summaryrefslogtreecommitdiffstats
path: root/dom/ipc/tests/browser_domainPolicy.js
diff options
context:
space:
mode:
Diffstat (limited to 'dom/ipc/tests/browser_domainPolicy.js')
-rw-r--r--dom/ipc/tests/browser_domainPolicy.js187
1 files changed, 187 insertions, 0 deletions
diff --git a/dom/ipc/tests/browser_domainPolicy.js b/dom/ipc/tests/browser_domainPolicy.js
new file mode 100644
index 0000000000..cec360f2e1
--- /dev/null
+++ b/dom/ipc/tests/browser_domainPolicy.js
@@ -0,0 +1,187 @@
+// This test waits for a lot of subframe loads, causing it to take a long time,
+// especially with Fission enabled.
+requestLongerTimeout(2);
+
+const BASE_FILE =
+ "http://mochi.test:8888/browser/dom/ipc/tests/file_domainPolicy_base.html";
+const SCRIPT_PATH = "/browser/dom/ipc/tests/file_disableScript.html";
+
+const TEST_POLICY = {
+ exceptions: ["http://test1.example.com", "http://example.com"],
+ superExceptions: ["http://test2.example.org", "https://test1.example.com"],
+ exempt: [
+ "http://test1.example.com",
+ "http://example.com",
+ "http://test2.example.org",
+ "http://sub1.test2.example.org",
+ "https://sub1.test1.example.com",
+ ],
+ notExempt: [
+ "http://test2.example.com",
+ "http://sub1.test1.example.com",
+ "http://www.example.com",
+ "https://test2.example.com",
+ "https://example.com",
+ "http://test1.example.org",
+ ],
+};
+
+// To make sure we never leave up an activated domain policy after a failed
+// test, let's make this global.
+var policy;
+
+function activateDomainPolicy(isBlock) {
+ policy = Services.scriptSecurityManager.activateDomainPolicy();
+
+ if (isBlock === undefined) {
+ return;
+ }
+
+ let set = isBlock ? policy.blocklist : policy.allowlist;
+ for (let e of TEST_POLICY.exceptions) {
+ set.add(makeURI(e));
+ }
+
+ let superSet = isBlock ? policy.superBlocklist : policy.superAllowlist;
+ for (let e of TEST_POLICY.superExceptions) {
+ superSet.add(makeURI(e));
+ }
+}
+
+function deactivateDomainPolicy() {
+ if (policy) {
+ policy.deactivate();
+ policy = null;
+ }
+}
+
+add_task(async function setup() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["browser.pagethumbnails.capturing_disabled", false]],
+ });
+
+ registerCleanupFunction(() => {
+ deactivateDomainPolicy();
+ });
+});
+
+add_task(async function test_domainPolicy() {
+ function test(testFunc, { activateFirst, isBlock }) {
+ if (activateFirst) {
+ activateDomainPolicy(isBlock);
+ }
+ return BrowserTestUtils.withNewTab(
+ {
+ gBrowser,
+ opening: BASE_FILE,
+ forceNewProcess: true,
+ },
+ async browser => {
+ if (!activateFirst) {
+ activateDomainPolicy(isBlock);
+ }
+ await testFunc(browser);
+ deactivateDomainPolicy();
+ }
+ );
+ }
+
+ async function testDomain(browser, domain, expectEnabled = false) {
+ function navigateFrame() {
+ let url = domain + SCRIPT_PATH;
+ return SpecialPowers.spawn(browser, [url], async src => {
+ let iframe = content.document.getElementById("root");
+ await new Promise(resolve => {
+ iframe.addEventListener("load", resolve, { once: true });
+ iframe.src = src;
+ });
+ return iframe.browsingContext;
+ });
+ }
+
+ function checkScriptEnabled(bc) {
+ return SpecialPowers.spawn(bc, [expectEnabled], enabled => {
+ content.wrappedJSObject.gFiredOnclick = false;
+ content.document.body.dispatchEvent(new content.Event("click"));
+ Assert.equal(
+ content.wrappedJSObject.gFiredOnclick,
+ enabled,
+ `Checking script-enabled for ${content.name} (${content.location})`
+ );
+ });
+ }
+
+ let browsingContext = await navigateFrame();
+ return checkScriptEnabled(browsingContext);
+ }
+
+ async function testList(browser, list, expectEnabled) {
+ // Run these sequentially to avoid navigating multiple domains at once.
+ for (let domain of list) {
+ await testDomain(browser, domain, expectEnabled);
+ }
+ }
+
+ info("1. Testing simple blocklist policy");
+
+ info("1A. Creating child process first, activating domainPolicy after");
+ await test(
+ async browser => {
+ policy.blocklist.add(Services.io.newURI("http://example.com"));
+ await testDomain(browser, "http://example.com");
+ },
+ { activateFirst: false }
+ );
+
+ info("1B. Activating domainPolicy first, creating child process after");
+ await test(
+ async browser => {
+ policy.blocklist.add(Services.io.newURI("http://example.com"));
+ await testDomain(browser, "http://example.com");
+ },
+ { activateFirst: true }
+ );
+
+ info("2. Testing Blocklist-style Domain Policy");
+
+ info("2A. Activating domainPolicy first, creating child process after");
+ await test(
+ async browser => {
+ await testList(browser, TEST_POLICY.notExempt, true);
+ await testList(browser, TEST_POLICY.exempt, false);
+ },
+ { activateFirst: true, isBlock: true }
+ );
+
+ info("2B. Creating child process first, activating domainPolicy after");
+ await test(
+ async browser => {
+ await testList(browser, TEST_POLICY.notExempt, true);
+ await testList(browser, TEST_POLICY.exempt, false);
+ },
+ { activateFirst: false, isBlock: true }
+ );
+
+ info("3. Testing Allowlist-style Domain Policy");
+ await SpecialPowers.pushPrefEnv({ set: [["javascript.enabled", false]] });
+
+ info("3A. Activating domainPolicy first, creating child process after");
+ await test(
+ async browser => {
+ await testList(browser, TEST_POLICY.notExempt, false);
+ await testList(browser, TEST_POLICY.exempt, true);
+ },
+ { activateFirst: true, isBlock: false }
+ );
+
+ info("3B. Creating child process first, activating domainPolicy after");
+ await test(
+ async browser => {
+ await testList(browser, TEST_POLICY.notExempt, false);
+ await testList(browser, TEST_POLICY.exempt, true);
+ },
+ { activateFirst: false, isBlock: false }
+ );
+
+ finish();
+});