1 files changed, 113 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_child-src_iframe.html b/dom/security/test/csp/test_child-src_iframe.html
new file mode 100644
index 0000000000..2b85e280bd
--- /dev/null
+++ b/dom/security/test/csp/test_child-src_iframe.html
@@ -0,0 +1,113 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1045891</title>
+  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+  <p id="display"></p>
+  <div id="content" style="visibility: hidden">
+  </div>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ *   We load a page with a given CSP and verify that child frames and workers are correctly
+ *   evaluated through the "child-src" directive.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+var IFRAME_SRC="file_child-src_iframe.html"
+
+var tests = {
+  'same-src': {
+    id: "same-src",
+    file: IFRAME_SRC,
+    result : "allowed",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888"
+  },
+  'star-src': {
+    id: "star-src",
+    file: IFRAME_SRC,
+    result : "allowed",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *"
+  },
+  'other-src': {
+    id: "other-src",
+    file: IFRAME_SRC,
+    result : "blocked",
+    policy : "default-src http://mochi.test:8888; script-src 'unsafe-inline'; child-src http://www.example.com"
+  },
+  'same-src-by-frame-src': {
+    id: "same-src-by-frame-src",
+    file: IFRAME_SRC,
+    result : "allowed",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'none'; frame-src http://mochi.test:8888"
+  },
+  'star-src-by-frame-src': {
+    id: "star-src-by-frame-src",
+    file: IFRAME_SRC,
+    result : "allowed",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'none'; frame-src *"
+  },
+  'other-src-by-frame-src': {
+    id: "other-src-by-frame-src",
+    file: IFRAME_SRC,
+    result : "blocked",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888; frame-src http://www.example.com"
+  },
+  'none-src-by-frame-src': {
+    id: "none-src-by-frame-src",
+    file: IFRAME_SRC,
+    result : "blocked",
+    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888; frame-src 'none'"
+  }
+};
+
+finished = {};
+
+function checkFinished() {
+  if (Object.keys(finished).length == Object.keys(tests).length) {
+    window.removeEventListener('message', recvMessage);
+    SimpleTest.finish();
+  }
+}
+
+function recvMessage(ev) {
+  is(ev.data.message, tests[ev.data.id].result, "CSP child-src test " + ev.data.id);
+  finished[ev.data.id] = ev.data.message;
+
+  checkFinished();
+}
+
+window.addEventListener('message', recvMessage);
+
+function loadNextTest() {
+  for (item in tests) {
+    test = tests[item];
+    var src = "file_testserver.sjs";
+    // append the file that should be served
+    src += "?file=" + escape("tests/dom/security/test/csp/" + test.file);
+    // append the CSP that should be used to serve the file
+    src += "&csp=" + escape(test.policy);
+    // add our identifier
+    src += "#" + escape(test.id);
+
+    content = document.getElementById('content');
+    testframe = document.createElement("iframe");
+    testframe.setAttribute('id', test.id);
+    content.appendChild(testframe);
+    testframe.src = src;
+  }
+}
+
+// start running the tests
+loadNextTest();
+
+</script>
+</body>
+</html>