summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_blob_uri_blocks_modals.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/test_blob_uri_blocks_modals.html')
-rw-r--r--dom/security/test/csp/test_blob_uri_blocks_modals.html75
1 files changed, 75 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_blob_uri_blocks_modals.html b/dom/security/test/csp/test_blob_uri_blocks_modals.html
new file mode 100644
index 0000000000..8d593ea256
--- /dev/null
+++ b/dom/security/test/csp/test_blob_uri_blocks_modals.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1432170 - Block alert box and new window open as per the sandbox
+ allow-scripts CSP</title>
+ <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js">
+ </script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+<script>
+
+/* Description of the test:
+ * We apply the sanbox allow-scripts CSP to the blob iframe and check
+ * if the alert box and new window open is blocked correctly by the CSP.
+ */
+var testsToRun = {
+ block_window_open_test: false,
+ block_alert_test: false,
+ block_top_nav_alert_test: false,
+};
+
+SimpleTest.waitForExplicitFinish();
+SimpleTest.requestFlakyTimeout("have to test that alert dialogue is blocked");
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ switch (event.data.test) {
+ case "block_window_open_test":
+ testsToRun.block_window_open_test = true;
+ break;
+ case "block_alert_test":
+ is(event.data.msg, "alert blocked by CSP", "alert blocked by CSP");
+ testsToRun.block_alert_test = true;
+ break;
+ case "block_top_nav_alert_test":
+ testsToRun.block_top_nav_alert_test = true;
+ break;
+ }
+}
+
+var w;
+document.getElementById("testframe").src = "file_blob_uri_blocks_modals.html";
+w = window.open("file_blob_top_nav_block_modals.html");
+
+
+// If alert window is not blocked by CSP then event message is not recieved and
+// test fails after setTimeout interval of 1 second.
+setTimeout(function () {
+ is(testsToRun.block_top_nav_alert_test, true,
+ "blob top nav alert should be blocked by CSP");
+ testsToRun.block_top_nav_alert_test = true;
+ is(testsToRun.block_alert_test, true,
+ "alert should be blocked by CSP");
+ testsToRun.block_alert_test = true;
+ checkTestsCompleted();
+ },1000);
+
+function checkTestsCompleted() {
+ for (var prop in testsToRun) {
+ // some test hasn't run yet so we're not done
+ if (!testsToRun[prop]) {
+ return;
+ }
+ }
+ window.removeEventListener("message", receiveMessage);
+ w.close();
+ SimpleTest.finish();
+}
+
+</script>
+</body>
+</html>