summaryrefslogtreecommitdiffstats
path: root/docshell/test/browser/browser_data_load_inherit_csp.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /docshell/test/browser/browser_data_load_inherit_csp.js
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docshell/test/browser/browser_data_load_inherit_csp.js')
-rw-r--r--docshell/test/browser/browser_data_load_inherit_csp.js110
1 files changed, 110 insertions, 0 deletions
diff --git a/docshell/test/browser/browser_data_load_inherit_csp.js b/docshell/test/browser/browser_data_load_inherit_csp.js
new file mode 100644
index 0000000000..8ad05ef7e3
--- /dev/null
+++ b/docshell/test/browser/browser_data_load_inherit_csp.js
@@ -0,0 +1,110 @@
+"use strict";
+
+const TEST_PATH = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ // eslint-disable-next-line @microsoft/sdl/no-insecure-url
+ "http://example.com"
+);
+const HTML_URI = TEST_PATH + "file_data_load_inherit_csp.html";
+const DATA_URI = "data:text/html;html,<html><body>foo</body></html>";
+
+function setDataHrefOnLink(aBrowser, aDataURI) {
+ return SpecialPowers.spawn(aBrowser, [aDataURI], function(uri) {
+ let link = content.document.getElementById("testlink");
+ link.href = uri;
+ });
+}
+
+function verifyCSP(aTestName, aBrowser, aDataURI) {
+ return SpecialPowers.spawn(
+ aBrowser,
+ [{ aTestName, aDataURI }],
+ async function({ aTestName, aDataURI }) {
+ let channel = content.docShell.currentDocumentChannel;
+ is(channel.URI.spec, aDataURI, "testing CSP for " + aTestName);
+ let cspJSON = content.document.cspJSON;
+ let cspOBJ = JSON.parse(cspJSON);
+ let policies = cspOBJ["csp-policies"];
+ is(policies.length, 1, "should be one policy");
+ let policy = policies[0];
+ is(
+ policy["script-src"],
+ "'unsafe-inline'",
+ "script-src directive matches"
+ );
+ }
+ );
+}
+
+add_setup(async function() {
+ // allow top level data: URI navigations, otherwise clicking data: link fails
+ await SpecialPowers.pushPrefEnv({
+ set: [["security.data_uri.block_toplevel_data_uri_navigations", false]],
+ });
+});
+
+add_task(async function test_data_csp_inheritance_regular_click() {
+ await BrowserTestUtils.withNewTab(HTML_URI, async function(browser) {
+ let loadPromise = BrowserTestUtils.browserLoaded(browser, false, DATA_URI);
+ // set the data href + simulate click
+ await setDataHrefOnLink(gBrowser.selectedBrowser, DATA_URI);
+ BrowserTestUtils.synthesizeMouseAtCenter(
+ "#testlink",
+ {},
+ gBrowser.selectedBrowser
+ );
+ await loadPromise;
+ await verifyCSP("click()", gBrowser.selectedBrowser, DATA_URI);
+ });
+});
+
+add_task(async function test_data_csp_inheritance_ctrl_click() {
+ await BrowserTestUtils.withNewTab(HTML_URI, async function(browser) {
+ let loadPromise = BrowserTestUtils.waitForNewTab(gBrowser, DATA_URI, true);
+ // set the data href + simulate ctrl+click
+ await setDataHrefOnLink(gBrowser.selectedBrowser, DATA_URI);
+ BrowserTestUtils.synthesizeMouseAtCenter(
+ "#testlink",
+ { ctrlKey: true, metaKey: true },
+ gBrowser.selectedBrowser
+ );
+ let tab = await loadPromise;
+ gBrowser.selectTabAtIndex(2);
+ await verifyCSP("ctrl-click()", gBrowser.selectedBrowser, DATA_URI);
+ await BrowserTestUtils.removeTab(tab);
+ });
+});
+
+add_task(
+ async function test_data_csp_inheritance_right_click_open_link_in_new_tab() {
+ await BrowserTestUtils.withNewTab(HTML_URI, async function(browser) {
+ let loadPromise = BrowserTestUtils.waitForNewTab(
+ gBrowser,
+ DATA_URI,
+ true
+ );
+ // set the data href + simulate right-click open link in tab
+ await setDataHrefOnLink(gBrowser.selectedBrowser, DATA_URI);
+ BrowserTestUtils.waitForEvent(document, "popupshown", false, event => {
+ // These are operations that must be executed synchronously with the event.
+ document.getElementById("context-openlinkintab").doCommand();
+ event.target.hidePopup();
+ return true;
+ });
+ BrowserTestUtils.synthesizeMouseAtCenter(
+ "#testlink",
+ { type: "contextmenu", button: 2 },
+ gBrowser.selectedBrowser
+ );
+
+ let tab = await loadPromise;
+ gBrowser.selectTabAtIndex(2);
+ await verifyCSP(
+ "right-click-open-in-new-tab()",
+ gBrowser.selectedBrowser,
+ DATA_URI
+ );
+ await BrowserTestUtils.removeTab(tab);
+ });
+ }
+);