From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- .../browser_mixedContentFromOnunload.js | 68 ++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 browser/base/content/test/siteIdentity/browser_mixedContentFromOnunload.js (limited to 'browser/base/content/test/siteIdentity/browser_mixedContentFromOnunload.js') diff --git a/browser/base/content/test/siteIdentity/browser_mixedContentFromOnunload.js b/browser/base/content/test/siteIdentity/browser_mixedContentFromOnunload.js new file mode 100644 index 0000000000..c9e11e54a7 --- /dev/null +++ b/browser/base/content/test/siteIdentity/browser_mixedContentFromOnunload.js @@ -0,0 +1,68 @@ +/* + * Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ + * + * Tests for Bug 947079 - Fix bug in nsSecureBrowserUIImpl that sets the wrong + * security state on a page because of a subresource load that is not on the + * same page. + */ + +// We use different domains for each test and for navigation within each test +const HTTP_TEST_ROOT_1 = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + "http://example.com" +); +const HTTPS_TEST_ROOT_1 = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://test1.example.com" +); +const HTTP_TEST_ROOT_2 = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + "http://example.net" +); +const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://test2.example.com" +); + +add_task(async function () { + let url = HTTP_TEST_ROOT_1 + "file_mixedContentFromOnunload.html"; + await BrowserTestUtils.withNewTab(url, async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [ + ["security.mixed_content.block_active_content", true], + ["security.mixed_content.block_display_content", false], + ["security.mixed_content.upgrade_display_content", false], + ], + }); + // Navigation from an http page to a https page with no mixed content + // The http page loads an http image on unload + url = HTTPS_TEST_ROOT_1 + "file_mixedContentFromOnunload_test1.html"; + BrowserTestUtils.loadURIString(browser, url); + await BrowserTestUtils.browserLoaded(browser); + // check security state. Since current url is https and doesn't have any + // mixed content resources, we expect it to be secure. + isSecurityState(browser, "secure"); + await assertMixedContentBlockingState(browser, { + activeLoaded: false, + activeBlocked: false, + passiveLoaded: false, + }); + // Navigation from an http page to a https page that has mixed display content + // The https page loads an http image on unload + url = HTTP_TEST_ROOT_2 + "file_mixedContentFromOnunload.html"; + BrowserTestUtils.loadURIString(browser, url); + await BrowserTestUtils.browserLoaded(browser); + url = HTTPS_TEST_ROOT_2 + "file_mixedContentFromOnunload_test2.html"; + BrowserTestUtils.loadURIString(browser, url); + await BrowserTestUtils.browserLoaded(browser); + isSecurityState(browser, "broken"); + await assertMixedContentBlockingState(browser, { + activeLoaded: false, + activeBlocked: false, + passiveLoaded: true, + }); + }); +}); -- cgit v1.2.3