1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
<!DOCTYPE HTML>
<html>
<!--
Tests for Mixed Content Blocker
https://bugzilla.mozilla.org/show_bug.cgi?id=62178
-->
<head>
<meta charset="utf-8">
<title>Tests for Bug 62178</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
<script>
let counter = 0;
// blockDisplay blockActive upgradeDisplay
const settings = [
[true, true, true],
[true, false, true],
[false, true, true],
[false, false, true],
[true, true, false],
[true, false, false],
[false, true, false],
[false, false, false],
];
let blockActive;
let blockDisplay;
let upgradeDisplay;
//Cycle through 8 different preference settings.
function changePrefs(otherPrefs, callback) {
let basePrefs = [["security.mixed_content.block_display_content", settings[counter][0]],
["security.mixed_content.block_active_content", settings[counter][1]],
["security.mixed_content.upgrade_display_content", settings[counter][2]]];
let newPrefs = basePrefs.concat(otherPrefs);
SpecialPowers.pushPrefEnv({"set": newPrefs}, function () {
blockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content");
blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content");
upgradeDisplay = SpecialPowers.getBoolPref("security.mixed_content.upgrade_display_content");
counter++;
callback();
});
}
let testsToRun = {
iframe: false,
image: false,
imageSrcset: false,
imageSrcsetFallback: false,
imagePicture: false,
imageJoinPicture: false,
imageLeavePicture: false,
script: false,
stylesheet: false,
object: false,
media: false,
xhr: false,
};
function log(msg) {
document.getElementById("log").textContent += "\n" + msg;
}
function reloadFrame() {
document.getElementById('framediv').innerHTML = '<iframe id="testHarness" src="https://example.com/tests/dom/security/test/mixedcontentblocker/file_main.html"></iframe>';
}
function checkTestsCompleted() {
for (var prop in testsToRun) {
// some test hasn't run yet so we're not done
if (!testsToRun[prop])
return;
}
//if the testsToRun are all completed, chnage the pref and run the tests again until we have cycled through all the prefs.
if(counter < 8) {
for (var prop in testsToRun) {
testsToRun[prop] = false;
}
//call to change the preferences
changePrefs([], function() {
log(`\nblockDisplay set to ${blockDisplay}, blockActive set to ${blockActive}, upgradeDisplay set to ${upgradeDisplay}`);
reloadFrame();
});
}
else {
SimpleTest.finish();
}
}
var firstTest = true;
function receiveMessage(event) {
if(firstTest) {
log(`blockActive set to ${blockActive}, blockDisplay set to ${blockDisplay}, upgradeDisplay set to ${upgradeDisplay}.`);
firstTest = false;
}
// Simple check from the iframe.
if (event.data.check) {
ok(event.data.status, event.data.msg);
return;
}
log("test: "+event.data.test+", msg: "+event.data.msg + " logging message.");
// test that the load type matches the pref for this type of content
// (i.e. active vs. display)
switch(event.data.test) {
/* Mixed Script tests */
case "iframe":
ok(blockActive == (event.data.msg == "insecure iframe blocked"), "iframe did not follow block_active_content pref");
testsToRun.iframe = true;
break;
case "object":
ok(blockActive == (event.data.msg == "insecure object blocked"), "object did not follow block_active_content pref");
testsToRun.object = true;
break;
case "script":
ok(blockActive == (event.data.msg == "insecure script blocked"), "script did not follow block_active_content pref");
testsToRun.script = true;
break;
case "stylesheet":
ok(blockActive == (event.data.msg == "insecure stylesheet blocked"), "stylesheet did not follow block_active_content pref");
testsToRun.stylesheet = true;
break;
case "xhr":
ok(blockActive == (event.data.msg == "insecure xhr blocked"), "xhr did not follow block_active_content pref");
testsToRun.xhr = true;
break;
/* Mixed Display tests */
case "image":
//test that the image load matches the pref for display content
if (upgradeDisplay) {
ok(event.data.msg == "secure image loaded after upgrade", "image did not follow upgrade_display_content pref");
} else {
ok(blockDisplay == (event.data.msg == "insecure image blocked"), "image did not follow block_display_content pref");
}
testsToRun.image = true;
break;
case "media":
if (upgradeDisplay) {
ok(event.data.msg == "secure media loaded after upgrade", "media did not follow upgrade_display_content pref");
} else {
ok(blockDisplay == (event.data.msg == "insecure media blocked"), "media did not follow block_display_content pref");
}
testsToRun.media = true;
break;
/* Images using the "imageset" policy, from <img srcset> and <picture>, do not get the mixed display exception */
case "imageSrcset":
// When blockDisplay && blockActive && upgradeDisplay are all true the request is blocked
// This appears to be a side effect of blockDisplay taking precedence here.
if (event.data.msg == "secure image loaded after upgrade") {
ok(upgradeDisplay, "imageSrcset did not follow upgrade_display_content pref");
} else {
ok(blockActive == (event.data.msg == "insecure image blocked"), "imageSrcset did not follow block_active_content pref");
}
testsToRun.imageSrcset = true;
break;
case "imageSrcsetFallback":
if (event.data.msg == "secure image loaded after upgrade") {
ok(upgradeDisplay, "imageSrcsetFallback did not follow upgrade_display_content pref");
} else {
ok(blockActive == (event.data.msg == "insecure image blocked"), "imageSrcsetFallback did not follow block_active_content pref");
}
testsToRun.imageSrcsetFallback = true;
break;
case "imagePicture":
if (event.data.msg == "secure image loaded after upgrade") {
ok(upgradeDisplay, "imagePicture did not follow upgrade_display_content pref");
} else {
ok(blockActive == (event.data.msg == "insecure image blocked"), "imagePicture did not follow block_active_content pref");
}
testsToRun.imagePicture = true;
break;
case "imageJoinPicture":
if (event.data.msg == "secure image loaded after upgrade") {
ok(upgradeDisplay, "imageJoinPicture did not follow upgrade_display_content pref");
} else {
ok(blockActive == (event.data.msg == "insecure image blocked"), "imageJoinPicture did not follow block_active_content pref");
}
testsToRun.imageJoinPicture = true;
break;
// Should return to mixed display mode
case "imageLeavePicture":
if (event.data.msg == "secure image loaded after upgrade") {
ok(upgradeDisplay, "imageLeavePicture did not follow upgrade_display_content pref");
} else {
ok(blockDisplay == (event.data.msg == "insecure image blocked"), "imageLeavePicture did not follow block_display_content pref");
}
testsToRun.imageLeavePicture = true;
break;
}
checkTestsCompleted();
}
function startTest() {
//Set the first set of mixed content settings and increment the counter.
changePrefs([], function() {
//listen for a messages from the mixed content test harness
window.addEventListener("message", receiveMessage);
//Kick off test
reloadFrame();
});
}
SimpleTest.waitForExplicitFinish();
</script>
</head>
<body onload='startTest()'>
<div id="framediv"></div>
<pre id="log"></pre>
</body>
</html>
|