1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
"use strict";
const FILE_DUMMY_URL = Services.io.newFileURI(
do_get_file("data/dummy_page.html")
).spec;
// ExtensionContent.jsm needs to know when it's running from xpcshell,
// to use the right timeout for content scripts executed at document_idle.
ExtensionTestUtils.mockAppInfo();
// XHR/fetch from content script to the page itself is allowed.
add_task(async function content_script_xhr_to_self() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
content_scripts: [
{
matches: ["file:///*"],
js: ["content_script.js"],
},
],
},
files: {
"content_script.js": async () => {
let response = await fetch(document.URL);
browser.test.assertEq(200, response.status, "expected load");
let responseText = await response.text();
browser.test.assertTrue(
responseText.includes("<p>Page</p>"),
`expected file content in response of ${response.url}`
);
// Now with content.fetch:
response = await content.fetch(document.URL);
browser.test.assertEq(200, response.status, "expected load (content)");
browser.test.sendMessage("done");
},
},
});
await extension.startup();
let contentPage = await ExtensionTestUtils.loadContentPage(FILE_DUMMY_URL);
await extension.awaitMessage("done");
await contentPage.close();
await extension.unload();
});
// XHR/fetch for other file is not allowed, even with file://-permissions.
add_task(async function content_script_xhr_to_other_file_not_allowed() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
permissions: ["file:///*"],
content_scripts: [
{
matches: ["file:///*"],
js: ["content_script.js"],
},
],
},
files: {
"content_script.js": async () => {
let otherFileUrl = document.URL.replace(
"dummy_page.html",
"file_sample.html"
);
let x = new XMLHttpRequest();
x.open("GET", otherFileUrl);
await new Promise(resolve => {
x.onloadend = resolve;
x.send();
});
browser.test.assertEq(0, x.status, "expected error");
browser.test.assertEq("", x.responseText, "request should fail");
// Now with content.XMLHttpRequest.
x = new content.XMLHttpRequest();
x.open("GET", otherFileUrl);
x.onloadend = () => {
browser.test.assertEq(0, x.status, "expected error (content)");
browser.test.sendMessage("done");
};
x.send();
},
},
});
await extension.startup();
let contentPage = await ExtensionTestUtils.loadContentPage(FILE_DUMMY_URL);
await extension.awaitMessage("done");
await contentPage.close();
await extension.unload();
});
// "file://" permission does not grant access to files in the extension page.
add_task(async function file_access_from_extension_page_not_allowed() {
let extension = ExtensionTestUtils.loadExtension({
manifest: {
permissions: ["file:///*"],
description: FILE_DUMMY_URL,
},
async background() {
const FILE_DUMMY_URL = browser.runtime.getManifest().description;
await browser.test.assertRejects(
fetch(FILE_DUMMY_URL),
/NetworkError when attempting to fetch resource/,
"block request to file from background page despite file permission"
);
// Regression test for bug 1420296 .
await browser.test.assertRejects(
fetch(FILE_DUMMY_URL, { mode: "same-origin" }),
/NetworkError when attempting to fetch resource/,
"block request to file from background page despite 'same-origin' mode"
);
browser.test.sendMessage("done");
},
});
await extension.startup();
await extension.awaitMessage("done");
await extension.unload();
});
// webRequest listeners should see subresource requests from file:-principals.
add_task(async function webRequest_script_request_from_file_principals() {
// Extension without file:-permission should not see the request.
let extensionWithoutFilePermission = ExtensionTestUtils.loadExtension({
manifest: {
permissions: ["http://example.net/", "webRequest"],
},
background() {
browser.webRequest.onBeforeRequest.addListener(
details => {
browser.test.fail(`Unexpected request from ${details.originUrl}`);
},
{ urls: ["http://example.net/intercept_by_webRequest.js"] }
);
},
});
// Extension with <all_urls> (which matches the resource URL at example.net
// and the origin at file://*/*) can see the request.
let extension = ExtensionTestUtils.loadExtension({
manifest: {
permissions: ["<all_urls>", "webRequest", "webRequestBlocking"],
web_accessible_resources: ["testDONE.html"],
},
background() {
browser.webRequest.onBeforeRequest.addListener(
({ originUrl }) => {
browser.test.assertTrue(
/^file:.*file_do_load_script_subresource.html/.test(originUrl),
`expected script to be loaded from a local file (${originUrl})`
);
let redirectUrl = browser.runtime.getURL("testDONE.html");
return {
redirectUrl: `data:text/javascript,location.href='${redirectUrl}';`,
};
},
{ urls: ["http://example.net/intercept_by_webRequest.js"] },
["blocking"]
);
},
files: {
"testDONE.html": `<!DOCTYPE html><script src="testDONE.js"></script>`,
"testDONE.js"() {
browser.test.sendMessage("webRequest_redirect_completed");
},
},
});
await extensionWithoutFilePermission.startup();
await extension.startup();
let contentPage = await ExtensionTestUtils.loadContentPage(
Services.io.newFileURI(
do_get_file("data/file_do_load_script_subresource.html")
).spec
);
await extension.awaitMessage("webRequest_redirect_completed");
await contentPage.close();
await extension.unload();
await extensionWithoutFilePermission.unload();
});
|