Adding upstream version 110.0.1.upstream/110.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 09:22:09 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 09:22:09 +0000
commit: 43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree: 620249daf56c0258faa40cbdcf9cfba06de2a846 /dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
parent: Initial commit. (diff)
download: firefox-upstream.tar.xz
firefox-upstream.zip
1 files changed, 51 insertions, 0 deletions
diff --git a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
new file mode 100644
index 0000000000..b218f1438f
--- /dev/null
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@@ -0,0 +1,51 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/*
+ * Tests the "Is origin potentially trustworthy?" logic from
+ * <https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy>.
+ */
+
+const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+
+Services.prefs.setCharPref(
+  "dom.securecontext.allowlist",
+  "example.net,example.org"
+);
+
+Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", false);
+
+add_task(async function test_isOriginPotentiallyTrustworthy() {
+  for (let [uriSpec, expectedResult] of [
+    ["http://example.com/", false],
+    ["https://example.com/", true],
+    ["http://localhost/", true],
+    ["http://localhost.localhost/", true],
+    ["http://127.0.0.1/", true],
+    ["file:///", true],
+    ["resource:///", true],
+    ["moz-extension://", true],
+    ["wss://example.com/", true],
+    ["about:config", false],
+    ["http://example.net/", true],
+    ["ws://example.org/", true],
+    ["chrome://example.net/content/messenger.xul", false],
+    ["http://1234567890abcdef.onion/", false],
+  ]) {
+    let uri = NetUtil.newURI(uriSpec);
+    let principal = Services.scriptSecurityManager.createContentPrincipal(
+      uri,
+      {}
+    );
+    Assert.equal(principal.isOriginPotentiallyTrustworthy, expectedResult);
+  }
+  // And now let's test whether .onion sites are properly treated when
+  // allowlisted, see bug 1382359.
+  Services.prefs.setBoolPref("dom.securecontext.allowlist_onions", true);
+  let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
+    uri,
+    {}
+  );
+  Assert.equal(principal.isOriginPotentiallyTrustworthy, true);
+});
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 09:22:09 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 09:22:09 +0000
commit	43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree	620249daf56c0258faa40cbdcf9cfba06de2a846 /dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
parent	Initial commit. (diff)
download	firefox-upstream.tar.xz firefox-upstream.zip