1 files changed, 396 insertions, 0 deletions

diff --git a/dom/base/test/bug704320.sjs b/dom/base/test/bug704320.sjs
new file mode 100644
index 0000000000..f63b5d3a7e
--- /dev/null
+++ b/dom/base/test/bug704320.sjs
@@ -0,0 +1,396 @@
+var BASE_URL = "example.com/tests/dom/base/test/bug704320.sjs";
+
+function createTestUrl(schemeFrom, schemeTo, policy, action, type) {
+  return (
+    schemeTo +
+    "://" +
+    BASE_URL +
+    "?" +
+    "action=" +
+    action +
+    "&" +
+    "scheme=" +
+    schemeFrom +
+    "-to-" +
+    schemeTo +
+    "&" +
+    "policy=" +
+    policy +
+    "&" +
+    "type=" +
+    type
+  );
+}
+
+function create2ndLevelIframeUrl(schemeFrom, schemeTo, policy, type) {
+  return (
+    schemeFrom +
+    "://" +
+    BASE_URL +
+    "?" +
+    "action=create-2nd-level-iframe&" +
+    "scheme-from=" +
+    schemeFrom +
+    "&" +
+    "scheme-to=" +
+    schemeTo +
+    "&" +
+    "policy=" +
+    policy +
+    "&" +
+    "type=" +
+    type
+  );
+}
+
+// Creates the following test cases for the specified scheme and referrer
+// policy combination:
+//   <link>
+//   @import
+//   font-face
+//   bg-url
+//   <script>
+//   <img>
+//   <iframe>
+//   <audio>
+//   <video>
+//   <object type="bogus">
+//   <object type="image/svg+xml">
+//   <a>
+//   <a ping>
+//   <form>
+//   window.location
+//   window.open
+//   XMLHttpRequest
+//   EventSource
+//   TODO: XSLT?
+//
+// This returns a page that loads all of the above resources and contains a
+// script that clicks a link after all resources are (hopefully)
+// loaded. The click triggers a redirection to file_bug704320_redirect.html,
+// which in turn notifies the main window that it's time to check the test
+// results.
+function createTest(schemeFrom, schemeTo, policy, optionalEarlierPolicy) {
+  var _createTestUrl = createTestUrl.bind(
+    null,
+    schemeFrom,
+    schemeTo,
+    policy,
+    "test"
+  );
+
+  var _create2ndLevelIframeUrl = create2ndLevelIframeUrl.bind(
+    null,
+    schemeFrom,
+    schemeTo,
+    policy
+  );
+
+  var metaReferrerPolicyString = "";
+  if (optionalEarlierPolicy && optionalEarlierPolicy != "") {
+    metaReferrerPolicyString +=
+      '<meta name="referrer" content="' + optionalEarlierPolicy + '">\n';
+  }
+  metaReferrerPolicyString += '<meta name="referrer" content="' + policy + '">';
+
+  return (
+    "<!DOCTYPE HTML>\n\
+         <html>\n\
+         <head>\n\
+	    " +
+    metaReferrerPolicyString +
+    '\n\
+           <link rel="stylesheet" type="text/css" href="' +
+    _createTestUrl("stylesheet") +
+    '">\n\
+           <style type="text/css">\n\
+             @import "' +
+    _createTestUrl("import-css") +
+    '";\n\
+             @font-face {\n\
+               font-family: "Fake Serif Bold";\n\
+               src: url("' +
+    _createTestUrl("font-face") +
+    '");\n\
+             }\n\
+             body {\n\
+               font-family: "Fake Serif Bold", serif;\n\
+               background: url("' +
+    _createTestUrl("bg-url") +
+    '");\n\
+             }\n\
+           </style>\n\
+         </head>\n\
+         <body>\n\
+           <script src="' +
+    _createTestUrl("script") +
+    '"></script>\n\
+           <img src="' +
+    _createTestUrl("img") +
+    '"></img>\n\
+           <iframe src="' +
+    _createTestUrl("iframe") +
+    '"></iframe>\n\
+           <audio src="' +
+    _createTestUrl("audio") +
+    '"></audio>\n\
+           <video src="' +
+    _createTestUrl("video") +
+    '"></video>\n\
+           <object type="bogus" data="' +
+    _createTestUrl("object") +
+    '"></object>\n\
+           <object type="image/svg+xml" data="' +
+    _createTestUrl("object-svg") +
+    '"></object>\n\
+           <a id="link" href="' +
+    _createTestUrl("link") +
+    '" ping="' +
+    _createTestUrl("link-ping") +
+    '"></a>\n\
+           <iframe src="' +
+    _create2ndLevelIframeUrl("form") +
+    '"></iframe>\n\
+           <iframe src="' +
+    _create2ndLevelIframeUrl("window.location") +
+    '"></iframe>\n\
+           <script>\n\
+              var _testFinished = 0\n\
+             (function() {\n\
+               var x = new XMLHttpRequest();\n\
+               x.open("GET", "' +
+    _createTestUrl("xmlhttprequest") +
+    '");\n\
+               x.send();\n\
+             })();\n\
+             (function() {\n\
+               var eventSource = new EventSource("' +
+    _createTestUrl("eventsource") +
+    '");\n\
+             })();' +
+    // LOAD EVENT (most of the tests)
+    // fires when the resources for the page are loaded
+    'var _isLoaded = false;\n\
+             window.addEventListener("load", function() {\n\
+               this._isLoaded = true;\n\
+               this.checkForFinish();\n\
+             }.bind(window), false);' +
+    // WINDOW.OPEN test
+    // listen for incoming status from window.open, close the window
+    // and check if we're done.
