From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 21:33:14 +0200
Subject: Adding upstream version 115.7.0esr.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../unit/test_isOriginPotentiallyTrustworthy.js    | 51 ++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js

(limited to 'dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js')

diff --git a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
new file mode 100644
index 0000000000..b218f1438f
--- /dev/null
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@@ -0,0 +1,51 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/*
+ * Tests the "Is origin potentially trustworthy?" logic from
+ * <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>.
+ */
+
+const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+
+Services.prefs.setCharPref(
+  "dom.securecontext.allowlist",
+  "example.net,example.org"
+);
+
+Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", false);
+
+add_task(async function test_isOriginPotentiallyTrustworthy() {
+  for (let [uriSpec, expectedResult] of [
+    ["http://example.com/", false],
+    ["https://example.com/", true],
+    ["http://localhost/", true],
+    ["http://localhost.localhost/", true],
+    ["http://127.0.0.1/", true],
+    ["file:///", true],
+    ["resource:///", true],
+    ["moz-extension://", true],
+    ["wss://example.com/", true],
+    ["about:config", false],
+    ["http://example.net/", true],
+    ["ws://example.org/", true],
+    ["chrome://example.net/content/messenger.xul", false],
+    ["http://1234567890abcdef.onion/", false],
+  ]) {
+    let uri = NetUtil.newURI(uriSpec);
+    let principal = Services.scriptSecurityManager.createContentPrincipal(
+      uri,
+      {}
+    );
+    Assert.equal(principal.isOriginPotentiallyTrustworthy, expectedResult);
+  }
+  // And now let's test whether .onion sites are properly treated when
+  // allowlisted, see bug 1382359.
+  Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", true);
+  let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
+    uri,
+    {}
+  );
+  Assert.equal(principal.isOriginPotentiallyTrustworthy, true);
+});
-- 
cgit v1.2.3