1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
/**
* Tests the legacy validation made when storing nsILoginInfo or disabled hosts.
*
* These rules exist because of limitations of the "signons.txt" storage file,
* that is not used anymore. They are still enforced by the Login Manager
* service, despite these values can now be safely stored in the back-end.
*/
"use strict";
// Tests
/**
* Tests legacy validation with addLogin.
*/
add_task(async function test_addLogin_invalid_characters_legacy() {
// Test newlines and carriage returns in properties that contain URLs.
for (let testValue of [
"http://newline\n.example.com",
"http://carriagereturn.example.com\r",
]) {
let loginInfo = TestData.formLogin({ origin: testValue });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/login values can't contain newlines/
);
loginInfo = TestData.formLogin({ formActionOrigin: testValue });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/login values can't contain newlines/
);
loginInfo = TestData.authLogin({ httpRealm: testValue });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/login values can't contain newlines/
);
}
// Test newlines and carriage returns in form field names.
for (let testValue of ["newline_field\n", "carriagereturn\r_field"]) {
let loginInfo = TestData.formLogin({ usernameField: testValue });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/login values can't contain newlines/
);
loginInfo = TestData.formLogin({ passwordField: testValue });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/login values can't contain newlines/
);
}
// Test a single dot as the value of usernameField and formActionOrigin.
let loginInfo = TestData.formLogin({ usernameField: "." });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/login values can't be periods/
);
loginInfo = TestData.formLogin({ formActionOrigin: "." });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/login values can't be periods/
);
// Test the sequence " (" inside the value of the "origin" property.
loginInfo = TestData.formLogin({ origin: "http://parens (.example.com" });
await Assert.rejects(
Services.logins.addLoginAsync(loginInfo),
/bad parens in origin/
);
});
/**
* Tests legacy validation with setLoginSavingEnabled.
*/
add_task(function test_setLoginSavingEnabled_invalid_characters_legacy() {
for (let origin of [
"http://newline\n.example.com",
"http://carriagereturn.example.com\r",
".",
]) {
Assert.throws(
() => Services.logins.setLoginSavingEnabled(origin, false),
/Invalid origin/
);
}
});
|
