summaryrefslogtreecommitdiffstats
path: root/docshell/test/mochitest/file_bug475636.sjs
blob: ee2207b0e535ee95d43bf06056437b4685a8c86f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
let jsURL =
  "javascript:" +
  escape(
    'window.parent.postMessage("JS uri ran", "*");\
return \'\
<script>\
window.parent.postMessage("Able to access private: " +\
  window.parent.private, "*");\
</script>\''
  );
let dataURL =
  "data:text/html," +
  escape(
    '<!DOCTYPE HTML>\
<script>\
try {\
  window.parent.postMessage("Able to access private: " +\
    window.parent.private, "*");\
}\
catch (e) {\
  window.parent.postMessage("pass", "*");\
}\
</script>'
  );

let tests = [
  // Plain document should work as normal
  '<!DOCTYPE HTML>\
<script>\
try {\
  window.parent.private;\
  window.parent.postMessage("pass", "*");\
}\
catch (e) {\
  window.parent.postMessage("Unble to access private", "*");\
}\
</script>',

  // refresh to plain doc
  { refresh: "file_bug475636.sjs?1", doc: "<!DOCTYPE HTML>" },

  // meta-refresh to plain doc
  '<!DOCTYPE HTML>\
<head>\
  <meta http-equiv="refresh" content="0; url=file_bug475636.sjs?1">\
</head>',

  // refresh to data url
  { refresh: dataURL, doc: "<!DOCTYPE HTML>" },

  // meta-refresh to data url
  '<!DOCTYPE HTML>\
<head>\
  <meta http-equiv="refresh" content="0; url=' +
    dataURL +
    '">\
</head>',

  // refresh to js url should not be followed
  {
    refresh: jsURL,
    doc:
      '<!DOCTYPE HTML>\
<script>\
setTimeout(function() {\
  window.parent.postMessage("pass", "*");\
}, 2000);\
</script>',
  },

  // meta refresh to js url should not be followed
  '<!DOCTYPE HTML>\
<head>\
  <meta http-equiv="refresh" content="0; url=' +
    jsURL +
    '">\
</head>\
<script>\
setTimeout(function() {\
  window.parent.postMessage("pass", "*");\
}, 2000);\
</script>',
];

function handleRequest(request, response) {
  dump("@@@@@@@@@hi there: " + request.queryString + "\n");
  let test = tests[parseInt(request.queryString, 10) - 1];
  response.setHeader("Content-Type", "text/html");

  if (!test) {
    response.write('<script>parent.postMessage("done", "*");</script>');
  } else if (typeof test == "string") {
    response.write(test);
  } else if (test.refresh) {
    response.setHeader("Refresh", "0; url=" + test.refresh);
    response.write(test.doc);
  }
}