diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/referrer-policy/img_referrer_testserver.sjs | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/referrer-policy/img_referrer_testserver.sjs')
-rw-r--r-- | dom/security/test/referrer-policy/img_referrer_testserver.sjs | 337 |
1 files changed, 337 insertions, 0 deletions
diff --git a/dom/security/test/referrer-policy/img_referrer_testserver.sjs b/dom/security/test/referrer-policy/img_referrer_testserver.sjs new file mode 100644 index 0000000000..7fcc8d4914 --- /dev/null +++ b/dom/security/test/referrer-policy/img_referrer_testserver.sjs @@ -0,0 +1,337 @@ +var BASE_URL = + "example.com/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs"; +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" +); + +function createTestUrl(aPolicy, aAction, aName, aContent) { + var content = aContent || "text"; + return ( + "http://" + + BASE_URL + + "?" + + "action=" + + aAction + + "&" + + "policy=" + + aPolicy + + "&" + + "name=" + + aName + + "&" + + "content=" + + content + ); +} + +function createTestPage(aHead, aImgPolicy, aName) { + var _createTestUrl = createTestUrl.bind(null, aImgPolicy, "test", aName); + + return ( + "<!DOCTYPE HTML>\n\ + <html>" + + aHead + + '<body>\n\ + <img src="' + + _createTestUrl("img") + + '" referrerpolicy="' + + aImgPolicy + + '" id="image"></img>\n\ + <script>' + + // LOAD EVENT (of the test) + // fires when the img resource for the page is loaded + 'window.addEventListener("load", function() {\n\ + parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ + }.bind(window), false);' + + "</script>\n\ + </body>\n\ + </html>" + ); +} + +// Creates the following test cases for the specified referrer +// policy combination: +// <img> with referrer +function createTest(aPolicy, aImgPolicy, aName) { + var headString = "<head>"; + if (aPolicy) { + headString += '<meta name="referrer" content="' + aPolicy + '">'; + } + + headString += "<script></script>"; + + return createTestPage(headString, aImgPolicy, aName); +} + +// testing regular load img with referrer policy +// speculative parser should not kick in here +function createTest2(aImgPolicy, name) { + return createTestPage("", aImgPolicy, name); +} + +function createTest3(aImgPolicy1, aImgPolicy2, aImgPolicy3, aName) { + return ( + '<!DOCTYPE HTML>\n\ + <html>\n\ + <body>\n\ + <img src="' + + createTestUrl(aImgPolicy1, "test", aName + aImgPolicy1) + + '" referrerpolicy="' + + aImgPolicy1 + + '" id="image"></img>\n\ + <img src="' + + createTestUrl(aImgPolicy2, "test", aName + aImgPolicy2) + + '" referrerpolicy="' + + aImgPolicy2 + + '" id="image"></img>\n\ + <img src="' + + createTestUrl(aImgPolicy3, "test", aName + aImgPolicy3) + + '" referrerpolicy="' + + aImgPolicy3 + + '" id="image"></img>\n\ + <script>\n\ + var _numLoads = 0;' + + // LOAD EVENT (of the test) + // fires when the img resource for the page is loaded + 'window.addEventListener("load", function() {\n\ + parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ + }.bind(window), false);' + + "</script>\n\ + </body>\n\ + </html>" + ); +} + +function createTestPage2(aHead, aPolicy, aName) { + return ( + "<!DOCTYPE HTML>\n\ + <html>" + + aHead + + '<body>\n\ + <img src="' + + createTestUrl(aPolicy, "test", aName) + + '" id="image"></img>\n\ + <script>' + + // LOAD EVENT (of the test) + // fires when the img resource for the page is loaded + 'window.addEventListener("load", function() {\n\ + parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ + }.bind(window), false);' + + "</script>\n\ + </body>\n\ + </html>" + ); +} + +function createTestPage3(aHead, aPolicy, aName) { + return ( + "<!DOCTYPE HTML>\n\ + <html>" + + aHead + + "<body>\n\ + <script>" + + 'var image = new Image();\n\ + image.src = "' + + createTestUrl(aPolicy, "test", aName, "image") + + '";\n\ + image.referrerPolicy = "' + + aPolicy + + '";\n\ + image.onload = function() {\n\ + window.parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ + }\n\ + document.body.appendChild(image);' + + "</script>\n\ + </body>\n\ + </html>" + ); +} + +function createTestPage4(aHead, aPolicy, aName) { + return ( + "<!DOCTYPE HTML>\n\ + <html>" + + aHead + + "<body>\n\ + <script>" + + 'var image = new Image();\n\ + image.referrerPolicy = "' + + aPolicy + + '";\n\ + image.src = "' + + createTestUrl(aPolicy, "test", aName, "image") + + '";\n\ + image.onload = function() {\n\ + window.parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ + }\n\ + document.body.appendChild(image);' + + "</script>\n\ + </body>\n\ + </html>" + ); +} + +function createSetAttributeTest1(aPolicy, aImgPolicy, aName) { + var headString = "<head>"; + headString += '<meta name="referrer" content="' + aPolicy + '">'; + headString += "<script></script>"; + + return createTestPage3(headString, aImgPolicy, aName); +} + +function