+    'var _openedWindowLoaded = false;\n\
+             window.addEventListener("message", function(message) {\n\
+               if (message.data == "window.open") {\n\
+                 this._openedWindowLoaded = true;\n\
+                 this.win.close();\n\
+                 this.checkForFinish();\n\
+               }\n\
+             }.bind(window), false);\n\
+             var win = window.open("' +
+    _createTestUrl("window.open") +
+    '", "");' +
+    // called by the two things that must complete: window.open page
+    // and the window load event.  When both are complete, this
+    // "finishes" the iframe subtest by clicking the link.
+    // _testFinished avoids calling this function twice (which may happen)
+    'function checkForFinish() {\n\
+               if (window._isLoaded && window._openedWindowLoaded && !window._testFinished) {\n\
+                 window._testFinished = 1;\n\
+                 document.getElementById("link").click();\n\
+               }\n\
+             }\n\
+           </script>\n\
+         </body>\n\
+         </html>'
+  );
+}
+
+function createIframedFormTest(schemeFrom, schemeTo, policy) {
+  var actionUrl = schemeTo + "://" + BASE_URL;
+
+  return (
+    '<!DOCTYPE HTML>\n\
+         <html>\n\
+         <head>\n\
+           <meta name="referrer" content="' +
+    policy +
+    '">\n\
+         </head>\n\
+         <body>\n\
+           <form id="form" action="' +
+    actionUrl +
+    '">\n\
+             <input type="hidden" name="action" value="test">\n\
+             <input type="hidden" name="scheme" value="' +
+    schemeFrom +
+    "-to-" +
+    schemeTo +
+    '">\n\
+             <input type="hidden" name="policy" value="' +
+    policy +
+    '">\n\
+             <input type="hidden" name="type" value="form">\n\
+           </form>\n\
+           <script>\n\
+             document.getElementById("form").submit();\n\
+           </script>\n\
+         </body>\n\
+         </html>'
+  );
+}
+
+function createIframedWindowLocationTest(schemeFrom, schemeTo, policy) {
+  var url = createTestUrl(
+    schemeFrom,
+    schemeTo,
+    policy,
+    "test",
+    "window.location"
+  );
+
+  return (
+    '<!DOCTYPE HTML>\n\
+         <html>\n\
+         <head>\n\
+           <meta name="referrer" content="' +
+    policy +
+    '">\n\
+         </head>\n\
+         <body>\n\
+           <script>\n\
+            window.location = "' +
+    url +
+    '";\n\
+           </script>\n\
+         </body>\n\
+         </html>'
+  );
+}
+
+function createPolicyTest(policy, optionalEarlierPolicy) {
+  var metaReferrerPolicyString = "";
+  if (optionalEarlierPolicy && optionalEarlierPolicy != "") {
+    metaReferrerPolicyString +=
+      '<meta name="referrer" content="' + optionalEarlierPolicy + '">\n';
+  }
+  metaReferrerPolicyString += '<meta name="referrer" content="' + policy + '">';
+
+  return (
+    "<!DOCTYPE HTML>\n\
+          <html>\n\
+          <head>\n\
+	    " +
+    metaReferrerPolicyString +
+    '\n\
+            <script type="text/javascript" src="/tests/dom/base/test/file_bug704320_preload_common.js"></script>\n\
+          </head>\n\
+          <body>\n\
+            <img src="/tests/dom/base/test/bug704320_counter.sjs?type=img"\n\
+                    onload="incrementLoad2(\'img\', 2);">\n\
+            <img src="http://example.com/tests/dom/base/test/bug704320_counter.sjs?type=img"\n\
+                    onload="incrementLoad2(\'img\', 2);">\n\
+          </body>\n\
+          </html>'
+  );
+}
+
