dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

var data =
  '<!DOCTYPE HTML>\n\
<html>\n\
<head>\n\
<script>\n\
window.addEventListener("message", function(e) {\n\
\n\
  sendData = null;\n\
\n\
  req = JSON.parse(e.data);\n\
  var res = {\n\
    didFail: false,\n\
    events: [],\n\
    progressEvents: 0\n\
  };\n\
  \n\
  var xhr = new XMLHttpRequest();\n\
  for (type of ["load", "abort", "error", "loadstart", "loadend"]) {\n\
    xhr.addEventListener(type, function(e) {\n\
      res.events.push(e.type);\n\
    }, false);\n\
  }\n\
  xhr.addEventListener("readystatechange", function(e) {\n\
    res.events.push("rs" + xhr.readyState);\n\
  }, false);\n\
  xhr.addEventListener("progress", function(e) {\n\
    res.progressEvents++;\n\
  }, false);\n\
  if (req.uploadProgress) {\n\
    xhr.upload.addEventListener(req.uploadProgress, function(e) {\n\
      res.progressEvents++;\n\
    }, false);\n\
  }\n\
  xhr.onerror = function(e) {\n\
    res.didFail = true;\n\
  };\n\
  xhr.onloadend = function (event) {\n\
    res.status = xhr.status;\n\
    try {\n\
      res.statusText = xhr.statusText;\n\
    } catch (e) {\n\
      delete(res.statusText);\n\
    }\n\
    res.responseXML = xhr.responseXML ?\n\
      (new XMLSerializer()).serializeToString(xhr.responseXML) :\n\
      null;\n\
    res.responseText = xhr.responseText;\n\
\n\
    res.responseHeaders = {};\n\
    for (responseHeader in req.responseHeaders) {\n\
      res.responseHeaders[responseHeader] =\n\
        xhr.getResponseHeader(responseHeader);\n\
    }\n\
    res.allResponseHeaders = {};\n\
    var splitHeaders = xhr.getAllResponseHeaders().split("\\r\\n");\n\
    for (var i = 0; i < splitHeaders.length; i++) {\n\
      var headerValuePair = splitHeaders[i].split(":");\n\
        if(headerValuePair[1] != null){\n\
          var headerName = trimString(headerValuePair[0]);\n\
          var headerValue = trimString(headerValuePair[1]); \n\
          res.allResponseHeaders[headerName] = headerValue;\n\
        }\n\
    }\n\
    post(e, res);\n\
  }\n\
\n\
  if (req.withCred)\n\
    xhr.withCredentials = true;\n\
  if (req.body)\n\
    sendData = req.body;\n\
\n\
  res.events.push("opening");\n\
  xhr.open(req.method, req.url, true);\n\
\n\
  for (header in req.headers) {\n\
    xhr.setRequestHeader(header, req.headers[header]);\n\
  }\n\
\n\
  res.events.push("sending");\n\
  xhr.send(sendData);\n\
\n\
}, false);\n\
\n\
function post(e, res) {\n\
  e.source.postMessage(JSON.stringify(res), "*");\n\
}\n\
function trimString(stringValue) {\n\
  return stringValue.replace("/^s+|s+$/g","");\n\
};\n\
\n\
</script>\n\
</head>\n\
<body>\n\
Inner page\n\
</body>\n\
</html>';

function handleRequest(request, response) {
  response.setStatusLine(null, 302, "Follow me");
  response.setHeader("Location", "data:text/html," + escape(data));
  response.setHeader("Content-Type", "text/plain");
  response.write("Follow that guy!");
}