1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
<!doctype html>
<head>
<title>Test content script accessing certain [SecureContext] interfaces in non-secure contexts</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
<script src="head.js"></script>
<link rel="stylesheet" href="/tests/SimpleTest/test.css" />
</head>
<script>
"use strict";
add_setup(async function setup() {
await SpecialPowers.pushPrefEnv({
"set": [
["dom.w3c_pointer_events.getcoalescedevents_only_in_securecontext", true],
// Test is intentionally testing in non-secure contexts.
["dom.security.https_first", false]
]
});
});
add_task(async function test_contentscript_getCoalescedEvents_in_non_secure_context() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
content_scripts: [
{
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
"matches": ["http://example.org/"],
"js": ["content_script.js"]
},
]
},
files: {
"content_script.js"() {
// Make sure we're testing a non-secure context
browser.test.assertEq(window.isSecureContext, false, "window.isSecureContext === false")
// Make sure our content script can access getCoalescedEvents in non-secure context
browser.test.assertEq(typeof PointerEvent.prototype.getCoalescedEvents, "function", "Content script can access getCoalescedEvents in non-secure context")
// Make sure the page can't access getCoalescedEvents in non-secure context
browser.test.assertEq(typeof window.wrappedJSObject.PointerEvent.prototype.getCoalescedEvents, "undefined", "Page can't access getCoalescedEvents in non-secure context")
browser.test.sendMessage("done");
},
},
});
await extension.startup();
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
const win = window.open("http://example.org/");
await extension.awaitMessage("done");
win.close();
await extension.unload();
});
add_task(async function test_iframe_getCoalescedEvents_in_non_secure_context() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
content_scripts: [
{
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
"matches": ["http://example.org/"],
"js": ["content_script.js"]
},
]
},
files: {
"iframe_script.js"() {
// Make sure we're testing a non-secure context
browser.test.assertEq(window.isSecureContext, false, "window.isSecureContext === false")
// Make sure our iframe script can access getCoalescedEvents in non-secure context
browser.test.assertEq(typeof PointerEvent.prototype.getCoalescedEvents, "function", "iframe script can access getCoalescedEvents in non-secure context")
browser.test.sendMessage("done");
},
"content_script.js"() {
let iframe = document.createElement("iframe");
iframe.src = browser.runtime.getURL("iframe.html");
document.body.append(iframe);
},
"iframe.html": "<!DOCTYPE html><html><head><script src=\"./iframe_script.js\"><\/script></head><body></body></html>",
}
});
await extension.startup();
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
const win = window.open("http://example.org/");
await extension.awaitMessage("done");
win.close();
await extension.unload();
});
add_task(async function test_contentscript_crypto_in_non_secure_context() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
content_scripts: [
{
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
"matches": ["http://example.org/"],
"js": ["content_script.js"]
},
]
},
files: {
"content_script.js"() {
// Make sure we're testing a non-secure context
browser.test.assertEq(window.isSecureContext, false, "window.isSecureContext === false")
// Make sure our content script can't access window.crypto.randomUUID in non-secure context
browser.test.assertEq(typeof window.crypto.randomUUID, "undefined", "Content script can't access window.crypto.randomUUID in non-secure context")
// Make sure the page can't access window.crypto.randomUUID in non-secure context
browser.test.assertEq(typeof window.wrappedJSObject.crypto.randomUUID, "undefined", "Page can't access window.crypto.randomUUID in non-secure context")
browser.test.sendMessage("done");
},
},
});
await extension.startup();
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
const win = window.open("http://example.org/");
await extension.awaitMessage("done");
win.close();
await extension.unload();
});
add_task(async function test_iframe_crypto_in_non_secure_context() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
content_scripts: [
{
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
"matches": ["http://example.org/"],
"js": ["content_script.js"]
},
]
},
files: {
"iframe_script.js"() {
// Make sure we're testing a non-secure context
browser.test.assertEq(window.isSecureContext, false, "window.isSecureContext === false")
// Make sure our iframe script can't access window.crypto.randomUUID in non-secure context
browser.test.assertEq(typeof window.crypto.randomUUID, "undefined", "iframe script can't access window.crypto.randomUUID in non-secure context")
browser.test.sendMessage("done");
},
"content_script.js"() {
let iframe = document.createElement("iframe");
iframe.src = browser.runtime.getURL("iframe.html");
document.body.append(iframe);
},
"iframe.html": "<!DOCTYPE html><html><head><script src=\"./iframe_script.js\"><\/script></head><body></body></html>",
}
});
await extension.startup();
// eslint-disable-next-line @microsoft/sdl/no-insecure-url
const win = window.open("http://example.org/");
await extension.awaitMessage("done");
win.close();
await extension.unload();
});
</script>
|
