1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=402788
-->
<head>
<title>Test for Bug 402788</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=402788">Mozilla Bug 402788</a>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Bug 402788 */
SimpleTest.waitForExplicitFinish();
// return false if an exception has been catched, true otherwise
function testRegisterHandler(aIsProtocol, aTxt, aUri, aTitle) {
try {
navigator.registerProtocolHandler(aTxt, aUri, aTitle);
} catch (e) {
return false;
}
return true;
}
// helper function to build URLs since hostname differs
// based on whether the test is running in a cross-origin iframe
function buildUrl(protocol="http", addFormat=true) {
return `${protocol}://${window.location.hostname}:${window.location.port}${addFormat ? "/%s" : "/"}`;
}
async function tests() {
await SpecialPowers.pushPrefEnv({
set: [
["dom.registerProtocolHandler.insecure.enabled", true],
],
});
// testing a generic case
is(testRegisterHandler(true, "web+foo", buildUrl(), "Foo handler"), true, "registering a web+foo protocol handler should work");
// testing with wrong uris
is(testRegisterHandler(true, "web+foo", buildUrl("http", false), "Foo handler"), false, "a protocol handler uri should contain %s");
// the spec explicitly allows relative urls to be passed
is(testRegisterHandler(true, "web+foo", "foo/%s", "Foo handler"), true, "a protocol handler uri should be valid");
// we should only accept to register when the handler has the same host as the current page (bug 402287)
is(testRegisterHandler(true, "fweb+oo", "http://remotehost:8888/%s", "Foo handler"), false, "registering a web+foo protocol handler with a different host should not work");
// restriction to http(s) for the uri of the handler (bug 401343)
// http is already tested in the generic case
// ftp should not work
is(testRegisterHandler(true, "web+foo", buildUrl("ftp"), "Foo handler"), false, "registering a web+foo protocol handler with ftp scheme should not work");
// chrome should not work
is(testRegisterHandler(true, "web+foo", buildUrl("chrome"), "Foo handler"), false, "registering a web+foo protocol handler with chrome scheme should not work");
// foo should not work
is(testRegisterHandler(true, "web+foo", buildUrl("foo"), "Foo handler"), false, "registering a web+foo protocol handler with foo scheme should not work");
// for security reasons, protocol handlers should never be registered for some schemes (chrome, vbscript, ...) (bug 402788)
is(testRegisterHandler(true, "chrome", buildUrl(), "chrome handler"), false, "registering a chrome protocol handler should not work");
is(testRegisterHandler(true, "vbscript", buildUrl(), "vbscript handler"), false, "registering a vbscript protocol handler should not work");
is(testRegisterHandler(true, "javascript", buildUrl(), "javascript handler"), false, "registering a javascript protocol handler should not work");
is(testRegisterHandler(true, "moz-icon", buildUrl(), "moz-icon handler"), false, "registering a moz-icon protocol handler should not work");
// registering anything not on the list of safe schemes and unprefixed by web+ shouldn't work
is(testRegisterHandler(true, "foo", buildUrl(), "chrome handler"), false, "registering a foo protocol handler should not work");
is(testRegisterHandler(true, "web+", buildUrl(), "chrome handler"), false, "registering a 'web+' protocol handler should not work");
is(testRegisterHandler(true, "web+1", buildUrl(), "chrome handler"), false, "registering a 'web+1' protocol handler should not work");
SimpleTest.finish();
}
tests();
</script>
</pre>
</body>
</html>
|
