Adding upstream version 86.0.1.upstream/86.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
commit: 2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree: b80bf8bf13c3766139fbacc530efd0dd9d54394c /dom/security/test/csp/file_frameancestors_main.js
parent: Initial commit. (diff)
download: firefox-upstream.tar.xz
firefox-upstream.zip
1 files changed, 135 insertions, 0 deletions
diff --git a/dom/security/test/csp/file_frameancestors_main.js b/dom/security/test/csp/file_frameancestors_main.js
new file mode 100644
index 0000000000..ee251020d2
--- /dev/null
+++ b/dom/security/test/csp/file_frameancestors_main.js
@@ -0,0 +1,135 @@
+// Script to populate the test frames in the frame ancestors mochitest.
+//
+function setupFrames() {
+  var $ = function(v) {
+    return document.getElementById(v);
+  };
+  var base = {
+    self: "/tests/dom/security/test/csp/file_frameancestors.sjs",
+    a:
+      "http://mochi.test:8888/tests/dom/security/test/csp/file_frameancestors.sjs",
+    b: "http://example.com/tests/dom/security/test/csp/file_frameancestors.sjs",
+  };
+
+  // In both cases (base.a, base.b) the path starts with /tests/. Let's make sure this
+  // path within the CSP policy is completely ignored when enforcing frame ancestors.
+  // To test this behavior we use /foo/ and /bar/ as dummy values for the path.
+  var host = {
+    a: "http://mochi.test:8888/foo/",
+    b: "http://example.com:80/bar/",
+  };
+
+  var innerframeuri = null;
+  var elt = null;
+
+  elt = $("aa_allow");
+  elt.src =
+    base.a +
+    "?testid=aa_allow&internalframe=aa_a&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'"
+    );
+
+  elt = $("aa_block");
+  elt.src =
+    base.a +
+    "?testid=aa_block&internalframe=aa_b&csp=" +
+    escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'");
+
+  elt = $("ab_allow");
+  elt.src =
+    base.b +
+    "?testid=ab_allow&internalframe=ab_a&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'"
+    );
+
+  elt = $("ab_block");
+  elt.src =
+    base.b +
+    "?testid=ab_block&internalframe=ab_b&csp=" +
+    escape("default-src 'none'; frame-ancestors 'none'; script-src 'self'");
+
+  /* .... two-level framing */
+  elt = $("aba_allow");
+  innerframeuri =
+    base.a +
+    "?testid=aba_allow&double=1&internalframe=aba_a&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " +
+        host.a +
+        " " +
+        host.b +
+        "; script-src 'self'"
+    );
+  elt.src =
+    base.b +
+    "?externalframe=" +
+    escape('<iframe src="' + innerframeuri + '"></iframe>');
+
+  elt = $("aba_block");
+  innerframeuri =
+    base.a +
+    "?testid=aba_allow&double=1&internalframe=aba_b&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'"
+    );
+  elt.src =
+    base.b +
+    "?externalframe=" +
+    escape('<iframe src="' + innerframeuri + '"></iframe>');
+
+  elt = $("aba2_block");
+  innerframeuri =
+    base.a +
+    "?testid=aba_allow&double=1&internalframe=aba2_b&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'"
+    );
+  elt.src =
+    base.b +
+    "?externalframe=" +
+    escape('<iframe src="' + innerframeuri + '"></iframe>');
+
+  elt = $("abb_allow");
+  innerframeuri =
+    base.b +
+    "?testid=abb_allow&double=1&internalframe=abb_a&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " +
+        host.a +
+        " " +
+        host.b +
+        "; script-src 'self'"
+    );
+  elt.src =
+    base.b +
+    "?externalframe=" +
+    escape('<iframe src="' + innerframeuri + '"></iframe>');
+
+  elt = $("abb_block");
+  innerframeuri =
+    base.b +
+    "?testid=abb_allow&double=1&internalframe=abb_b&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " + host.a + "; script-src 'self'"
+    );
+  elt.src =
+    base.b +
+    "?externalframe=" +
+    escape('<iframe src="' + innerframeuri + '"></iframe>');
+
+  elt = $("abb2_block");
+  innerframeuri =
+    base.b +
+    "?testid=abb_allow&double=1&internalframe=abb2_b&csp=" +
+    escape(
+      "default-src 'none'; frame-ancestors " + host.b + "; script-src 'self'"
+    );
+  elt.src =
+    base.b +
+    "?externalframe=" +
+    escape('<iframe src="' + innerframeuri + '"></iframe>');
+}
+
+window.addEventListener("load", setupFrames);
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
commit	2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree	b80bf8bf13c3766139fbacc530efd0dd9d54394c /dom/security/test/csp/file_frameancestors_main.js
parent	Initial commit. (diff)
download	firefox-upstream.tar.xz firefox-upstream.zip