From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../test/siteIdentity/browser_iframe_navigation.js | 108 +++++++++++++++++++++
 1 file changed, 108 insertions(+)
 create mode 100644 browser/base/content/test/siteIdentity/browser_iframe_navigation.js

(limited to 'browser/base/content/test/siteIdentity/browser_iframe_navigation.js')

diff --git a/browser/base/content/test/siteIdentity/browser_iframe_navigation.js b/browser/base/content/test/siteIdentity/browser_iframe_navigation.js
new file mode 100644
index 0000000000..ac2884d31a
--- /dev/null
+++ b/browser/base/content/test/siteIdentity/browser_iframe_navigation.js
@@ -0,0 +1,108 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Tests that the site identity icon and related machinery reflects the correct
+// security state after navigating an iframe in various contexts.
+// See bug 1490982.
+
+const ROOT_URI = getRootDirectory(gTestPath).replace(
+  "chrome://mochitests/content",
+  "https://example.com"
+);
+const SECURE_TEST_URI = ROOT_URI + "iframe_navigation.html";
+// eslint-disable-next-line @microsoft/sdl/no-insecure-url
+const INSECURE_TEST_URI = SECURE_TEST_URI.replace("https://", "http://");
+
+// From a secure URI, navigate the iframe to about:blank (should still be
+// secure).
+add_task(async function () {
+  let uri = SECURE_TEST_URI + "#blank";
+  await BrowserTestUtils.withNewTab(uri, async browser => {
+    let identityMode = window.document.getElementById("identity-box").className;
+    is(identityMode, "verifiedDomain", "identity should be secure before");
+
+    await SpecialPowers.spawn(browser, [], async () => {
+      content.postMessage("", "*"); // This kicks off the navigation.
+      await ContentTaskUtils.waitForCondition(() => {
+        return !content.document.body.classList.contains("running");
+      });
+    });
+
+    let newIdentityMode =
+      window.document.getElementById("identity-box").className;
+    is(newIdentityMode, "verifiedDomain", "identity should be secure after");
+  });
+});
+
+// From a secure URI, navigate the iframe to an insecure URI (http://...)
+// (mixed active content should be blocked, should still be secure).
+add_task(async function () {
+  let uri = SECURE_TEST_URI + "#insecure";
+  await BrowserTestUtils.withNewTab(uri, async browser => {
+    let identityMode = window.document.getElementById("identity-box").className;
+    is(identityMode, "verifiedDomain", "identity should be secure before");
+
+    await SpecialPowers.spawn(browser, [], async () => {
+      content.postMessage("", "*"); // This kicks off the navigation.
+      await ContentTaskUtils.waitForCondition(() => {
+        return !content.document.body.classList.contains("running");
+      });
+    });
+
+    let newIdentityMode =
+      window.document.getElementById("identity-box").classList;
+    ok(
+      newIdentityMode.contains("mixedActiveBlocked"),
+      "identity should be blocked mixed active content after"
+    );
+    ok(
+      newIdentityMode.contains("verifiedDomain"),
+      "identity should still contain 'verifiedDomain'"
+    );
+    is(newIdentityMode.length, 2, "shouldn't have any other identity states");
+  });
+});
+
+// From an insecure URI (http://..), navigate the iframe to about:blank (should
+// still be insecure).
+add_task(async function () {
+  let uri = INSECURE_TEST_URI + "#blank";
+  await BrowserTestUtils.withNewTab(uri, async browser => {
+    let identityMode = window.document.getElementById("identity-box").className;
+    is(identityMode, "notSecure", "identity should be 'not secure' before");
+
+    await SpecialPowers.spawn(browser, [], async () => {
+      content.postMessage("", "*"); // This kicks off the navigation.
+      await ContentTaskUtils.waitForCondition(() => {
+        return !content.document.body.classList.contains("running");
+      });
+    });
+
+    let newIdentityMode =
+      window.document.getElementById("identity-box").className;
+    is(newIdentityMode, "notSecure", "identity should be 'not secure' after");
+  });
+});
+
+// From an insecure URI (http://..), navigate the iframe to a secure URI
+// (https://...) (should still be insecure).
+add_task(async function () {
+  let uri = INSECURE_TEST_URI + "#secure";
+  await BrowserTestUtils.withNewTab(uri, async browser => {
+    let identityMode = window.document.getElementById("identity-box").className;
+    is(identityMode, "notSecure", "identity should be 'not secure' before");
+
+    await SpecialPowers.spawn(browser, [], async () => {
+      content.postMessage("", "*"); // This kicks off the navigation.
+      await ContentTaskUtils.waitForCondition(() => {
+        return !content.document.body.classList.contains("running");
+      });
+    });
+
+    let newIdentityMode =
+      window.document.getElementById("identity-box").className;
+    is(newIdentityMode, "notSecure", "identity should be 'not secure' after");
+  });
+});
-- 
cgit v1.2.3