diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:13:33 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:13:33 +0000 |
commit | 086c044dc34dfc0f74fbe41f4ecb402b2cd34884 (patch) | |
tree | a4f824bd33cb075dd5aa3eb5a0a94af221bbe83a /testing/web-platform/tests/fetch/security/dangling-markup | |
parent | Adding debian version 124.0.1-1. (diff) | |
download | firefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.tar.xz firefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.zip |
Merging upstream version 125.0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/fetch/security/dangling-markup')
-rw-r--r-- | testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html | 26 | ||||
-rw-r--r-- | testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.sub.html (renamed from testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.tentative.sub.html) | 0 | ||||
-rw-r--r-- | testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.html (renamed from testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.tentative.html) | 0 | ||||
-rw-r--r-- | testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.https.html | 61 | ||||
-rw-r--r-- | testing/web-platform/tests/fetch/security/dangling-markup/resources/empty.html | 1 | ||||
-rw-r--r-- | testing/web-platform/tests/fetch/security/dangling-markup/service-worker.js | 35 |
6 files changed, 123 insertions, 0 deletions
diff --git a/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html new file mode 100644 index 0000000000..66456a8876 --- /dev/null +++ b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-allowed-apis.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<body> +<script> + const blank = 'about:blank'; + const dangling_url = 'resources/empty.html?\n<'; + const api_calls = [ + `window.open(\`${dangling_url}\`,'_self')`, + `location.replace(\`${dangling_url}\`)`, + ]; + + api_calls.forEach(call => { + async_test(t => { + const iframe = + document.body.appendChild(document.createElement('iframe')); + t.step(() => { + iframe.contentWindow.eval(call) + t.step_timeout(()=>{ + assert_false(iframe.contentWindow.location.href.endsWith(blank)); + t.done(); + }, 500); + }); + }, `Does not block ${call}`); + }); +</script> diff --git a/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.tentative.sub.html b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.sub.html index f27735daa1..f27735daa1 100644 --- a/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.tentative.sub.html +++ b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation-data-url.sub.html diff --git a/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.tentative.html b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.html index 61a931608b..61a931608b 100644 --- a/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.tentative.html +++ b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.html diff --git a/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.https.html b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.https.html new file mode 100644 index 0000000000..3f038cbb7b --- /dev/null +++ b/testing/web-platform/tests/fetch/security/dangling-markup/dangling-markup-mitigation.https.html @@ -0,0 +1,61 @@ +<!DOCTYPE html> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<body> +<script> + function get_requests(worker, expected) { + return new Promise(resolve => { + navigator.serviceWorker.addEventListener('message', function onMsg(evt) { + if (evt.data.size >= expected) { + navigator.serviceWorker.removeEventListener('message', onMsg); + resolve(evt.data); + } else { + worker.postMessage(""); + } + }); + worker.postMessage(""); + }); + } + + const resources = [ + x=>`<link rel="stylesheet" href="404/style?${x}">`, + x=>`<link rel="prefetch" as="style" href="404/prefetch?${x}">`, + x=>`<script src="404/script?${x}"><\/script>`, + x=>`<iframe src="404/iframe?${x}"></iframe>`, + x=>`<meta http-equiv="refresh" content="0;url=404/meta?${x}">`, + x=>`<a href="404/a?${x}">click</a><script>document.querySelector('a').click()<\/script>`, + x=>`<base href="404/base?${x}"><a href>me</a><script>document.querySelector('a').click()<\/script>`, + x=>`<video controls poster="404/poster?${x}"></video>`, + x=>`<input type="image" src="404/input?${x}">`, + x=>`<form method="GET" action="404/form?${x}"></form><script>document.querySelector('form').submit()<\/script>`, + x=>`<body background="404/body?${x}"></body>`, + ]; + + async_test(t => { + const script = 'service-worker.js'; + const paths = []; + navigator.serviceWorker.register(script); + t.step(async () => { + const registration = await navigator.serviceWorker.ready; + for (const html of resources) { + const iframe1 = + document.body.appendChild(document.createElement('iframe')); + iframe1.src = 'resources.html?html=' + html`%0A<`; + const iframe2 = + document.body.appendChild(document.createElement('iframe')); + iframe2.src = 'resources.html?html=' + html``; + const path = html`EOP`; + paths.push(path.substring(path.search('404\\/')+4, path.search('EOP'))); + } + + const requests = await get_requests(registration.active, resources.length); + paths.forEach(path => { + assert_true(requests.has(path), + `${path} should appear in requests sent`); + }); + await registration.unregister(); + t.done(); + }); + }, 'Only blocks dangling markup requests'); +</script> diff --git a/testing/web-platform/tests/fetch/security/dangling-markup/resources/empty.html b/testing/web-platform/tests/fetch/security/dangling-markup/resources/empty.html new file mode 100644 index 0000000000..0e76edd65b --- /dev/null +++ b/testing/web-platform/tests/fetch/security/dangling-markup/resources/empty.html @@ -0,0 +1 @@ +<!DOCTYPE html> diff --git a/testing/web-platform/tests/fetch/security/dangling-markup/service-worker.js b/testing/web-platform/tests/fetch/security/dangling-markup/service-worker.js new file mode 100644 index 0000000000..837e216a01 --- /dev/null +++ b/testing/web-platform/tests/fetch/security/dangling-markup/service-worker.js @@ -0,0 +1,35 @@ +const requests = new Set(); + +addEventListener('install', evt => { + evt.waitUntil(self.skipWaiting()); +}); + +addEventListener('activate', evt => { + evt.waitUntil(self.clients.claim()); +}); + +addEventListener('message', evt => { + evt.source.postMessage(requests); +}); + +addEventListener('fetch', evt => { + const url = new URL(evt.request.url); + const path = url.pathname; + const search = url.search || "?"; + if (path.includes('404')) { + const dir = path.split('/'); + const request = dir[dir.length-1] + search; + if (!requests.has(request)) { + requests.add(request); + } + evt.respondWith(new Response("")); + } else if (path.endsWith('resources.html')) { + const html = (new URLSearchParams(search)).get('html'); + evt.respondWith(new Response(html, { + headers: { + "Content-Type": "text/html" + } + })); + } + return; +}); |