nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/dom/security/test/csp/file_scheme_relative_sources.sjs
Christoph Kerschbaumer 66b8827044 Bug 1117650 - Part 3: Move all CSP tests into dom/security/test. r=sstamm 
--HG--
rename : dom/base/test/TestCSPParser.cpp => dom/security/test/TestCSPParser.cpp
rename : dom/base/test/csp/browser.ini => dom/security/test/csp/browser.ini
rename : dom/base/test/csp/browser_test_web_manifest.js => dom/security/test/csp/browser_test_web_manifest.js
rename : dom/base/test/csp/browser_test_web_manifest_mixed_content.js => dom/security/test/csp/browser_test_web_manifest_mixed_content.js
rename : dom/base/test/csp/chrome.ini => dom/security/test/csp/chrome.ini
rename : dom/base/test/csp/file_CSP.css => dom/security/test/csp/file_CSP.css
rename : dom/base/test/csp/file_CSP.sjs => dom/security/test/csp/file_CSP.sjs
rename : dom/base/test/csp/file_csp_allow_https_schemes.html => dom/security/test/csp/file_allow_https_schemes.html
rename : dom/base/test/csp/file_base-uri.html => dom/security/test/csp/file_base-uri.html
rename : dom/base/test/csp/file_blob_data_schemes.html => dom/security/test/csp/file_blob_data_schemes.html
rename : dom/base/test/csp/file_CSP_bug663567.xsl => dom/security/test/csp/file_bug663567.xsl
rename : dom/base/test/csp/file_CSP_bug663567_allows.xml => dom/security/test/csp/file_bug663567_allows.xml
rename : dom/base/test/csp/file_CSP_bug663567_allows.xml^headers^ => dom/security/test/csp/file_bug663567_allows.xml^headers^
rename : dom/base/test/csp/file_CSP_bug663567_blocks.xml => dom/security/test/csp/file_bug663567_blocks.xml
rename : dom/base/test/csp/file_CSP_bug663567_blocks.xml^headers^ => dom/security/test/csp/file_bug663567_blocks.xml^headers^
rename : dom/base/test/csp/file_csp_bug768029.html => dom/security/test/csp/file_bug768029.html
rename : dom/base/test/csp/file_csp_bug768029.sjs => dom/security/test/csp/file_bug768029.sjs
rename : dom/base/test/csp/file_csp_bug773891.html => dom/security/test/csp/file_bug773891.html
rename : dom/base/test/csp/file_csp_bug773891.sjs => dom/security/test/csp/file_bug773891.sjs
rename : dom/base/test/csp/file_CSP_bug802872.html => dom/security/test/csp/file_bug802872.html
rename : dom/base/test/csp/file_CSP_bug802872.html^headers^ => dom/security/test/csp/file_bug802872.html^headers^
rename : dom/base/test/csp/file_CSP_bug802872.js => dom/security/test/csp/file_bug802872.js
rename : dom/base/test/csp/file_CSP_bug802872.sjs => dom/security/test/csp/file_bug802872.sjs
rename : dom/base/test/csp/file_bug836922_npolicies.html => dom/security/test/csp/file_bug836922_npolicies.html
rename : dom/base/test/csp/file_bug836922_npolicies.html^headers^ => dom/security/test/csp/file_bug836922_npolicies.html^headers^
rename : dom/base/test/csp/file_bug836922_npolicies_ro_violation.sjs => dom/security/test/csp/file_bug836922_npolicies_ro_violation.sjs
rename : dom/base/test/csp/file_bug836922_npolicies_violation.sjs => dom/security/test/csp/file_bug836922_npolicies_violation.sjs
rename : dom/base/test/csp/file_CSP_bug885433_allows.html => dom/security/test/csp/file_bug885433_allows.html
rename : dom/base/test/csp/file_CSP_bug885433_allows.html^headers^ => dom/security/test/csp/file_bug885433_allows.html^headers^
rename : dom/base/test/csp/file_CSP_bug885433_blocks.html => dom/security/test/csp/file_bug885433_blocks.html
rename : dom/base/test/csp/file_CSP_bug885433_blocks.html^headers^ => dom/security/test/csp/file_bug885433_blocks.html^headers^
rename : dom/base/test/csp/file_bug886164.html => dom/security/test/csp/file_bug886164.html
rename : dom/base/test/csp/file_bug886164.html^headers^ => dom/security/test/csp/file_bug886164.html^headers^
rename : dom/base/test/csp/file_bug886164_2.html => dom/security/test/csp/file_bug886164_2.html
rename : dom/base/test/csp/file_bug886164_2.html^headers^ => dom/security/test/csp/file_bug886164_2.html^headers^
rename : dom/base/test/csp/file_bug886164_3.html => dom/security/test/csp/file_bug886164_3.html
rename : dom/base/test/csp/file_bug886164_3.html^headers^ => dom/security/test/csp/file_bug886164_3.html^headers^
