diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /comm/mail/test/browser/content-policy/browser_jsContentPolicy.js | |
parent | Initial commit. (diff) | |
download | thunderbird-upstream.tar.xz thunderbird-upstream.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | comm/mail/test/browser/content-policy/browser_jsContentPolicy.js | 285 |
1 files changed, 285 insertions, 0 deletions
diff --git a/comm/mail/test/browser/content-policy/browser_jsContentPolicy.js b/comm/mail/test/browser/content-policy/browser_jsContentPolicy.js new file mode 100644 index 0000000000..d5f749c1f6 --- /dev/null +++ b/comm/mail/test/browser/content-policy/browser_jsContentPolicy.js @@ -0,0 +1,285 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Tests whether JavaScript in a local/remote message works. The test + * mailnews/extensions/newsblog/test/browser/browser_feedDisplay.js does the + * same thing for feeds. + * + * @note This assumes an existing local account. + */ + +"use strict"; + +var { + assert_nothing_selected, + assert_selected_and_displayed, + be_in_folder, + create_folder, + get_about_message, + select_click_row, + select_none, +} = ChromeUtils.import( + "resource://testing-common/mozmill/FolderDisplayHelpers.jsm" +); + +var { + close_compose_window, + open_compose_with_forward, + open_compose_with_reply, +} = ChromeUtils.import("resource://testing-common/mozmill/ComposeHelpers.jsm"); + +var { MailE10SUtils } = ChromeUtils.import( + "resource:///modules/MailE10SUtils.jsm" +); + +let aboutMessage = get_about_message(); + +var folder; +registerCleanupFunction(async () => { + let promptPromise = BrowserTestUtils.promiseAlertDialog("accept"); + folder.deleteSelf(window.msgWindow); + await promptPromise; + + Services.focus.focusedWindow = window; +}); + +var url = + "http://mochi.test:8888/browser/comm/mail/test/browser/content-policy/html/"; + +function addToFolder(aSubject, aBody, aFolder) { + let msgId = Services.uuid.generateUUID() + "@mozillamessaging.invalid"; + + let source = + "From - Sat Nov 1 12:39:54 2008\n" + + "X-Mozilla-Status: 0001\n" + + "X-Mozilla-Status2: 00000000\n" + + "Message-ID: <" + + msgId + + ">\n" + + "Date: Wed, 11 Jun 2008 20:32:02 -0400\n" + + "From: Tester <tests@mozillamessaging.invalid>\n" + + "User-Agent: Thunderbird 3.0a2pre (Macintosh/2008052122)\n" + + "MIME-Version: 1.0\n" + + "To: recipient@mozillamessaging.invalid\n" + + "Subject: " + + aSubject + + "\n" + + "Content-Type: text/html; charset=ISO-8859-1\n" + + "Content-Transfer-Encoding: 7bit\n" + + "Content-Base: " + + url + + "remote-noscript.html\n" + + "\n" + + aBody + + "\n"; + + aFolder.QueryInterface(Ci.nsIMsgLocalMailFolder); + aFolder.gettingNewMessages = true; + + aFolder.addMessage(source); + aFolder.gettingNewMessages = false; + + return aFolder.msgDatabase.getMsgHdrForMessageID(msgId); +} + +/* + * Runs in the browser process via SpecialPowers.spawn to check JavaScript + * is disabled. + */ +function assertJSDisabled() { + Assert.ok(content.location.href); + Assert.ok( + !content.wrappedJSObject.jsIsTurnedOn, + "JS should not be turned on in content." + ); + + let noscript = content.document.querySelector("noscript"); + let display = content.getComputedStyle(noscript).display; + Assert.equal(display, "inline", "noscript display should be 'inline'"); +} + +/* + * Runs in the browser process via SpecialPowers.spawn to check JavaScript + * is enabled. + */ +function assertJSEnabled() { + Assert.ok(content.location.href); + Assert.ok( + content.wrappedJSObject.jsIsTurnedOn, + "JS should be turned on in content." + ); + + let noscript = content.document.querySelector("noscript"); + let display = content.getComputedStyle(noscript).display; + Assert.equal(display, "none", "noscript display should be 'none'"); +} + +var jsMsgBody = + '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\n' + + "<html>\n" + + "<head>\n" + + "\n" + + '<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">\n' + + "</head>\n" + + '<body bgcolor="#ffffff" text="#000000">\n' + + "this is a test<big><big><big> stuff\n" + + "<br><br>\n" + + "</big></big></big>\n" + + "<noscript>\n" + + "hello, this content is noscript!