summaryrefslogtreecommitdiff
path: root/dom/html/test/test_iframe_sandbox_plugins.html
blob: a8c2bd21b7fff9bdef0c8e66c6ae3f8562c6dcca (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=341604
Implement HTML5 sandbox attribute for IFRAMEs
-->
<head>
  <meta charset="utf-8">
  <title>Test for Bug 341604 - plugins</title>
  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="application/javascript" src="plugin-utils.js"></script>
  <script type="application/javascript">
    setTestPluginEnabledState(SpecialPowers.Ci.nsIPluginTag.STATE_ENABLED);
  </script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<script type="application/javascript">
/** Test for Bug 341604 - Implement HTML5 sandbox attribute for IFRAMEs **/
/** Plugin tests **/
SimpleTest.waitForExplicitFinish();

function doTest() {
  // 1) test that a plugin can't be loaded with <embed> inside a sandboxed <iframe>
  // (done by file_iframe_sandbox_f_if1.html loaded in if1 below)
  // 2) test that a plugin can't be loaded with <object> inside a sandboxed <iframe>
  // (done by file_iframe_sandbox_f_if1.html loaded in if1 below)
  // 3) test that plugin can't be loaded by a sandboxed <iframe> with src pointing to
  // a document that is handled by a plugin (done by if_2 below)
  // 4) test that when a plugin is loaded in an unsandboxed iframe, a sandbox attribute
  // is then added to the iframe and the document containing the plugin is reloaded,
  // the plugin does not load in the sandboxed iframe (done with if_3 below)
  // 5) test that when when a sandboxed iframe's sandbox attribute is removed,
  // and a new document is loaded into the iframe, the plugin loads
  // (done with if_4 below)

  // these are all handled by checking how many instances of the test plugin are loaded
  // when this script runs as the onload handler - there should be two instances,
  // initially the one loaded directly by this page itself, and the one loaded during
  // test #4 above.
  var p = document.getElementById('plugin1');
  var if_1 = document.getElementById('if_1');
  p.startWatchingInstanceCount();

  if_1.src = 'file_iframe_sandbox_f_if1.html';
}

function if_1_load() {
  var if_1 = document.getElementById('if_1');

  if (if_1.src == "about:blank")
    return;

  // need to wait for plugin to load, if the test fails...
  SimpleTest.executeSoon(if_1_continue);
}

function if_1_continue() {
  // instance count should be 0 (tests #1 and #2 above)
  var p = document.getElementById('plugin1');
  is(p.getInstanceCount(), 0, "plugins should not be loaded via <object> or <embed> by a sandboxed iframe");

  var if_2 = document.getElementById('if_2');
  if_2.src = 'file_iframe_sandbox_f_if2.html';

  SimpleTest.executeSoon(if_2_continue);
}

function if_2_continue() {
  // instance count should be 0 (test #3 above)
  var p = document.getElementById('plugin1');

  is(p.getInstanceCount(), 0, "plugins should not be loaded via a document of a type that requires a plugin embedded in a sandboxed iframe");

  SimpleTest.executeSoon(if_3_test);
}

function if_3_test() {
  var if_3 = document.getElementById('if_3');
  // add sandbox attribute
  if_3.sandbox = '';
  if_3.src = 'file_iframe_sandbox_f_if1.html';
}

function if_3_load() {
  if (if_3.src == "about:blank")
    return;

  SimpleTest.executeSoon(if_3_continue);
}

function if_3_continue() {
  var p = document.getElementById('plugin1');
  is(p.getInstanceCount(), 0, "plugins should not be loaded when a sandbox attribute is added" +
     "to an iframe and a document containing a plugin is then loaded into the iframe");

  SimpleTest.executeSoon(if_4_test);
}

function if_4_test() {
  var if_4 = document.getElementById('if_4');
  // remove sandbox attribute
  if_4.removeAttribute('sandbox');
  if_4.src = 'file_iframe_sandbox_f_if1.html';
}

function if_4_load() {
  if (if_4.src == "about:blank")
    return;

  SimpleTest.executeSoon(if_4_continue);
}

function if_4_continue() {
  var p = document.getElementById('plugin1');
  // there are 2 plugin instances in file_iframe_sandbox_if1.html loaded by
  // if_1, they should successfully load.
  is(p.getInstanceCount(), 2, "plugins should be loaded when a sandbox attribute is removed " +
     "from an iframe and a document containing a plugin is then loaded into the iframe");

  p.stopWatchingInstanceCount();
  SimpleTest.executeSoon(finish_test);
}

function finish_test() {
  SimpleTest.finish();
}

addLoadEvent(doTest);
</script>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=341604">Mozilla Bug 341604</a> - Implement HTML5 sandbox attribute for IFRAMEs
<p id="display"></p>
<div id="content">
<embed id="plugin1" type="application/x-test" width="200" height="200"></embed>
<iframe id="if_1" sandbox='allow-same-origin' onLoad='if_1_load()' src="about:blank" height="400" width="400"></iframe>
<iframe id="if_2" sandbox='allow-same-origin' src="about:blank" height="400" width="400"></iframe>
<iframe id="if_3" src="about:blank" onload='if_3_load()' height="400" width="400"></iframe>
<iframe id="if_4" sandbox='allow-same-origin' onload='if_4_load()' src="about:blank" height="400" width="400"></iframe>
</div>
</body>
</html>