1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
// Tests that warnings about ineffective iframe sandboxing are logged to the
// web console when necessary (and not otherwise). See Bug 752559.
"use strict";
requestLongerTimeout(2);
const TEST_PATH =
"https://example.com/browser/devtools/client/webconsole/" + "test/browser/";
const TEST_URI_WARNING = `${TEST_PATH}test-ineffective-iframe-sandbox-warning0.html`;
const TEST_URI_NOWARNING = [
`${TEST_PATH}test-ineffective-iframe-sandbox-warning1.html`,
`${TEST_PATH}test-ineffective-iframe-sandbox-warning2.html`,
`${TEST_PATH}test-ineffective-iframe-sandbox-warning3.html`,
`${TEST_PATH}test-ineffective-iframe-sandbox-warning4.html`,
`${TEST_PATH}test-ineffective-iframe-sandbox-warning5.html`,
];
const INEFFECTIVE_IFRAME_SANDBOXING_MSG =
"An iframe which has both " +
"allow-scripts and allow-same-origin for its sandbox attribute can remove " +
"its sandboxing.";
const SENTINEL_MSG = "testing ineffective sandboxing message";
add_task(async function () {
await testWarningMessageVisibility(TEST_URI_WARNING, true);
for (const testUri of TEST_URI_NOWARNING) {
await testWarningMessageVisibility(testUri, false);
}
});
async function testWarningMessageVisibility(uri, visible) {
const hud = await openNewTabAndConsole(uri, true);
const sentinel = SENTINEL_MSG + Date.now();
const onSentinelMessage = waitForMessageByType(hud, sentinel, ".console-api");
SpecialPowers.spawn(gBrowser.selectedBrowser, [sentinel], function (msg) {
content.console.log(msg);
});
await onSentinelMessage;
const warning = findWarningMessage(hud, INEFFECTIVE_IFRAME_SANDBOXING_MSG);
is(
!!warning,
visible,
`The warning message is${visible ? "" : " not"} visible on ${uri}`
);
}
|