dom/security/test/https-first/file_form_submission.sjs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

const CC = Components.Constructor;
const BinaryInputStream = CC(
  "@mozilla.org/binaryinputstream;1",
  "nsIBinaryInputStream",
  "setInputStream"
);

const RESPONSE_SUCCESS = `
  <html>
    <body>
      send message, downgraded
    <script type="application/javascript">
      let scheme = document.location.protocol;
      const loc = document.location.href;
      window.opener.postMessage({location: loc, scheme: scheme, form:"test=success" }, '*');
    </script>
    </body>
  </html>`;

const POST_FORMULAR = `
<html>
    <body>
        <form action="http://example.com/tests/dom/security/test/https-first/file_form_submission.sjs?" method="POST" id="POSTForm">
            <div>
             <label id="submit">Submit</label>
             <input name="test" id="form" value="success">
            </div>
        </form>
        <script class="testbody" type="text/javascript">
            document.getElementById("POSTForm").submit();
        </script>
    </body>
</html>
`;

function handleRequest(request, response) {
  // avoid confusing cache behaviors
  response.setHeader("Cache-Control", "no-cache", false);
  let queryString = request.queryString;
  if (request.scheme === "https" && queryString === "test=1") {
    response.write(RESPONSE_SUCCESS);
    return;
  }
  if (
    request.scheme === "https" &&
    (queryString === "test=2" || queryString === "test=4")
  ) {
    // time out request
    response.processAsync();
    return;
  }
  if (request.scheme === "http" && queryString === "test=2") {
    response.write(RESPONSE_SUCCESS);
    return;
  }
  if (queryString === "test=3" || queryString === "test=4") {
    // send post form
    response.write(POST_FORMULAR);
    return;
  }
  if (request.method == "POST") {
    // extract form parameters
    let body = new BinaryInputStream(request.bodyInputStream);
    let avail;
    let bytes = [];
    while ((avail = body.available()) > 0) {
      Array.prototype.push.apply(bytes, body.readByteArray(avail));
    }
    let requestBodyContents = String.fromCharCode.apply(null, bytes);

    response.write(`
    <html>
    <script type="application/javascript">
      let scheme = document.location.protocol;
      const loc = document.location.href;
      window.opener.postMessage({location: loc, scheme: scheme, form: '${requestBodyContents}'}, '*');
    </script>
  </html>`);

    return;
  }
  // we should never get here; just in case, return something unexpected
  response.write("do'h");
}