dom/security/test/general/browser_restrict_privileged_about_script.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

"use strict";

const kChildPage = getRootDirectory(gTestPath) + "file_about_child.html";

const kAboutPagesRegistered = BrowserTestUtils.registerAboutPage(
  registerCleanupFunction,
  "test-about-privileged-with-scripts",
  kChildPage,
  Ci.nsIAboutModule.ALLOW_SCRIPT |
    Ci.nsIAboutModule.URI_MUST_LOAD_IN_CHILD |
    Ci.nsIAboutModule.URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
    Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT |
    Ci.nsIAboutModule.IS_SECURE_CHROME_UI
);

add_task(async function test_principal_click() {
  await kAboutPagesRegistered;
  await SpecialPowers.pushPrefEnv({
    set: [["dom.security.skip_about_page_has_csp_assert", true]],
  });
  await BrowserTestUtils.withNewTab(
    "about:test-about-privileged-with-scripts",
    async function (browser) {
      // Wait for page to fully load
      info("Waiting for tab to be loaded..");
      // let's look into the fully loaded about page
      await SpecialPowers.spawn(
        gBrowser.selectedBrowser,
        [],
        async function () {
          let channel = content.docShell.currentDocumentChannel;
          is(
            channel.originalURI.asciiSpec,
            "about:test-about-privileged-with-scripts",
            "sanity check - make sure we test the principal for the correct URI"
          );

          let triggeringPrincipal = channel.loadInfo.triggeringPrincipal;
          ok(
            triggeringPrincipal.isSystemPrincipal,
            "loading about: from privileged page must have a triggering of System"
          );

          let contentPolicyType = channel.loadInfo.externalContentPolicyType;
          is(
            contentPolicyType,
            Ci.nsIContentPolicy.TYPE_DOCUMENT,
            "sanity check - loading a top level document"
          );

          let loadingPrincipal = channel.loadInfo.loadingPrincipal;
          is(
            loadingPrincipal,
            null,
            "sanity check - load of TYPE_DOCUMENT must have a null loadingPrincipal"
          );
          ok(
            !content.document.nodePrincipal.isSystemPrincipal,
            "sanity check - loaded about page does not have the system principal"
          );
          isnot(
            content.testResult,
            "fail-script-was-loaded",
            "The script from https://example.com shouldn't work in an about: page."
          );
        }
      );
    }
  );
});