rename : dom/base/test/csp/file_bug886164_4.html => dom/security/test/csp/file_bug886164_4.html
rename : dom/base/test/csp/file_bug886164_4.html^headers^ => dom/security/test/csp/file_bug886164_4.html^headers^
rename : dom/base/test/csp/file_bug886164_5.html => dom/security/test/csp/file_bug886164_5.html
rename : dom/base/test/csp/file_bug886164_5.html^headers^ => dom/security/test/csp/file_bug886164_5.html^headers^
rename : dom/base/test/csp/file_bug886164_6.html => dom/security/test/csp/file_bug886164_6.html
rename : dom/base/test/csp/file_bug886164_6.html^headers^ => dom/security/test/csp/file_bug886164_6.html^headers^
rename : dom/base/test/csp/file_CSP_bug888172.html => dom/security/test/csp/file_bug888172.html
rename : dom/base/test/csp/file_CSP_bug888172.sjs => dom/security/test/csp/file_bug888172.sjs
rename : dom/base/test/csp/file_CSP_bug909029_none.html => dom/security/test/csp/file_bug909029_none.html
rename : dom/base/test/csp/file_CSP_bug909029_none.html^headers^ => dom/security/test/csp/file_bug909029_none.html^headers^
rename : dom/base/test/csp/file_CSP_bug909029_star.html => dom/security/test/csp/file_bug909029_star.html
rename : dom/base/test/csp/file_CSP_bug909029_star.html^headers^ => dom/security/test/csp/file_bug909029_star.html^headers^
rename : dom/base/test/csp/file_CSP_bug910139.sjs => dom/security/test/csp/file_bug910139.sjs
rename : dom/base/test/csp/file_CSP_bug910139.xml => dom/security/test/csp/file_bug910139.xml
rename : dom/base/test/csp/file_CSP_bug910139.xsl => dom/security/test/csp/file_bug910139.xsl
rename : dom/base/test/csp/file_CSP_bug941404.html => dom/security/test/csp/file_bug941404.html
rename : dom/base/test/csp/file_CSP_bug941404_xhr.html => dom/security/test/csp/file_bug941404_xhr.html
rename : dom/base/test/csp/file_CSP_bug941404_xhr.html^headers^ => dom/security/test/csp/file_bug941404_xhr.html^headers^
rename : dom/base/test/csp/file_connect-src-fetch.html => dom/security/test/csp/file_connect-src-fetch.html
rename : dom/base/test/csp/file_connect-src.html => dom/security/test/csp/file_connect-src.html
rename : dom/base/test/csp/file_dual_header_testserver.sjs => dom/security/test/csp/file_dual_header_testserver.sjs
rename : dom/base/test/csp/file_CSP_evalscript_main.html => dom/security/test/csp/file_evalscript_main.html
rename : dom/base/test/csp/file_CSP_evalscript_main.html^headers^ => dom/security/test/csp/file_evalscript_main.html^headers^
rename : dom/base/test/csp/file_CSP_evalscript_main.js => dom/security/test/csp/file_evalscript_main.js
rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.html => dom/security/test/csp/file_evalscript_main_allowed.html
rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.html^headers^ => dom/security/test/csp/file_evalscript_main_allowed.html^headers^
rename : dom/base/test/csp/file_CSP_evalscript_main_allowed.js => dom/security/test/csp/file_evalscript_main_allowed.js
rename : dom/base/test/csp/file_form-action.html => dom/security/test/csp/file_form-action.html
rename : dom/base/test/csp/file_CSP_frameancestors.sjs => dom/security/test/csp/file_frameancestors.sjs
rename : dom/base/test/csp/file_CSP_frameancestors_main.html => dom/security/test/csp/file_frameancestors_main.html
rename : dom/base/test/csp/file_CSP_frameancestors_main.js => dom/security/test/csp/file_frameancestors_main.js
rename : dom/base/test/csp/file_hash_source.html => dom/security/test/csp/file_hash_source.html
rename : dom/base/test/csp/file_hash_source.html^headers^ => dom/security/test/csp/file_hash_source.html^headers^
rename : dom/base/test/csp/file_ignore_unsafe_inline.html => dom/security/test/csp/file_ignore_unsafe_inline.html
rename : dom/base/test/csp/file_CSP_inlinescript_main.html => dom/security/test/csp/file_inlinescript_main.html
rename : dom/base/test/csp/file_CSP_inlinescript_main.html^headers^ => dom/security/test/csp/file_inlinescript_main.html^headers^
rename : dom/base/test/csp/file_CSP_inlinescript_main_allowed.html => dom/security/test/csp/file_inlinescript_main_allowed.html
