diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/https-only/file_redirect_tainting.sjs | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/dom/security/test/https-only/file_redirect_tainting.sjs b/dom/security/test/https-only/file_redirect_tainting.sjs new file mode 100644 index 0000000000..9ecca88d6d --- /dev/null +++ b/dom/security/test/https-only/file_redirect_tainting.sjs @@ -0,0 +1,39 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// small red image +const IMG_BYTES = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" +); + +const body = `<!DOCTYPE html> +<html lang="en"> + <body> + <script> + let image = new Image(); + image.crossOrigin = "anonymous"; + image.src = "http://example.net/browser/dom/security/test/https-only/file_redirect_tainting.sjs?img"; + image.id = "test_image"; + document.body.appendChild(image); + </script> + </body> +</html>`; + +function handleRequest(request, response) { + if (request.queryString === "html") { + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "text/html"); + response.write(body); + return; + } + + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "image/png"); + let origin = request.getHeader("Origin"); + response.setHeader("Access-Control-Allow-Origin", origin); + response.write(IMG_BYTES); +} |