document.contentType == "text/plain";
+    let sniffTarget = (new URL(frame.src)).search;
+    window.opener.ok(result, `${sniffTarget} without MIME - was not Sniffed`);
+  });
+
+  let mismatchedMimes = Array.from(document.querySelectorAll(".mismatch-mime"));
+  mismatchedMimes.forEach(frame => {
+    // In case the Server mismatches the Mime Type (sends content X as image/png)
+    // assert that we do not sniff and correct this.
+    let result = frame.contentWindow.document.contentType == "image/png";
+    let sniffTarget = (new URL(frame.src)).search;
+    window.opener.ok(result, `${sniffTarget} send as image/png - was not Sniffed`);
+  });
+
+  let badMimeFrames = Array.from(document.querySelectorAll(".garbage-mime"));
+
+  badMimeFrames.forEach( frame => {
+    // In the case we got a bogous mime, assert that we dont sniff. 
+    // We must not default here to text/plain
+    // as the Server at least provided a mime type. 
+    let result = frame.contentWindow.document.URL == "about:blank";
+    let sniffTarget = (new URL(frame.src)).search;
+    window.opener.ok(result, `${sniffTarget} send as garbage/garbage - was not Sniffed`);
+  });
+  
+  window.opener.SimpleTest.finish();
+  this.close();
+});
+</script>
+</body>
+
+</html>
+\ No newline at end of file
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
commit	2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree	b80bf8bf13c3766139fbacc530efd0dd9d54394c /dom/security/test/general/window_nosniff_navigation.html
parent	Initial commit. (diff)
download	firefox-upstream.tar.xz firefox-upstream.zip