summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_svg_inline_style.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/csp/test_svg_inline_style.html
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/csp/test_svg_inline_style.html')
-rw-r--r--dom/security/test/csp/test_svg_inline_style.html135
1 files changed, 135 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_svg_inline_style.html b/dom/security/test/csp/test_svg_inline_style.html
new file mode 100644
index 0000000000..c05ca20467
--- /dev/null
+++ b/dom/security/test/csp/test_svg_inline_style.html
@@ -0,0 +1,135 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1262842: Test CSP inline style within svg image</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script src="/tests/SimpleTest/WindowSnapshot.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe id="img_base"></iframe>
+<iframe id="img_csp"></iframe>
+<iframe id="img_base_srcset"></iframe>
+<iframe id="img_csp_srcset"></iframe>
+<iframe id="doc_base"></iframe>
+<iframe id="doc_csp"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+// Description of the two tests:
+// * CSP should not apply to SVGs loaded as images (in src or srcset)
+// * CSP should apply to SVGs loaded as document
+// Since we have to test inline styles within SVGs, we loaded the SVGs
+// and then take screenshots to comopare that the two SVGs are identical.
+
+SimpleTest.waitForExplicitFinish();
+
+let img_base = document.getElementById("img_base");
+let img_csp = document.getElementById("img_csp");
+let img_base_srcset = document.getElementById("img_base_srcset");
+let img_csp_srcset = document.getElementById("img_csp_srcset");
+let doc_base = document.getElementById("doc_base");
+let doc_csp = document.getElementById("doc_csp");
+
+let loadedFrames = 0;
+
+async function compareSVGs() {
+ loadedFrames++;
+ if (loadedFrames != 6) {
+ return;
+ }
+ // compare the two iframes where SVGs are loaded as images
+ try {
+ let img_base_snap = await snapshotWindow(img_base.contentWindow);
+ let img_csp_snap = await snapshotWindow(img_csp.contentWindow);
+
+ ok(compareSnapshots(img_base_snap, img_csp_snap, true)[0],
+ "CSP should not apply to SVG loaded as image");
+ } catch(err) {
+ ok(false, "img error: " + err.message);
+ }
+
+ // compare the two iframes where SVGs are loaded as images with srcset
+ try {
+ let img_base_snap_srcset = await snapshotWindow(img_base_srcset.contentWindow);
+ let img_csp_snap_srcset = await snapshotWindow(img_csp_srcset.contentWindow);
+
+ ok(compareSnapshots(img_base_snap_srcset, img_csp_snap_srcset, true)[0],
+ "CSP should not apply to SVG loaded as image with srcset");
+ } catch(err) {
+ ok(false, "img error: " + err.message);
+ }
+
+ // compare the two iframes where SVGs are loaded as documents
+ try {
+ let doc_base_snap = await snapshotWindow(doc_base.contentWindow);
+ let doc_csp_snap = await snapshotWindow(doc_csp.contentWindow);
+
+ ok(compareSnapshots(doc_base_snap, doc_csp_snap, true)[0],
+ "CSP should apply to SVG loaded as document");
+ } catch(err) {
+ ok(false, "doc error: " + err.message);
+ }
+
+ SimpleTest.finish();
+}
+
+// load SVG as images
+img_base.onerror = function() {
+ ok(false, "sanity: img_base onerror should not fire");
+}
+img_base.onload = function() {
+ ok(true, "sanity: img_base onload should fire");
+ compareSVGs();
+}
+img_base.src = "file_svg_inline_style_base.html";
+
+img_csp.onerror = function() {
+ ok(false, "sanity: img_csp onerror should not fire");
+}
+img_csp.onload = function() {
+ ok(true, "sanity: img_csp onload should fire");
+ compareSVGs();
+}
+img_csp.src = "file_svg_inline_style_csp.html";
+
+img_base_srcset.onerror = function() {
+ ok(false, "sanity: img_base_srcset onerror should not fire");
+}
+img_base_srcset.onload = function() {
+ ok(true, "sanity: img_base_srcset onload should fire");
+ compareSVGs();
+}
+img_base_srcset.src = "file_svg_srcset_inline_style_base.html";
+
+img_csp_srcset.onerror = function() {
+ ok(false, "sanity: img_csp_srcset onerror should not fire");
+}
+img_csp_srcset.onload = function() {
+ ok(true, "sanity: img_csp_srcset onload should fire");
+ compareSVGs();
+}
+img_csp_srcset.src = "file_svg_srcset_inline_style_csp.html";
+
+// load SVG as documnents
+doc_base.onerror = function() {
+ ok(false, "sanity: doc_base onerror should not fire");
+}
+doc_base.onload = function() {
+ ok(true, "sanity: doc_base onload should fire");
+ compareSVGs();
+}
+doc_base.src = "file_svg_inline_style_server.sjs?svg_no_inline_style&5";
+
+doc_csp.onerror = function() {
+ ok(false, "sanity: doc_csp onerror should not fire");
+}
+doc_csp.onload = function() {
+ ok(true, "sanity: doc_csp onload should fire");
+ compareSVGs();
+}
+doc_csp.src = "file_svg_inline_style_server.sjs?svg_inline_style_csp&6";
+
+</script>
+</body>
+</html>