search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1922904 - Fix bug 1780701 in a different approach. r=botond
[gecko.git] / dom / security / test / general / test_block_subresource_redir_to_data.html
blob21a85515ecee9b68a9681d153920325c597567ec
1 <!DOCTYPE HTML>
2 <html>
3 <head>
4 <title>Bug 1428793: Block insecure redirects to data: URIs</title>
5 <script src="/tests/SimpleTest/SimpleTest.js"></script>
6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
7 </head>
8 <body>
9
10 <script id="testScriptRedirectToData"></script>
11 <script id="testModuleScriptRedirectToData" type="module"></script>
12
13 <script class="testbody" type="text/javascript">
14
15 SimpleTest.waitForExplicitFinish();
16 const NUM_TESTS = 3;
17
18 var testCounter = 0;
19 function checkFinish() {
20 testCounter++;
21 if (testCounter === NUM_TESTS) {
22 SimpleTest.finish();
23 }
24 }
25
26 // --- test regular scripts
27 let testScriptRedirectToData = document.getElementById("testScriptRedirectToData");
28 testScriptRedirectToData.onerror = function() {
29 ok(true, "script that redirects to data: URI should not load");
30 checkFinish();
31 }
32 testScriptRedirectToData.onload = function() {
33 ok(false, "script that redirects to data: URI should not load");
34 checkFinish();
35 }
36 testScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?script";
37
38 // --- test workers
39 let worker = new Worker("file_block_subresource_redir_to_data.sjs?worker");
40 worker.onerror = function() {
41 // please note that workers need to be same origin, hence the data: URI
42 // redirect is blocked by worker code and not the content security manager!
43 ok(true, "worker script that redirects to data: URI should not load");
44 checkFinish();
45 }
46 worker.onmessage = function() {
47 ok(false, "worker script that redirects to data: URI should not load");
48 checkFinish();
49 };
50 worker.postMessage("dummy");
51
52 // --- test script modules
53 let testModuleScriptRedirectToData = document.getElementById("testModuleScriptRedirectToData");
54 testModuleScriptRedirectToData.onerror = function() {
55 ok(true, "module script that redirects to data: URI should not load");
56 checkFinish();
57 }
58 testModuleScriptRedirectToData.onload = function() {
59 ok(false, "module script that redirects to data: URI should not load");
60 checkFinish();
61 }
62 testModuleScriptRedirectToData.src = "file_block_subresource_redir_to_data.sjs?modulescript";
63
64 </script>
65 </body>
66 </html>