summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/file_bug1777572.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/csp/file_bug1777572.html
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/csp/file_bug1777572.html')
-rw-r--r--dom/security/test/csp/file_bug1777572.html43
1 files changed, 43 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_bug1777572.html b/dom/security/test/csp/file_bug1777572.html
new file mode 100644
index 0000000000..51f2a80d28
--- /dev/null
+++ b/dom/security/test/csp/file_bug1777572.html
@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta http-equiv="Content-Security-Policy" content="img-src https://*;">
+ <script>
+ async function timeout (cmd) {
+ const timer = new Promise((resolve, reject) => {
+ const id = setTimeout(() => {
+ clearTimeout(id)
+ reject(new Error('Promise timed out!'))
+ }, 750)
+ })
+ return Promise.race([cmd, timer])
+ }
+
+ let ourOpener = window.opener;
+
+ if (location.search.includes("close")) {
+ window.close();
+ }
+
+ document.addEventListener('DOMContentLoaded', async () => {
+ const frame = document.createElementNS('http://www.w3.org/1999/xhtml', 'frame');
+ const image = document.createElementNS('http://www.w3.org/2000/svg', 'image');
+ document.documentElement.appendChild(frame)
+ image.setAttribute('href', 'a.png')
+ for (let i = 0; i < 5; ++i) {
+ try { await timeout(image.decode()) } catch (e) {}
+ }
+ let w = window.open();
+ // Need to run SpecialPowers in the newly opened window to avoid
+ // .wrap throwing because of dead objects.
+ let csp = w.eval("SpecialPowers.wrap(document).cspJSON;");
+ ourOpener.postMessage(csp, "*");
+ w.close();
+
+ if (!location.search.includes("close")) {
+ window.close();
+ }
+ })
+ </script>
+</head>
+</html>