createSetAttributeTest2(aPolicy, aImgPolicy, aName) { + var headString = "<head>"; + headString += '<meta name="referrer" content="' + aPolicy + '">'; + headString += "<script></script>"; + + return createTestPage4(headString, aImgPolicy, aName); +} + +function createTest4(aPolicy, aName) { + var headString = "<head>"; + headString += '<meta name="referrer" content="' + aPolicy + '">'; + headString += "<script></script>"; + + return createTestPage2(headString, aPolicy, aName); +} + +function createTest5(aPolicy, aName) { + var headString = "<head>"; + headString += '<meta name="referrer" content="' + aPolicy + '">'; + + return createTestPage2(headString, aPolicy, aName); +} + +function handleRequest(request, response) { + var sharedKey = "img_referrer_testserver.sjs"; + var params = request.queryString.split("&"); + var action = params[0].split("=")[1]; + + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html; charset=utf-8", false); + + if (action === "resetState") { + let state = getSharedState(sharedKey); + state = {}; + setSharedState(sharedKey, JSON.stringify(state)); + response.write(""); + return; + } + if (action === "test") { + // ?action=test&policy=origin&name=name&content=content + let policy = params[1].split("=")[1]; + let name = params[2].split("=")[1]; + let content = params[3].split("=")[1]; + let result = getSharedState(sharedKey); + + if (result === "") { + result = {}; + } else { + result = JSON.parse(result); + } + + if (!result.tests) { + result.tests = {}; + } + + var referrerLevel = "none"; + var test = {}; + if (request.hasHeader("Referer")) { + let referrer = request.getHeader("Referer"); + if (referrer.indexOf("img_referrer_testserver") > 0) { + referrerLevel = "full"; + } else if (referrer == "http://mochi.test:8888/") { + referrerLevel = "origin"; + } + test.referrer = request.getHeader("Referer"); + } else { + test.referrer = ""; + } + test.policy = referrerLevel; + test.expected = policy; + + result.tests[name] = test; + + setSharedState(sharedKey, JSON.stringify(result)); + + if (content === "image") { + response.setHeader("Content-Type", "image/png"); + response.write(IMG_BYTES); + } + return; + } + if (action === "get-test-results") { + // ?action=get-result + response.write(getSharedState(sharedKey)); + return; + } + if (action === "generate-img-policy-test") { + // ?action=generate-img-policy-test&imgPolicy=b64-encoded-string&name=name&policy=b64-encoded-string + let imgPolicy = unescape(params[1].split("=")[1]); + let name = unescape(params[2].split("=")[1]); + let metaPolicy = ""; + if (params[3]) { + metaPolicy = params[3].split("=")[1]; + } + + response.write(createTest(metaPolicy, imgPolicy, name)); + return; + } + if (action === "generate-img-policy-test2") { + // ?action=generate-img-policy-test2&imgPolicy=b64-encoded-string&name=name + let imgPolicy = unescape(params[1].split("=")[1]); + let name = unescape(params[2].split("=")[1]); + + response.write(createTest2(imgPolicy, name)); + return; + } + if (action === "generate-img-policy-test3") { + // ?action=generate-img-policy-test3&imgPolicy1=b64-encoded-string&imgPolicy2=b64-encoded-string&imgPolicy3=b64-encoded-string&name=name + let imgPolicy1 = unescape(params[1].split("=")[1]); + let imgPolicy2 = unescape(params[2].split("=")[1]); + let imgPolicy3 = unescape(params[3].split("=")[1]); + let name = unescape(params[4].split("=")[1]); + + response.write(createTest3(imgPolicy1, imgPolicy2, imgPolicy3, name)); + return; + } + if (action === "generate-img-policy-test4") { + // ?action=generate-img-policy-test4&imgPolicy=b64-encoded-string&name=name + let policy = unescape(params[1].split("=")[1]); + let name = unescape(params[2].split("=")[1]); + + response.write(createTest4(policy, name)); + return; + } + if (action === "generate-img-policy-test5") { + // ?action=generate-img-policy-test5&policy=b64-encoded-string&name=name + let policy = unescape(params[1].split("=")[1]); + let name = unescape(params[2].split("=")[1]); + + response.write(createTest5(policy, name)); + return; + } + + if (action === "generate-setAttribute-test1") { + // ?action=generate-setAttribute-test1&policy=b64-encoded-string&name=name + let imgPolicy = unescape(params[1].split("=")[1]); + let policy = unescape(params[2].split("=")[1]); + let name = unescape(params[3].split("=")[1]); + + response.write(createSetAttributeTest1(policy, imgPolicy, name)); + return; + } + + if (action === "generate-setAttribute-test2") { + // ?action=generate-setAttribute-test2&policy=b64-encoded-string&name=name + let imgPolicy = unescape(params[1].split("=")[1]); + let policy = unescape(params[2].split("=")[1]); + let name = unescape(params[3].split("=")[1]); + + response.write(createSetAttributeTest2(policy, imgPolicy, name)); + return; + } + + response.write("I don't know action " + action); +} |