diff options
Diffstat (limited to 'dom/security/test/referrer-policy/test_img_referrer.html')
-rw-r--r-- | dom/security/test/referrer-policy/test_img_referrer.html | 190 |
1 files changed, 190 insertions, 0 deletions
diff --git a/dom/security/test/referrer-policy/test_img_referrer.html b/dom/security/test/referrer-policy/test_img_referrer.html new file mode 100644 index 0000000000..fcc80929d2 --- /dev/null +++ b/dom/security/test/referrer-policy/test_img_referrer.html @@ -0,0 +1,190 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Test img policy attribute for Bug 1166910</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> + +<!-- +Testing that img referrer attribute is honoured correctly +* Speculative parser loads (generate-img-policy-test) +* regular loads (generate-img-policy-test2) +* loading a single image multiple times with different policies (generate-img-policy-test3) +* testing setAttribute and .referrer (generate-setAttribute-test) +* regression tests that meta referrer is still working even if attribute referrers are enabled +https://bugzilla.mozilla.org/show_bug.cgi?id=1166910 +--> + +<script type="application/javascript"> + +SimpleTest.waitForExplicitFinish(); +var advance = function() { tests.next(); }; + +/** + * Listen for notifications from the child. + * These are sent in case of error, or when the loads we await have completed. + */ +window.addEventListener("message", function(event) { + if (event.data == "childLoadComplete" || + event.data.contains("childLoadComplete")) { + advance(); + } +}); + +/** + * helper to perform an XHR. + */ +function doXHR(aUrl, onSuccess, onFail) { + var xhr = new XMLHttpRequest(); + xhr.responseType = "json"; + xhr.onload = function () { + onSuccess(xhr); + }; + xhr.onerror = function () { + onFail(xhr); + }; + xhr.open('GET', aUrl, true); + xhr.send(null); +} + +/** + * Grabs the results via XHR and passes to checker. + */ +function checkIndividualResults(aTestname, aExpectedImg, aName) { + doXHR('/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=get-test-results', + function(xhr) { + var results = xhr.response; + info(JSON.stringify(xhr.response)); + + for (let i in aName) { + ok(aName[i] in results.tests, aName[i] + " tests have to be performed."); + is(results.tests[aName[i]].policy, aExpectedImg[i], aTestname + ' --- ' + results.tests[aName[i]].policy + ' (' + results.tests[aName[i]].referrer + ')'); + } + + advance(); + }, + function(xhr) { + ok(false, "Can't get results from the counter server."); + SimpleTest.finish(); + }); +} + +function resetState() { + doXHR('/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=resetState', + advance, + function(xhr) { + ok(false, "error in reset state"); + SimpleTest.finish(); + }); +} + +/** + * testing if img referrer attribute is honoured (1165501) + */ +var tests = (function*() { + + yield SpecialPowers.pushPrefEnv( + { set: [["network.http.referer.disallowCrossSiteRelaxingDefault", false]] }, + advance + ); + + var iframe = document.getElementById("testframe"); + var sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test"; + + // setting img unsafe-url and meta origin - unsafe-url shall prevail (should use speculative load) + yield resetState(); + var name = 'unsaf-url-with-meta-in-origin'; + yield iframe.src = sjs + "&imgPolicy=" + escape('unsafe-url') + "&name=" + name + "&policy=" + escape('origin'); + yield checkIndividualResults("unsafe-url (img) with origin in meta", ["full"], [name]); + + // setting img no-referrer and meta default - no-referrer shall prevail (should use speculative load) + yield resetState(); + name = 'no-referrer-with-meta-in-origin'; + yield iframe.src = sjs + "&imgPolicy=" + escape('no-referrer')+ "&name=" + name + "&policy=" + escape('origin'); + yield checkIndividualResults("no-referrer (img) with default in meta", ["none"], [name]); + + // test referrer policy in regular load + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test2"; + name = 'regular-load-unsafe-url'; + yield iframe.src = sjs + "&imgPolicy=" + escape('unsafe-url') + "&name=" + name; + yield checkIndividualResults("unsafe-url in img", ["full"], [name]); + + // test referrer policy in regular load with multiple images + var policies = ['unsafe-url', 'origin', 'no-referrer']; + var expected = ["full", "origin", "none"]; + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test3"; + name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2]; + yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name; + yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]); + + policies = ['origin', 'no-referrer', 'unsafe-url']; + expected = ["origin", "none", "full"]; + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test3"; + name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2]; + yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name; + yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]); + + policies = ['no-referrer', 'origin', 'unsafe-url']; + expected = ["none", "origin", "full"]; + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test3"; + name = 'multiple-images-'+policies[0]+'-'+policies[1]+'-'+policies[2]; + yield iframe.src = sjs + "&imgPolicy1=" + escape(policies[0]) + "&imgPolicy2=" + escape(policies[1]) + "&imgPolicy3=" + escape(policies[2]) + "&name=" + name; + yield checkIndividualResults(policies[0]+", "+policies[1]+" and "+policies[2]+" in img", expected, [name+policies[0], name+policies[1], name+policies[2]]); + + // regression tests that meta referrer is still working even if attribute referrers are enabled + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test4"; + name = 'regular-load-no-referrer-meta'; + yield iframe.src = sjs + "&policy=" + escape('no-referrer') + "&name=" + name; + yield checkIndividualResults("no-referrer in meta (no img referrer policy), speculative load", ["none"], [name]); + + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-img-policy-test5"; + name = 'regular-load-no-referrer-meta'; + yield iframe.src = sjs + "&policy=" + escape('no-referrer') + "&name=" + name; + yield checkIndividualResults("no-referrer in meta (no img referrer policy), regular load", ["none"], [name]); + + //test setAttribute + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test1"; + name = 'set-referrer-policy-attribute-before-src'; + yield iframe.src = sjs + "&imgPolicy=" + escape('no-referrer') + "&policy=" + escape('unsafe-url') + "&name=" + name; + yield checkIndividualResults("no-referrer in img", ["none"], [name]); + + yield resetState(); + sjs = "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test2"; + name = 'set-referrer-policy-attribute-after-src'; + yield iframe.src = sjs + "&imgPolicy=" + escape('no-referrer') + "&policy=" + escape('unsafe-url') + "&name=" + name; + yield checkIndividualResults("no-referrer in img", ["none"], [name]); + + yield resetState(); + sjs = + "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test2"; + name = 'set-invalid-referrer-policy-attribute-before-src-invalid'; + yield iframe.src = sjs + "&imgPolicy=" + escape('invalid') + "&policy=" + escape('unsafe-url') + "&name=" + name; + yield checkIndividualResults("unsafe-url in meta, invalid in img", ["full"], [name]); + + yield resetState(); + sjs = + "/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs?action=generate-setAttribute-test2"; + name = 'set-invalid-referrer-policy-attribute-before-src-invalid'; + yield iframe.src = sjs + "&imgPolicy=" + escape('default') + "&policy=" + escape('unsafe-url') + "&name=" + name; + yield checkIndividualResults("unsafe-url in meta, default in img", ["full"], [name]); + + // complete. + SimpleTest.finish(); +})(); + +</script> +</head> + +<body onload="tests.next();"> + <iframe id="testframe"></iframe> + +</body> +</html> |