summaryrefslogtreecommitdiffstats
path: root/browser/components/protocolhandler/test/test_registerHandler.html
diff options
context:
space:
mode:
Diffstat (limited to 'browser/components/protocolhandler/test/test_registerHandler.html')
-rw-r--r--browser/components/protocolhandler/test/test_registerHandler.html88
1 files changed, 88 insertions, 0 deletions
diff --git a/browser/components/protocolhandler/test/test_registerHandler.html b/browser/components/protocolhandler/test/test_registerHandler.html
new file mode 100644
index 0000000000..2eb4f7dbdc
--- /dev/null
+++ b/browser/components/protocolhandler/test/test_registerHandler.html
@@ -0,0 +1,88 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=402788
+-->
+<head>
+ <title>Test for Bug 402788</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=402788">Mozilla Bug 402788</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+/** Test for Bug 402788 */
+ SimpleTest.waitForExplicitFinish();
+
+ // return false if an exception has been catched, true otherwise
+ function testRegisterHandler(aIsProtocol, aTxt, aUri, aTitle) {
+ try {
+ navigator.registerProtocolHandler(aTxt, aUri, aTitle);
+ } catch (e) {
+ return false;
+ }
+
+ return true;
+ }
+
+ // helper function to build URLs since hostname differs
+ // based on whether the test is running in a cross-origin iframe
+ function buildUrl(protocol="http", addFormat=true) {
+ return `${protocol}://${window.location.hostname}:${window.location.port}${addFormat ? "/%s" : "/"}`;
+ }
+
+ async function tests() {
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["dom.registerProtocolHandler.insecure.enabled", true],
+ ],
+ });
+
+ // testing a generic case
+ is(testRegisterHandler(true, "web+foo", buildUrl(), "Foo handler"), true, "registering a web+foo protocol handler should work");
+
+ // testing with wrong uris
+ is(testRegisterHandler(true, "web+foo", buildUrl("http", false), "Foo handler"), false, "a protocol handler uri should contain %s");
+
+ // the spec explicitly allows relative urls to be passed
+ is(testRegisterHandler(true, "web+foo", "foo/%s", "Foo handler"), true, "a protocol handler uri should be valid");
+
+ // we should only accept to register when the handler has the same host as the current page (bug 402287)
+ is(testRegisterHandler(true, "fweb+oo", "http://remotehost:8888/%s", "Foo handler"), false, "registering a web+foo protocol handler with a different host should not work");
+
+ // restriction to http(s) for the uri of the handler (bug 401343)
+ // http is already tested in the generic case
+ // ftp should not work
+ is(testRegisterHandler(true, "web+foo", buildUrl("ftp"), "Foo handler"), false, "registering a web+foo protocol handler with ftp scheme should not work");
+ // chrome should not work
+ is(testRegisterHandler(true, "web+foo", buildUrl("chrome"), "Foo handler"), false, "registering a web+foo protocol handler with chrome scheme should not work");
+ // foo should not work
+ is(testRegisterHandler(true, "web+foo", buildUrl("foo"), "Foo handler"), false, "registering a web+foo protocol handler with foo scheme should not work");
+
+ // for security reasons, protocol handlers should never be registered for some schemes (chrome, vbscript, ...) (bug 402788)
+ is(testRegisterHandler(true, "chrome", buildUrl(), "chrome handler"), false, "registering a chrome protocol handler should not work");
+ is(testRegisterHandler(true, "vbscript", buildUrl(), "vbscript handler"), false, "registering a vbscript protocol handler should not work");
+ is(testRegisterHandler(true, "javascript", buildUrl(), "javascript handler"), false, "registering a javascript protocol handler should not work");
+ is(testRegisterHandler(true, "moz-icon", buildUrl(), "moz-icon handler"), false, "registering a moz-icon protocol handler should not work");
+
+ // registering anything not on the list of safe schemes and unprefixed by web+ shouldn't work
+ is(testRegisterHandler(true, "foo", buildUrl(), "chrome handler"), false, "registering a foo protocol handler should not work");
+ is(testRegisterHandler(true, "web+", buildUrl(), "chrome handler"), false, "registering a 'web+' protocol handler should not work");
+ is(testRegisterHandler(true, "web+1", buildUrl(), "chrome handler"), false, "registering a 'web+1' protocol handler should not work");
+
+
+ SimpleTest.finish();
+ }
+
+ tests();
+
+</script>
+</pre>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-12 03:20:23 +0000