diff options
Diffstat (limited to 'dom/base/test/test_anchor_area_referrer.html')
-rw-r--r-- | dom/base/test/test_anchor_area_referrer.html | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/dom/base/test/test_anchor_area_referrer.html b/dom/base/test/test_anchor_area_referrer.html new file mode 100644 index 0000000000..7e6992b404 --- /dev/null +++ b/dom/base/test/test_anchor_area_referrer.html @@ -0,0 +1,127 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Test anchor and area policy attribute for Bug 1174913</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> + + <!-- + Testing that anchor and area referrer attributes are honoured correctly + * anchor tag with referrer attribute (generate-anchor-policy-test) + https://bugzilla.mozilla.org/show_bug.cgi?id=1174913 + --> + + <script type="application/javascript"> + + SimpleTest.requestLongerTimeout(2); + + const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?"; + const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "REL", "SCHEME_FROM", "SCHEME_TO"]; + + const testCases = [ + {ACTION: ["generate-anchor-policy-test", "generate-area-policy-test"], + TESTS: [ + {ATTRIBUTE_POLICY: 'unsafe-url', + NAME: 'unsafe-url-with-origin-in-meta', + META_POLICY: 'origin', + DESC: "unsafe-url (anchor) with origin in meta", + RESULT: 'full'}, + {ATTRIBUTE_POLICY: 'origin', + NAME: 'origin-with-unsafe-url-in-meta', + META_POLICY: 'unsafe-url', + DESC: "origin (anchor) with unsafe-url in meta", + RESULT: 'origin'}, + {ATTRIBUTE_POLICY: 'no-referrer', + NAME: 'no-referrer-with-origin-in-meta', + META_POLICY: 'origin', + DESC: "no-referrer (anchor) with origin in meta", + RESULT: 'none'}, + {ATTRIBUTE_POLICY: 'same-origin', + NAME: 'same-origin-with-origin-in-meta', + META_POLICY: 'origin', + DESC: "same-origin with origin in meta", + RESULT: 'full'}, + {NAME: 'no-referrer-in-meta', + META_POLICY: 'no-referrer', + DESC: "no-referrer in meta", + RESULT: 'none'}, + + // Test if element attr would override meta referr policy. + + // 1. Downgrade. + {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', + NAME: 'origin-in-meta-downgrade-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta downgrade in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'http', + RESULT: 'none'}, + {ATTRIBUTE_POLICY: 'strict-origin', + NAME: 'origin-in-meta-strict-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'http', + RESULT: 'none'}, + {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', + NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin-when-cross-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'http', + RESULT: 'none'}, + + // 2. No downgrade. + {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', + NAME: 'origin-in-meta-downgrade-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta downgrade in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'https', + RESULT: 'full'}, + {ATTRIBUTE_POLICY: 'strict-origin', + NAME: 'origin-in-meta-strict-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'https', + RESULT: 'origin'}, + {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', + NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin-when-cross-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'https', + RESULT: 'full'}, + {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', + NAME: 'strict-origin-when-cross-origin-with-origin-in-meta', + META_POLICY: 'origin', + SCHEME_FROM: 'http', + SCHEME_TO: 'https', + DESC: "strict-origin-when-cross-origin with origin in meta", + RESULT: 'origin'}, + {ATTRIBUTE_POLICY: 'same-origin', + NAME: 'same-origin-with-origin-in-meta', + META_POLICY: 'origin', + SCHEME_FROM: 'http', + SCHEME_TO: 'https', + DESC: "same-origin with origin in meta", + RESULT: 'none'}, + + // End of element attr overriding test.. + + {ATTRIBUTE_POLICY: 'origin', + NAME: 'origin-with-no-meta', + META_POLICY: '', + DESC: "origin (anchor) with no meta", + RESULT: 'origin'}]} + ]; + </script> + <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script> +</head> +<body onload="tests.next();"> + <iframe id="testframe"></iframe> +</body> +</html> + |