1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
<html>
<head>
<title></title>
<script type="text/javascript">
"use strict";
var scriptItem = "untouched";
var scriptItem1 = "untouched";
var scriptItem2 = "untouched";
var imageItem1 = "untouched";
var imageItem2 = "untouched";
var frameItem1 = "untouched";
var frameItem2 = "untouched";
var xhrItem = "untouched";
var fetchItem = "untouched";
var mediaItem1 = "untouched";
var badids = [
"badscript1",
"badscript2",
"badimage1",
"badimage2",
"badframe1",
"badframe2",
"badmedia1",
"badcss",
];
var onloadCalled = false;
var xhrFinished = false;
var fetchFinished = false;
var videoLoaded = false;
function loaded(type) {
if (type === "onload") {
onloadCalled = true;
} else if (type === "xhr") {
xhrFinished = true;
} else if (type === "fetch") {
fetchFinished = true;
} else if (type === "video") {
videoLoaded = true;
}
if (onloadCalled && xhrFinished && fetchFinished && videoLoaded) {
var msg = new window.CustomEvent("OnLoadComplete", {
detail: JSON.stringify({
scriptItem,
scriptItem1,
scriptItem2,
imageItem1,
imageItem2,
frameItem1,
frameItem2,
xhrItem,
fetchItem,
mediaItem1,
}),
});
window.dispatchEvent(msg);
}
}
</script>
<!-- Try loading from a tracking CSS URI -->
<link id="badcss" rel="stylesheet" type="text/css" href="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.css"></link>
</head>
<body onload="loaded('onload')">
<!-- Try loading from a tracking script URI (1): evil.js onload will have updated the scriptItem variable -->
<script id="badscript1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js" onload="scriptItem1 = scriptItem;"></script>
<!-- Try loading from a tracking image URI (1) -->
<img id="badimage1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/raptor.jpg?reload=true" onload="imageItem1 = 'spoiled';"/>
<!-- Try loading from a tracking frame URI (1) -->
<iframe id="badframe1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/track.html" onload="frameItem1 = 'spoiled';"></iframe>
<!-- Try loading from a tracking video URI -->
<video id="badmedia1" src="http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/vp9.webm?reload=true"></video>
<script>
var v = document.getElementById("badmedia1");
v.addEventListener("loadedmetadata", function() {
mediaItem1 = "loaded";
loaded("video");
}, true);
v.addEventListener("error", function() {
mediaItem1 = "error";
loaded("video");
}, true);
// Try loading from a tracking script URI (2) - The loader may follow a different path depending on whether the resource is loaded from JS or HTML.
var newScript = document.createElement("script");
newScript.id = "badscript2";
newScript.src = "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js";
newScript.addEventListener("load", function() { scriptItem2 = scriptItem; });
document.body.appendChild(newScript);
// Try loading from a tracking image URI (2)
var newImage = document.createElement("img");
newImage.id = "badimage2";
newImage.src = "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/raptor.jpg?reload=true";
newImage.addEventListener("load", function() { imageItem2 = "spoiled"; });
document.body.appendChild(newImage);
// Try loading from a tracking iframe URI (2)
var newFrame = document.createElement("iframe");
newFrame.id = "badframe2";
newFrame.src = "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/track.html";
newFrame.addEventListener("load", function() { frameItem2 = "spoiled"; });
document.body.appendChild(newFrame);
// Try doing an XHR against a tracking domain (bug 1216793)
function reqListener() {
xhrItem = "loaded";
loaded("xhr");
}
function transferFailed() {
xhrItem = "failed";
loaded("xhr");
}
function transferCanceled() {
xhrItem = "canceled";
loaded("xhr");
}
var oReq = new XMLHttpRequest();
oReq.addEventListener("load", reqListener);
oReq.addEventListener("error", transferFailed);
oReq.addEventListener("abort", transferCanceled);
oReq.open("GET", "http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js");
oReq.send();
// Fetch from a tracking domain
fetch("http://tracking.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js").then(function(response) {
if (response.ok) {
fetchItem = "loaded";
loaded("fetch");
} else {
fetchItem = "badresponse";
loaded("fetch");
}
}).catch(function() {
fetchItem = "error";
loaded("fetch");
});
</script>
The following should not be hidden:
<div id="styleCheck">STYLE TEST</div>
</body>
</html>
|