1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
<!DOCTYPE HTML>
<html>
<!--
Tests for Mixed Content Blocker related to navigating children, grandchildren, etc
https://bugzilla.mozilla.org/show_bug.cgi?id=840388
-->
<head>
<meta charset="utf-8">
<title>Tests for Mixed Content Frame Navigation</title>
</head>
<body>
<div id="testContent"></div>
<script>
var baseUrlHttps = "https://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html";
// For tests that require setTimeout, set the maximum polling time to 50 x 100ms = 5 seconds.
var MAX_COUNT = 50;
var TIMEOUT_INTERVAL = 100;
var testContent = document.getElementById("testContent");
// Test 1: Navigate secure iframe to insecure iframe on an insecure page
var iframe_test1 = document.createElement("iframe");
var counter_test1 = 0;
iframe_test1.src = baseUrlHttps + "?insecurePage_navigate_child";
iframe_test1.setAttribute("id", "test1");
iframe_test1.onerror = function() {
parent.postMessage({"test": "insecurePage_navigate_child", "msg": "got an onerror alert when loading or navigating testing iframe"}, "http://mochi.test:8888");
};
testContent.appendChild(iframe_test1);
function navigationStatus(iframe_test1)
{
// When the page is navigating, it goes through about:blank and we will get a permission denied for loc.
// Catch that specific exception and return
try {
var loc = document.getElementById("test1").contentDocument.location;
} catch(e) {
if (e.name === "SecurityError") {
// We received an exception we didn't expect.
throw e;
}
counter_test1++;
return;
}
if (loc == "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_innermost.html?insecurePage_navigate_child_response") {
return;
}
else {
if(counter_test1 < MAX_COUNT) {
counter_test1++;
setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
}
else {
// After we have called setTimeout the maximum number of times, assume navigating the iframe is blocked
parent.postMessage({"test": "insecurePage_navigate_child", "msg": "navigating to insecure iframe blocked on insecure page"}, "http://mochi.test:8888");
}
}
}
setTimeout(navigationStatus, TIMEOUT_INTERVAL, iframe_test1);
// Test 2: Navigate secure grandchild iframe to insecure grandchild iframe on a page that has no secure parents
var iframe_test2 = document.createElement("iframe");
iframe_test2.src = "http://example.com/tests/dom/security/test/mixedcontentblocker/file_frameNavigation_grandchild.html"
iframe_test2.onerror = function() {
parent.postMessage({"test": "insecurePage_navigate_grandchild", "msg": "got an on error alert when loading or navigating testing iframe"}, "http://mochi.test:8888");
};
testContent.appendChild(iframe_test2);
</script>
</body>
</html>
|