\n" + + "</noscript>\n" + + "<script>\n" + + "var jsIsTurnedOn = true;\n" + + "</script>\n" + + "\n" + + "</body>\n" + + "</html>\n"; + +var gMsgNo = 0; + +var messagePane = aboutMessage.document.getElementById("messagepane"); + +add_setup(async function () { + folder = await create_folder("jsContentPolicy"); +}); + +/** + * Check JavaScript is disabled when loading messages in the message pane. + */ +add_task(async function testJsInMail() { + await be_in_folder(folder); + + let msgDbHdr = addToFolder("JS test message " + gMsgNo, jsMsgBody, folder); + + // select the newly created message + let msgHdr = select_click_row(gMsgNo); + + Assert.equal( + msgDbHdr, + msgHdr, + "selected message header should be the same as generated header" + ); + + assert_selected_and_displayed(gMsgNo); + + await SpecialPowers.spawn(messagePane, [], assertJSDisabled); + + ++gMsgNo; + select_none(); +}); + +/** + * Check JavaScript is enabled when loading local content in the message pane. + */ +add_task(async function testJsInNonMessageContent() { + let loadedPromise = BrowserTestUtils.browserLoaded(messagePane); + MailE10SUtils.loadURI( + messagePane, + "data:text/html;charset=utf-8,<script>var jsIsTurnedOn%3Dtrue%3B<%2Fscript>bar" + + "<noscript><p id='noscript-p'>hey this is noscript</p><%2Fnoscript>" + ); + await loadedPromise; + + await SpecialPowers.spawn(messagePane, [], assertJSEnabled); + + MailE10SUtils.loadURI(messagePane, "about:blank"); +}); + +/** + * Check JavaScript is enabled when loading remote content in the message pane. + */ +add_task(async function testJsInRemoteContent() { + // load something non-message-like in the message pane + let loadedPromise = BrowserTestUtils.browserLoaded(messagePane); + MailE10SUtils.loadURI(messagePane, url + "remote-noscript.html"); + await loadedPromise; + + await SpecialPowers.spawn(messagePane, [], assertJSEnabled); + + MailE10SUtils.loadURI(messagePane, "about:blank"); +}); + +/** + * Check JavaScript is disabled when loading messages in the message pane, + * after remote content has been displayed there. + */ +add_task(async function testJsInMailAgain() { + await be_in_folder(folder); + + let msgDbHdr = addToFolder("JS test message " + gMsgNo, jsMsgBody, folder); + + // select the newly created message + let msgHdr = select_click_row(gMsgNo); + + Assert.equal( + msgDbHdr, + msgHdr, + "selected message header should be the same as generated header" + ); + + assert_selected_and_displayed(gMsgNo); + + await SpecialPowers.spawn(messagePane, [], assertJSDisabled); + + ++gMsgNo; + select_none(); +}); + +/* + * Runs in the browser process via SpecialPowers.spawn to check JavaScript + * is disabled. + */ +function assertJSDisabledInEditor() { + Assert.ok(content.location.href); + Assert.ok( + !content.wrappedJSObject.jsIsTurnedOn, + "JS should not be turned on in editor." + ); + + // <noscript> is not shown in the editor, independent of whether scripts + // are on or off. So we can't check that like in assertJSDisabledIn. +} + +/** + * Check JavaScript is disabled in the editor. + */ +add_task(async function testJsInMailReply() { + await be_in_folder(folder); + + var body = jsMsgBody.replace( + "</body>", + "<img src=x onerror=alert(1)></body>" + ); + + let msgDbHdr = addToFolder("js msg reply " + gMsgNo, body, folder); + + // select the newly created message + let msgHdr = select_click_row(gMsgNo); + + Assert.equal( + msgDbHdr, + msgHdr, + "selected message header should be the same as generated header" + ); + + assert_selected_and_displayed(gMsgNo); + + await SpecialPowers.spawn(messagePane, [], assertJSDisabledInEditor); + + let replyWin = open_compose_with_reply(); + // If JavaScript is on, loading the window will actually show an alert(1) + // so execution doesn't go further from here. + let editor = replyWin.window.document.getElementById("messageEditor"); + await SpecialPowers.spawn(editor, [], assertJSDisabledInEditor); + close_compose_window(replyWin); + + let fwdWin = open_compose_with_forward(); + editor = fwdWin.window.document.getElementById("messageEditor"); + await SpecialPowers.spawn(editor, [], assertJSDisabledInEditor); + close_compose_window(fwdWin); + + ++gMsgNo; + select_none(); +}); |