rename : dom/base/test/csp/file_CSP_inlinescript_main_allowed.html^headers^ => dom/security/test/csp/file_inlinescript_main_allowed.html^headers^
rename : dom/base/test/csp/file_CSP_inlinestyle_main.html => dom/security/test/csp/file_inlinestyle_main.html
rename : dom/base/test/csp/file_CSP_inlinestyle_main.html^headers^ => dom/security/test/csp/file_inlinestyle_main.html^headers^
rename : dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html => dom/security/test/csp/file_inlinestyle_main_allowed.html
rename : dom/base/test/csp/file_CSP_inlinestyle_main_allowed.html^headers^ => dom/security/test/csp/file_inlinestyle_main_allowed.html^headers^
rename : dom/base/test/csp/file_csp_invalid_source_expression.html => dom/security/test/csp/file_invalid_source_expression.html
rename : dom/base/test/csp/file_leading_wildcard.html => dom/security/test/csp/file_leading_wildcard.html
rename : dom/base/test/csp/file_CSP_main.html => dom/security/test/csp/file_main.html
rename : dom/base/test/csp/file_CSP_main.html^headers^ => dom/security/test/csp/file_main.html^headers^
rename : dom/base/test/csp/file_CSP_main.js => dom/security/test/csp/file_main.js
rename : dom/base/test/csp/file_multi_policy_injection_bypass.html => dom/security/test/csp/file_multi_policy_injection_bypass.html
rename : dom/base/test/csp/file_multi_policy_injection_bypass.html^headers^ => dom/security/test/csp/file_multi_policy_injection_bypass.html^headers^
rename : dom/base/test/csp/file_multi_policy_injection_bypass_2.html => dom/security/test/csp/file_multi_policy_injection_bypass_2.html
rename : dom/base/test/csp/file_multi_policy_injection_bypass_2.html^headers^ => dom/security/test/csp/file_multi_policy_injection_bypass_2.html^headers^
rename : dom/base/test/csp/file_nonce_source.html => dom/security/test/csp/file_nonce_source.html
rename : dom/base/test/csp/file_nonce_source.html^headers^ => dom/security/test/csp/file_nonce_source.html^headers^
rename : dom/base/test/csp/file_null_baseuri.html => dom/security/test/csp/file_null_baseuri.html
rename : dom/base/test/csp/file_csp_path_matching.html => dom/security/test/csp/file_path_matching.html
rename : dom/base/test/csp/file_csp_path_matching.js => dom/security/test/csp/file_path_matching.js
rename : dom/base/test/csp/file_csp_path_matching_incl_query.html => dom/security/test/csp/file_path_matching_incl_query.html
rename : dom/base/test/csp/file_csp_path_matching_redirect.html => dom/security/test/csp/file_path_matching_redirect.html
rename : dom/base/test/csp/file_csp_path_matching_redirect_server.sjs => dom/security/test/csp/file_path_matching_redirect_server.sjs
rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy.html => dom/security/test/csp/file_policyuri_regression_from_multipolicy.html
rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy.html^headers^ => dom/security/test/csp/file_policyuri_regression_from_multipolicy.html^headers^
rename : dom/base/test/csp/file_policyuri_regression_from_multipolicy_policy => dom/security/test/csp/file_policyuri_regression_from_multipolicy_policy
rename : dom/base/test/csp/file_redirect_content.sjs => dom/security/test/csp/file_redirect_content.sjs
rename : dom/base/test/csp/file_redirect_report.sjs => dom/security/test/csp/file_redirect_report.sjs
rename : dom/base/test/csp/file_csp_redirects_main.html => dom/security/test/csp/file_redirects_main.html
rename : dom/base/test/csp/file_csp_redirects_page.sjs => dom/security/test/csp/file_redirects_page.sjs
rename : dom/base/test/csp/file_csp_redirects_resource.sjs => dom/security/test/csp/file_redirects_resource.sjs
rename : dom/base/test/csp/file_csp_referrerdirective.html => dom/security/test/csp/file_referrerdirective.html
rename : dom/base/test/csp/file_csp_report.html => dom/security/test/csp/file_report.html
rename : dom/base/test/csp/file_report_uri_missing_in_report_only_header.html => dom/security/test/csp/file_report_uri_missing_in_report_only_header.html
rename : dom/base/test/csp/file_report_uri_missing_in_report_only_header.html^headers^ => dom/security/test/csp/file_report_uri_missing_in_report_only_header.html^headers^
