summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/test_script_template.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/csp/test_script_template.html
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/csp/test_script_template.html')
-rw-r--r--dom/security/test/csp/test_script_template.html60
1 files changed, 60 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_script_template.html b/dom/security/test/csp/test_script_template.html
new file mode 100644
index 0000000000..a71ebfe960
--- /dev/null
+++ b/dom/security/test/csp/test_script_template.html
@@ -0,0 +1,60 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Bug 1548385 - CSP: Test script template</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/**
+ * Description of the test:
+ * We load a document using a CSP of "default-src 'unsafe-inline'"
+ * and make sure that an external script within a template gets
+ * blocked correctly.
+ */
+
+const CSP_BLOCKED_SUBJECT = "csp-on-violate-policy";
+const CSP_ALLOWED_SUBJECT = "specialpowers-http-notify-request";
+
+SimpleTest.waitForExplicitFinish();
+
+function examiner() {
+ SpecialPowers.addObserver(this, CSP_BLOCKED_SUBJECT);
+ SpecialPowers.addObserver(this, CSP_ALLOWED_SUBJECT);
+}
+
+examiner.prototype = {
+ observe(subject, topic, data) {
+ if (topic == CSP_BLOCKED_SUBJECT) {
+ let jsFileName = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
+ if (jsFileName.endsWith("file_script_template.js")) {
+ ok(true, "js file blocked by CSP");
+ this.removeAndFinish();
+ }
+ }
+
+ if (topic == CSP_ALLOWED_SUBJECT) {
+ if (data.endsWith("file_script_template.js")) {
+ ok(false, "js file allowed by CSP");
+ this.removeAndFinish();
+ }
+ }
+ },
+
+ removeAndFinish() {
+ SpecialPowers.removeObserver(this, CSP_BLOCKED_SUBJECT);
+ SpecialPowers.removeObserver(this, CSP_ALLOWED_SUBJECT);
+ SimpleTest.finish();
+ }
+}
+
+window.examiner = new examiner();
+document.getElementById("testframe").src = "file_script_template.html";
+
+</script>
+</body>
+</html>