From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 dom/ipc/tests/browser_domainPolicy.js | 187 ++++++++++++++++++++++++++++++++++
 1 file changed, 187 insertions(+)
 create mode 100644 dom/ipc/tests/browser_domainPolicy.js

(limited to 'dom/ipc/tests/browser_domainPolicy.js')

diff --git a/dom/ipc/tests/browser_domainPolicy.js b/dom/ipc/tests/browser_domainPolicy.js
new file mode 100644
index 0000000000..988288f950
--- /dev/null
+++ b/dom/ipc/tests/browser_domainPolicy.js
@@ -0,0 +1,187 @@
+// This test waits for a lot of subframe loads, causing it to take a long time,
+// especially with Fission enabled.
+requestLongerTimeout(2);
+
+const BASE_FILE =
+  "http://mochi.test:8888/browser/dom/ipc/tests/file_domainPolicy_base.html";
+const SCRIPT_PATH = "/browser/dom/ipc/tests/file_disableScript.html";
+
+const TEST_POLICY = {
+  exceptions: ["http://test1.example.com", "http://example.com"],
+  superExceptions: ["http://test2.example.org", "https://test1.example.com"],
+  exempt: [
+    "http://test1.example.com",
+    "http://example.com",
+    "http://test2.example.org",
+    "http://sub1.test2.example.org",
+    "https://sub1.test1.example.com",
+  ],
+  notExempt: [
+    "http://test2.example.com",
+    "http://sub1.test1.example.com",
+    "http://www.example.com",
+    "https://test2.example.com",
+    "https://example.com",
+    "http://test1.example.org",
+  ],
+};
+
+// To make sure we never leave up an activated domain policy after a failed
+// test, let's make this global.
+var policy;
+
+function activateDomainPolicy(isBlock) {
+  policy = Services.scriptSecurityManager.activateDomainPolicy();
+
+  if (isBlock === undefined) {
+    return;
+  }
+
+  let set = isBlock ? policy.blocklist : policy.allowlist;
+  for (let e of TEST_POLICY.exceptions) {
+    set.add(makeURI(e));
+  }
+
+  let superSet = isBlock ? policy.superBlocklist : policy.superAllowlist;
+  for (let e of TEST_POLICY.superExceptions) {
+    superSet.add(makeURI(e));
+  }
+}
+
+function deactivateDomainPolicy() {
+  if (policy) {
+    policy.deactivate();
+    policy = null;
+  }
+}
+
+add_setup(async function () {
+  await SpecialPowers.pushPrefEnv({
+    set: [["browser.pagethumbnails.capturing_disabled", false]],
+  });
+
+  registerCleanupFunction(() => {
+    deactivateDomainPolicy();
+  });
+});
+
+add_task(async function test_domainPolicy() {
+  function test(testFunc, { activateFirst, isBlock }) {
+    if (activateFirst) {
+      activateDomainPolicy(isBlock);
+    }
+    return BrowserTestUtils.withNewTab(
+      {
+        gBrowser,
+        opening: BASE_FILE,
+        forceNewProcess: true,
+      },
+      async browser => {
+        if (!activateFirst) {
+          activateDomainPolicy(isBlock);
+        }
+        await testFunc(browser);
+        deactivateDomainPolicy();
+      }
+    );
+  }
+
+  async function testDomain(browser, domain, expectEnabled = false) {
+    function navigateFrame() {
+      let url = domain + SCRIPT_PATH;
+      return SpecialPowers.spawn(browser, [url], async src => {
+        let iframe = content.document.getElementById("root");
+        await new Promise(resolve => {
+          iframe.addEventListener("load", resolve, { once: true });
+          iframe.src = src;
+        });
+        return iframe.browsingContext;
+      });
+    }
+
+    function checkScriptEnabled(bc) {
+      return SpecialPowers.spawn(bc, [expectEnabled], enabled => {
+        content.wrappedJSObject.gFiredOnclick = false;
+        content.document.body.dispatchEvent(new content.Event("click"));
+        Assert.equal(
+          content.wrappedJSObject.gFiredOnclick,
+          enabled,
+          `Checking script-enabled for ${content.name} (${content.location})`
+        );
+      });
+    }
+
+    let browsingContext = await navigateFrame();
+    return checkScriptEnabled(browsingContext);
+  }
+
+  async function testList(browser, list, expectEnabled) {
+    // Run these sequentially to avoid navigating multiple domains at once.
+    for (let domain of list) {
+      await testDomain(browser, domain, expectEnabled);
+    }
+  }
+
+  info("1. Testing simple blocklist policy");
+
+  info("1A. Creating child process first, activating domainPolicy after");
+  await test(
+    async browser => {
+      policy.blocklist.add(Services.io.newURI("http://example.com"));
+      await testDomain(browser, "http://example.com");
+    },
+    { activateFirst: false }
+  );
+
+  info("1B. Activating domainPolicy first, creating child process after");
+  await test(
+    async browser => {
+      policy.blocklist.add(Services.io.newURI("http://example.com"));
+      await testDomain(browser, "http://example.com");
+    },
+    { activateFirst: true }
+  );
+
+  info("2. Testing Blocklist-style Domain Policy");
+
+  info("2A. Activating domainPolicy first, creating child process after");
+  await test(
+    async browser => {
+      await testList(browser, TEST_POLICY.notExempt, true);
+      await testList(browser, TEST_POLICY.exempt, false);
+    },
+    { activateFirst: true, isBlock: true }
+  );
+
+  info("2B. Creating child process first, activating domainPolicy after");
+  await test(
+    async browser => {
+      await testList(browser, TEST_POLICY.notExempt, true);
+      await testList(browser, TEST_POLICY.exempt, false);
+    },
+    { activateFirst: false, isBlock: true }
+  );
+
+  info("3. Testing Allowlist-style Domain Policy");
+  await SpecialPowers.pushPrefEnv({ set: [["javascript.enabled", false]] });
+
+  info("3A. Activating domainPolicy first, creating child process after");
+  await test(
+    async browser => {
+      await testList(browser, TEST_POLICY.notExempt, false);
+      await testList(browser, TEST_POLICY.exempt, true);
+    },
+    { activateFirst: true, isBlock: false }
+  );
+
+  info("3B. Creating child process first, activating domainPolicy after");
+  await test(
+    async browser => {
+      await testList(browser, TEST_POLICY.notExempt, false);
+      await testList(browser, TEST_POLICY.exempt, true);
+    },
+    { activateFirst: false, isBlock: false }
+  );
+
+  finish();
+});
-- 
cgit v1.2.3