rename : dom/base/test/csp/file_scheme_relative_sources.js => dom/security/test/csp/file_scheme_relative_sources.js
rename : dom/base/test/csp/file_scheme_relative_sources.sjs => dom/security/test/csp/file_scheme_relative_sources.sjs
rename : dom/base/test/csp/file_self_none_as_hostname_confusion.html => dom/security/test/csp/file_self_none_as_hostname_confusion.html
rename : dom/base/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^
rename : dom/base/test/csp/file_subframe_run_js_if_allowed.html => dom/security/test/csp/file_subframe_run_js_if_allowed.html
rename : dom/base/test/csp/file_subframe_run_js_if_allowed.html^headers^ => dom/security/test/csp/file_subframe_run_js_if_allowed.html^headers^
rename : dom/base/test/csp/file_csp_testserver.sjs => dom/security/test/csp/file_testserver.sjs
rename : dom/base/test/csp/file_CSP_web_manifest.html => dom/security/test/csp/file_web_manifest.html
rename : dom/base/test/csp/file_CSP_web_manifest.json => dom/security/test/csp/file_web_manifest.json
rename : dom/base/test/csp/file_CSP_web_manifest.json^headers^ => dom/security/test/csp/file_web_manifest.json^headers^
rename : dom/base/test/csp/file_CSP_web_manifest_https.html => dom/security/test/csp/file_web_manifest_https.html
rename : dom/base/test/csp/file_CSP_web_manifest_https.json => dom/security/test/csp/file_web_manifest_https.json
rename : dom/base/test/csp/file_CSP_web_manifest_mixed_content.html => dom/security/test/csp/file_web_manifest_mixed_content.html
rename : dom/base/test/csp/file_CSP_web_manifest_remote.html => dom/security/test/csp/file_web_manifest_remote.html
rename : dom/base/test/csp/file_worker_redirect.html => dom/security/test/csp/file_worker_redirect.html
rename : dom/base/test/csp/file_worker_redirect.sjs => dom/security/test/csp/file_worker_redirect.sjs
rename : dom/base/test/csp/referrerdirective.sjs => dom/security/test/csp/referrerdirective.sjs
rename : dom/base/test/csp/test_301_redirect.html => dom/security/test/csp/test_301_redirect.html
rename : dom/base/test/csp/test_302_redirect.html => dom/security/test/csp/test_302_redirect.html
rename : dom/base/test/csp/test_303_redirect.html => dom/security/test/csp/test_303_redirect.html
rename : dom/base/test/csp/test_307_redirect.html => dom/security/test/csp/test_307_redirect.html
rename : dom/base/test/csp/test_CSP.html => dom/security/test/csp/test_CSP.html
rename : dom/base/test/csp/test_csp_allow_https_schemes.html => dom/security/test/csp/test_allow_https_schemes.html
rename : dom/base/test/csp/test_base-uri.html => dom/security/test/csp/test_base-uri.html
rename : dom/base/test/csp/test_blob_data_schemes.html => dom/security/test/csp/test_blob_data_schemes.html
rename : dom/base/test/csp/test_CSP_bug663567.html => dom/security/test/csp/test_bug663567.html
rename : dom/base/test/csp/test_csp_bug768029.html => dom/security/test/csp/test_bug768029.html
rename : dom/base/test/csp/test_csp_bug773891.html => dom/security/test/csp/test_bug773891.html
rename : dom/base/test/csp/test_CSP_bug802872.html => dom/security/test/csp/test_bug802872.html
rename : dom/base/test/csp/test_bug836922_npolicies.html => dom/security/test/csp/test_bug836922_npolicies.html
rename : dom/base/test/csp/test_CSP_bug885433.html => dom/security/test/csp/test_bug885433.html
rename : dom/base/test/csp/test_bug886164.html => dom/security/test/csp/test_bug886164.html
rename : dom/base/test/csp/test_CSP_bug888172.html => dom/security/test/csp/test_bug888172.html
rename : dom/base/test/csp/test_CSP_bug909029.html => dom/security/test/csp/test_bug909029.html
rename : dom/base/test/csp/test_CSP_bug910139.html => dom/security/test/csp/test_bug910139.html
rename : dom/base/test/csp/test_CSP_bug941404.html => dom/security/test/csp/test_bug941404.html
rename : dom/base/test/csp/test_bug949549.html => dom/security/test/csp/test_bug949549.html
rename : dom/base/test/csp/test_connect-src.html => dom/security/test/csp/test_connect-src.html
rename : dom/base/test/csp/test_dual_header.html => dom/security/test/csp/test_dual_header.html
