nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/browser/base/content/test/permissions/browser_reservedkey.js
Kris Maglione b3cac601f6 Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs 
This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.

Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.

This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.

MozReview-Commit-ID: 5w17celRFr

--HG--
extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe
extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006
2018-01-24 14:56:48 -08:00

92 lines
4.3 KiB
JavaScript
Raw Blame History

add_task(async function test_reserved_shortcuts() {
/* eslint-disable no-unsanitized/property */
let keyset = `<keyset>
<key id='kt_reserved' modifiers='shift' key='O' reserved='true' count='0'
oncommand='this.setAttribute("count", Number(this.getAttribute("count")) + 1)'/>
<key id='kt_notreserved' modifiers='shift' key='P' reserved='false' count='0'
oncommand='this.setAttribute("count", Number(this.getAttribute("count")) + 1)'/>
<key id='kt_reserveddefault' modifiers='shift' key='Q' count='0'
oncommand='this.setAttribute("count", Number(this.getAttribute("count")) + 1)'/>
</keyset>`;
let container = document.createElement("box");
container.unsafeSetInnerHTML(keyset);
document.documentElement.appendChild(container);
/* eslint-enable no-unsanitized/property */
const pageUrl = "data:text/html,<body onload='document.body.firstChild.focus();'><div onkeydown='event.preventDefault();' tabindex=0>Test</div></body>";
let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, pageUrl);
EventUtils.synthesizeKey("O", { shiftKey: true });
EventUtils.synthesizeKey("P", { shiftKey: true });
EventUtils.synthesizeKey("Q", { shiftKey: true });
is(document.getElementById("kt_reserved").getAttribute("count"), "1", "reserved='true' with preference off");
is(document.getElementById("kt_notreserved").getAttribute("count"), "0", "reserved='false' with preference off");
is(document.getElementById("kt_reserveddefault").getAttribute("count"), "0", "default reserved with preference off");
// Now try with reserved shortcut key handling enabled.
await new Promise(resolve => {
SpecialPowers.pushPrefEnv({"set": [["permissions.default.shortcuts", 2]]}, resolve);
});
EventUtils.synthesizeKey("O", { shiftKey: true });
EventUtils.synthesizeKey("P", { shiftKey: true });
EventUtils.synthesizeKey("Q", { shiftKey: true });
is(document.getElementById("kt_reserved").getAttribute("count"), "2", "reserved='true' with preference on");
is(document.getElementById("kt_notreserved").getAttribute("count"), "0", "reserved='false' with preference on");
is(document.getElementById("kt_reserveddefault").getAttribute("count"), "1", "default reserved with preference on");
document.documentElement.removeChild(container);
await BrowserTestUtils.removeTab(tab);
});
// This test checks that Alt+<key> and F10 cannot be blocked when the preference is set.
if (navigator.platform.indexOf("Mac") == -1) {
add_task(async function test_accesskeys_menus() {
await new Promise(resolve => {
SpecialPowers.pushPrefEnv({"set": [["permissions.default.shortcuts", 2]]}, resolve);
});
const uri = "data:text/html,<body onkeydown='if (event.key == \"H\" || event.key == \"F10\") event.preventDefault();'>";
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, uri);
// Pressing Alt+H should open the Help menu.
let helpPopup = document.getElementById("menu_HelpPopup");
let popupShown = BrowserTestUtils.waitForEvent(helpPopup, "popupshown");
EventUtils.synthesizeKey("VK_ALT", { type: "keydown" });
EventUtils.synthesizeKey("H", { altKey: true });
EventUtils.synthesizeKey("VK_ALT", { type: "keyup" });
await popupShown;
ok(true, "Help menu opened");
let popupHidden = BrowserTestUtils.waitForEvent(helpPopup, "popuphidden");
helpPopup.hidePopup();
await popupHidden;
// Pressing F10 should focus the menubar. On Linux, the file menu should open, but on Windows,
// pressing Down will open the file menu.
let menubar = document.getElementById("main-menubar");
let menubarActive = BrowserTestUtils.waitForEvent(menubar, "DOMMenuBarActive");
EventUtils.sendKey("F10");
await menubarActive;
let filePopup = document.getElementById("menu_FilePopup");
popupShown = BrowserTestUtils.waitForEvent(filePopup, "popupshown");
if (navigator.platform.indexOf("Win") >= 0) {
EventUtils.synthesizeKey("KEY_ArrowDown", { code: "ArrowDown" });
}
await popupShown;
ok(true, "File menu opened");
popupHidden = BrowserTestUtils.waitForEvent(filePopup, "popuphidden");
filePopup.hidePopup();
await popupHidden;
await BrowserTestUtils.removeTab(tab1);
});
}
View git blame Copy permalink