forked from mirrors/gecko-dev
		
	 351d147e2f
			
		
	
	
		351d147e2f
		
	
	
	
	
		
			
			Differential Revision: https://phabricator.services.mozilla.com/D44149 --HG-- extra : moz-landing-system : lando
		
			
				
	
	
		
			60 lines
		
	
	
	
		
			1.7 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			60 lines
		
	
	
	
		
			1.7 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <!DOCTYPE HTML>
 | |
| <html>
 | |
| <head>
 | |
|   <title>Bug 1548385 - CSP: Test script template</title>
 | |
|   <script src="/tests/SimpleTest/SimpleTest.js"></script>
 | |
|   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 | |
| </head>
 | |
| <body>
 | |
| <iframe style="width:100%;" id="testframe"></iframe>
 | |
| 
 | |
| <script class="testbody" type="text/javascript">
 | |
| 
 | |
| /**
 | |
|  * Description of the test:
 | |
|  * We load a document using a CSP of "default-src 'unsafe-inline'"
 | |
|  * and make sure that an external script within a template gets
 | |
|  * blocked correctly.
 | |
|  */
 | |
| 
 | |
| const CSP_BLOCKED_SUBJECT = "csp-on-violate-policy";
 | |
| const CSP_ALLOWED_SUBJECT = "specialpowers-http-notify-request";
 | |
| 
 | |
| SimpleTest.waitForExplicitFinish();
 | |
| 
 | |
| function examiner() {
 | |
|   SpecialPowers.addObserver(this, CSP_BLOCKED_SUBJECT);
 | |
|   SpecialPowers.addObserver(this, CSP_ALLOWED_SUBJECT);
 | |
| }
 | |
| 
 | |
| examiner.prototype  = {
 | |
|   observe(subject, topic, data) {
 | |
|     if (topic == CSP_BLOCKED_SUBJECT) {
 | |
|       let jsFileName = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
 | |
|       if (jsFileName.endsWith("file_script_template.js")) {
 | |
|         ok(true, "js file blocked by CSP");
 | |
|         this.removeAndFinish();
 | |
|       }
 | |
|     }
 | |
| 
 | |
|     if (topic == CSP_ALLOWED_SUBJECT) {
 | |
|       if (data.endsWith("file_script_template.js")) {
 | |
|         ok(false, "js file allowed by CSP");
 | |
|         this.removeAndFinish();
 | |
|       }
 | |
|     }
 | |
|   },
 | |
| 
 | |
|   removeAndFinish() {
 | |
|     SpecialPowers.removeObserver(this, CSP_BLOCKED_SUBJECT);
 | |
|     SpecialPowers.removeObserver(this, CSP_ALLOWED_SUBJECT);
 | |
|     SimpleTest.finish();
 | |
|   }
 | |
| }
 | |
| 
 | |
| window.examiner = new examiner();
 | |
| document.getElementById("testframe").src = "file_script_template.html";
 | |
| 
 | |
| </script>
 | |
| </body>
 | |
| </html>
 |