rename : dom/base/test/csp/test_CSP_evalscript.html => dom/security/test/csp/test_evalscript.html
rename : dom/base/test/csp/test_form-action.html => dom/security/test/csp/test_form-action.html
rename : dom/base/test/csp/test_CSP_frameancestors.html => dom/security/test/csp/test_frameancestors.html
rename : dom/base/test/csp/test_hash_source.html => dom/security/test/csp/test_hash_source.html
rename : dom/base/test/csp/test_ignore_unsafe_inline.html => dom/security/test/csp/test_ignore_unsafe_inline.html
rename : dom/base/test/csp/test_CSP_inlinescript.html => dom/security/test/csp/test_inlinescript.html
rename : dom/base/test/csp/test_CSP_inlinestyle.html => dom/security/test/csp/test_inlinestyle.html
rename : dom/base/test/csp/test_csp_invalid_source_expression.html => dom/security/test/csp/test_invalid_source_expression.html
rename : dom/base/test/csp/test_leading_wildcard.html => dom/security/test/csp/test_leading_wildcard.html
rename : dom/base/test/csp/test_multi_policy_injection_bypass.html => dom/security/test/csp/test_multi_policy_injection_bypass.html
rename : dom/base/test/csp/test_nonce_source.html => dom/security/test/csp/test_nonce_source.html
rename : dom/base/test/csp/test_null_baseuri.html => dom/security/test/csp/test_null_baseuri.html
rename : dom/base/test/csp/test_csp_path_matching.html => dom/security/test/csp/test_path_matching.html
rename : dom/base/test/csp/test_csp_path_matching_redirect.html => dom/security/test/csp/test_path_matching_redirect.html
rename : dom/base/test/csp/test_policyuri_regression_from_multipolicy.html => dom/security/test/csp/test_policyuri_regression_from_multipolicy.html
rename : dom/base/test/csp/test_csp_redirects.html => dom/security/test/csp/test_redirects.html
rename : dom/base/test/csp/test_CSP_referrerdirective.html => dom/security/test/csp/test_referrerdirective.html
rename : dom/base/test/csp/test_csp_report.html => dom/security/test/csp/test_report.html
rename : dom/base/test/csp/test_report_uri_missing_in_report_only_header.html => dom/security/test/csp/test_report_uri_missing_in_report_only_header.html
rename : dom/base/test/csp/test_scheme_relative_sources.html => dom/security/test/csp/test_scheme_relative_sources.html
rename : dom/base/test/csp/test_self_none_as_hostname_confusion.html => dom/security/test/csp/test_self_none_as_hostname_confusion.html
rename : dom/base/test/csp/test_subframe_run_js_if_allowed.html => dom/security/test/csp/test_subframe_run_js_if_allowed.html
rename : dom/base/test/csp/test_worker_redirect.html => dom/security/test/csp/test_worker_redirect.html
rename : dom/base/test/unit/test_cspreports.js => dom/security/test/unit/test_csp_reports.js
extra : rebase_source : 009d78b5e741c3a6ed10744986f7b0841720f6c8
2015-06-08 16:21:50 -07:00

42 lines
1.5 KiB
JavaScript
Raw Blame History

/**
* Custom *.sjs specifically for the needs of
* Bug 921493 - CSP: test whitelisting of scheme-relative sources
*/
function handleRequest(request, response)
{
Components.utils.importGlobalProperties(["URLSearchParams"]);
let query = new URLSearchParams(request.queryString);
let scheme = query.get("scheme");
let policy = query.get("policy");
let linkUrl = scheme +
"://example.com/tests/dom/security/test/csp/file_scheme_relative_sources.js";
let html = "<!DOCTYPE HTML>" +
"<html>" +
"<head>" +
"<title>test schemeless sources within CSP</title>" +
"</head>" +
"<body> " +
"<div id='testdiv'>blocked</div>" +
// try to load a scheme relative script
"<script src='" + linkUrl + "'></script>" +
// have an inline script that reports back to the parent whether
// the script got loaded or not from within the sandboxed iframe.
"<script type='application/javascript'>" +
"window.onload = function() {" +
"var inner = document.getElementById('testdiv').innerHTML;" +
"window.parent.postMessage({ result: inner }, '*');" +
"}" +
"</script>" +
"</body>" +
"</html>";
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
response.setHeader("Content-Security-Policy", policy, false);
response.write(html);
}
View git blame Copy permalink