nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/dom/security/test/csp/file_iframe_srcdoc.sjs
Frederik Braun 56207a1b8b Bug 1073952: tests for iframe sandbox srcdoc and data URIs with CSP r=ckerschb,Tomcat 
MozReview-Commit-ID: 5Q8XIJPrRPk

--HG--
extra : rebase_source : 391431d3585173d096ab58747a854542dfd3adca
2017-01-30 14:12:15 +01:00

79 lines
2.1 KiB
JavaScript
Raw Blame History

// Custom *.sjs file specifically for the needs of
// https://bugzilla.mozilla.org/show_bug.cgi?id=1073952
"use strict";
Components.utils.importGlobalProperties(["URLSearchParams"]);
const SCRIPT = `
<script>
parent.parent.postMessage({result: &quot;allowed&quot;}, &quot;*&quot;);
</script>`;
const SIMPLE_IFRAME_SRCDOC = `
<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body>
<iframe sandbox="allow-scripts" srcdoc="` + SCRIPT + `"></iframe>
</body>
</html>`;
const INNER_SRCDOC_IFRAME = `
<iframe sandbox='allow-scripts' srcdoc='<script>
parent.parent.parent.postMessage({result: &quot;allowed&quot;}, &quot;*&quot;);
</script>'>
</iframe>`;
const NESTED_IFRAME_SRCDOC = `
<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body>
<iframe sandbox="allow-scripts" srcdoc="` + INNER_SRCDOC_IFRAME + `"></iframe>
</body>
</html>`;
const INNER_DATAURI_IFRAME = `
<iframe sandbox='allow-scripts' src='data:text/html,<script>
parent.parent.parent.postMessage({result: &quot;allowed&quot;}, &quot;*&quot;);
</script>'>
</iframe>`;
const NESTED_IFRAME_SRCDOC_DATAURI = `
<!DOCTYPE html>
<html>
<head><meta charset="utf-8"></head>
<body>
<iframe sandbox="allow-scripts" srcdoc="` + INNER_DATAURI_IFRAME + `"></iframe>
</body>
</html>`;
function handleRequest(request, response) {
const query = new URLSearchParams(request.queryString);
response.setHeader("Cache-Control", "no-cache", false);
if (typeof query.get("csp") === "string") {
response.setHeader("Content-Security-Policy", query.get("csp"), false);
}
response.setHeader("Content-Type", "text/html", false);
if (query.get("action") === "simple_iframe_srcdoc") {
response.write(SIMPLE_IFRAME_SRCDOC);
return;
}
if (query.get("action") === "nested_iframe_srcdoc") {
response.write(NESTED_IFRAME_SRCDOC);
return;
}
if (query.get("action") === "nested_iframe_srcdoc_datauri") {
response.write(NESTED_IFRAME_SRCDOC_DATAURI);
return;
}
// we should never get here, but just in case
// return something unexpected
response.write("do'h");
}
View git blame Copy permalink