blob: d0b92084ec4c3c8ab7592e8adf97da46a927a155 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const TEST_PATH = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
);
/**
* Test that javascript URIs in CSP-sandboxed contexts can't be used to bypass
* script restrictions.
*/
add_task(async function test_csp_sandbox_no_script_js_uri() {
await BrowserTestUtils.withNewTab(
TEST_PATH + "dummy_page.html",
async browser => {
info("Register observer and wait for javascript-uri-blocked message.");
let observerPromise = SpecialPowers.spawn(browser, [], () => {
return new Promise(resolve => {
SpecialPowers.addObserver(function obs(subject) {
ok(
subject == content,
"Should block script spawned via javascript uri"
);
SpecialPowers.removeObserver(
obs,
"javascript-uri-blocked-by-sandbox"
);
resolve();
}, "javascript-uri-blocked-by-sandbox");
});
});
info("Spawn csp-sandboxed iframe with javascript URI");
let frameBC = await SpecialPowers.spawn(
browser,
[TEST_PATH + "file_csp_sandbox_no_script_js_uri.html"],
async url => {
let frame = content.document.createElement("iframe");
let loadPromise = ContentTaskUtils.waitForEvent(frame, "load", true);
frame.src = url;
content.document.body.appendChild(frame);
await loadPromise;
return frame.browsingContext;
}
);
info("Click javascript URI link in iframe");
BrowserTestUtils.synthesizeMouseAtCenter("a", {}, frameBC);
await observerPromise;
}
);
});
|