+function handleRequest(request, response) {
+  var sharedKey = "bug704320.sjs";
+  var params = request.queryString.split("&");
+  var action = params[0].split("=")[1];
+
+  if (action === "create-1st-level-iframe") {
+    // ?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=origin
+    var schemeFrom = params[1].split("=")[1];
+    var schemeTo = params[2].split("=")[1];
+    var policy = params[3].split("=")[1];
+    var optionalEarlierPolicy = "";
+    if (params[4]) {
+      optionalEarlierPolicy = params[4].split("=")[1];
+    }
+
+    response.setHeader("Content-Type", "text/html; charset=utf-8", false);
+    response.setHeader("Cache-Control", "no-cache", false);
+    response.write(
+      createTest(schemeFrom, schemeTo, policy, optionalEarlierPolicy)
+    );
+  } else if (action === "create-2nd-level-iframe") {
+    // ?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=origin&type=form"
+    var schemeFrom = params[1].split("=")[1];
+    var schemeTo = params[2].split("=")[1];
+    var policy = params[3].split("=")[1];
+    var type = params[4].split("=")[1];
+
+    response.setHeader("Content-Type", "text/html; charset=utf-8", false);
+    response.setHeader("Cache-Control", "no-cache", false);
+
+    if (type === "form") {
+      response.write(createIframedFormTest(schemeFrom, schemeTo, policy));
+    } else if (type === "window.location") {
+      response.write(
+        createIframedWindowLocationTest(schemeFrom, schemeTo, policy)
+      );
+    }
+  } else if (action === "test") {
+    // ?action=test&scheme=http-to-https&policy=origin&type=img
+    var scheme = params[1].split("=")[1];
+    var policy = params[2].split("=")[1];
+    var type = params[3].split("=")[1];
+    var result = getSharedState(sharedKey);
+
+    if (result === "") {
+      result = {};
+    } else {
+      result = JSON.parse(result);
+    }
+
+    if (!result[type]) {
+      result[type] = {};
+    }
+
+    if (!result[type][scheme]) {
+      result[type][scheme] = {};
+    }
+
+    if (request.hasHeader("Referer")) {
+      result[type][scheme][policy] = request.getHeader("Referer");
+    } else {
+      result[type][scheme][policy] = "";
+    }
+
+    setSharedState(sharedKey, JSON.stringify(result));
+
+    if (type === "link") {
+      var loc =
+        "https://example.com/tests/dom/base/test/file_bug704320_redirect.html";
+      response.setStatusLine("1.1", 302, "Found");
+      response.setHeader("Location", loc, false);
+    }
+
+    if (type === "window.open") {
+      response.setHeader("Cache-Control", "no-cache", false);
+      response.setHeader("Content-Type", "text/html", false);
+      response.write(
+        "<html><body><script>" +
+          'window.opener.postMessage("window.open", "*");' +
+          "</script></body></html>"
+      );
+    }
+  } else if (action === "get-test-results") {
+    // ?action=get-result
+    response.setHeader("Cache-Control", "no-cache", false);
+    response.setHeader("Content-Type", "text/plain", false);
+    response.write(getSharedState(sharedKey));
+  } else if (action === "generate-policy-test") {
+    // ?action=generate-policy-test&policy=b64-encoded-string
+    response.setHeader("Cache-Control", "no-cache", false);
+    response.setHeader("Content-Type", "text/html", false);
+    var policy = unescape(params[1].split("=")[1]);
+    var optionalEarlierPolicy = "";
+    if (params[2]) {
+      optionalEarlierPolicy = params[2].split("=")[1];
+    }
+
+    response.write(createPolicyTest(policy, optionalEarlierPolicy));
+  }
+}