search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
history | raw | HEAD
Bug 1725766 - Disallow view-source URI to open external apps, r=necko-reviewers,draga...
[gecko.git] / netwerk / test / unit / test_bug1725766.js
blob45364d7685892c057bc71db2ecb4008138c1ef39
1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
2 /* vim:set ts=2 sw=2 sts=2 et: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 "use strict";
8
9 const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
10 let hserv = Cc["@mozilla.org/uriloader/handler-service;1"].getService(
11   Ci.nsIHandlerService
12 );
13 let handlerInfo;
14 const testScheme = "x-moz-test";
15
16 function setup() {
17   var handler = Cc["@mozilla.org/uriloader/web-handler-app;1"].createInstance(
18     Ci.nsIWebHandlerApp
19   );
20   handler.name = testScheme;
21   handler.uriTemplate = "http://test.mozilla.org/%s";
22
23   var extps = Cc[
24     "@mozilla.org/uriloader/external-protocol-service;1"
25   ].getService(Ci.nsIExternalProtocolService);
26   handlerInfo = extps.getProtocolHandlerInfo(testScheme);
27   handlerInfo.possibleApplicationHandlers.appendElement(handler);
28
29   hserv.store(handlerInfo);
30   Assert.ok(extps.externalProtocolHandlerExists(testScheme));
31 }
32
33 setup();
34 registerCleanupFunction(() => {
35   hserv.remove(handlerInfo);
36 });
37
38 function makeChan(url) {
39   let chan = NetUtil.newChannel({
40     uri: url,
41     loadUsingSystemPrincipal: true,
42     contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
43   }).QueryInterface(Ci.nsIHttpChannel);
44   chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
45   return chan;
46 }
47
48 function channelOpenPromise(chan, flags) {
49   return new Promise(resolve => {
50     function finish(req, buffer) {
51       resolve([req, buffer]);
52     }
53     let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
54     internal.setWaitForHTTPSSVCRecord();
55     chan.asyncOpen(new ChannelListener(finish, null, flags));
56   });
57 }
58
59 add_task(async function viewsourceExternalProtocol() {
60   Assert.throws(
61     () => makeChan(`view-source:${testScheme}:foo.example.com`),
62     /NS_ERROR_MALFORMED_URI/
63   );
64 });
65
66 add_task(async function viewsourceExternalProtocolRedirect() {
67   let httpserv = new HttpServer();
68   httpserv.registerPathHandler("/", function handler(metadata, response) {
69     response.setStatusLine(metadata.httpVersion, 301, "Moved Permanently");
70     response.setHeader("Location", `${testScheme}:foo@bar.com`, false);
71
72     var body = "Moved\n";
73     response.bodyOutputStream.write(body, body.length);
74   });
75   httpserv.start(-1);
76
77   let chan = makeChan(
78     `view-source:http://127.0.0.1:${httpserv.identity.primaryPort}/`
79   );
80   let [req] = await channelOpenPromise(chan, CL_EXPECT_FAILURE);
81   Assert.equal(req.status, Cr.NS_ERROR_MALFORMED_URI);
82   await httpserv.stop();
83 });