function imgListener(img) {
return new Promise((resolve, reject) => { img.addEventListener("load", () => resolve()); img.addEventListener("error", () => reject());
});
}
function runTests()
{ variframe = document.getElementById("iframe"); iframe.src="data:text/html,hello";
let p1 = new Promise((resolve, reject) => { iframe.onload = function() {
ok(SpecialPowers.wrap(iframe).contentDocument.nodePrincipal.isNullPrincipal, "iframe should have NullPrincipal.");
resolve();
}
});
var iframe1 = document.getElementById("iframe1");
iframe1.src="data:image/png,%89PNG%0D%0A%1A%0A%00%00%00%0DIHDR%00%00%00%18%00%00%00%18%02%03%00%00%00%9D%19%D5k%00%00%00%04gAMA%00%00%B1%8F%0B%FCa%05%00%00%00%0CPLTE%FF%FF%FF%FF%FF%FF%F7%DC%13%00%00%00%03%80%01X%00%00%00%01tRNS%08N%3DPT%00%00%00%01bKGD%00%88%05%1DH%00%00%00%09pHYs%00%00%0B%11%00%00%0B%11%01%7Fd_%91%00%00%00%07tIME%07%D2%05%0C%14%0C%0D%D8%3F%1FQ%00%00%00%5CIDATx%9C%7D%8E%CB%09%C0%20%10D%07r%B7%20%2F%E9wV0%15h%EA%D9%12D4%BB%C1x%CC%5C%1E%0C%CC%07%C0%9C0%9Dd7()%C0A%D3%8D%E0%B8%10%1DiCHM%D0%AC%D2d%C3M%F1%B4%E7%FF%10%0BY%AC%25%93%CD%CBF%B5%B2%C0%3Alh%CD%AE%13%DF%A5%F7%E0%03byW%09A%B4%F3%E2%00%00%00%00IEND%AEB%60%82";
let p2 = new Promise((resolve, reject) => {
iframe1.onload = function() {
ok(SpecialPowers.wrap(iframe1).contentDocument.nodePrincipal.isNullPrincipal, "iframe1 should have NullPrincipal.");
resolve();
}
});
varcanvas = document.getElementById('canvas'); var ctx = canvas.getContext('2d');
ctx.fillRect(0, 0, canvas.height, canvas.width);
ctx.fillStyle = '#000'; var data = canvas.toDataURL('image/png'); varimg = new Image(); img.src = data;
let p3 = imgListener(img).then(() => {
dump("img onload\n");
ctx.drawImage(img, 0, 0);
return new Promise((resolve, reject) => {
try {
ctx.getImageData(0, 0, 1, 1);
ok(true, "data:image should be same origin.");
resolve();
} catch (e) {
ok(false, "data:image is cross-origin.");
reject();
}});
}).then(() => {
ctx.clearRect(0, 0, canvas.height, canvas.width);
ctx.drawImage(document.getElementById('img'), 0, 0);
return new Promise((resolve, reject) => {
try { canvas.toDataURL();
ok(true, "data:image should be same origin.");
resolve();
} catch (e) {
ok(false, "data:image is cross-origin.");
reject();
}});
}).then(() => { var win = window.open("data:text/html,<script>parent.opener.postMessage('ok', '*');<\/script>");
return new Promise(resolve => {
window.onmessage = function (evt) {
is(evt.origin, "null", "The origin of data:text/html should be null.");
win.close();
resolve();
}});
});
var obj_doc = document.getElementById("obj_doc");
obj_doc.data="data:text/html,%3Cbody%3E%3Cbutton%3EChild%3C/button%3E%3C/body%3E"
let p4 = new Promise((resolve, reject) => {
obj_doc.onload = function() {
ok(SpecialPowers.wrap(obj_doc).contentDocument.nodePrincipal.isNullPrincipal, "obj_doc.document should have NullPrincipal.");
resolve();
}
});
var obj_svg = document.getElementById("obj_svg");
obj_svg.data='data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 200 200"><circle cx="100" cy="100" r="100" fill="green" fill-opacity="0.8"/></svg>'
let p5 = new Promise((resolve, reject) => {
obj_svg.onload = function() {
ok(SpecialPowers.wrap(obj_svg).contentDocument.nodePrincipal.isNullPrincipal, "obj_svg.contentDocument should have NullPrincipal.");
ok(SpecialPowers.wrap(obj_svg).getSVGDocument().nodePrincipal.isNullPrincipal, "obj_svg.getSVGDocument() should have NullPrincipal.");
resolve();
}
});
// Test if data:stylesheet is considered same origin.
let p6 = new Promise((resolve, reject) => {
// 1. Dynamically include a css by inserting a <link> tag.
let link = document.createElement('link'); link.rel = 'stylesheet'; link.href = "data:text/css,.green-text{color:rgb(0, 255, 0)}"; link.onload = function() {
let dataStyleSheet;
for (let i = 0; i < document.styleSheets.length; i++) {
let sheet = document.styleSheets[i];
if (sheet.href === link.href) {
dataStyleSheet = sheet;
break;
}
}
ok(dataStyleSheet, "Should have found data:stylesheet");
// 2. Try to access the rule. If data:stylesheet is not considered
// same origin, an exception will be thrown.
try {
let rule = dataStyleSheet.cssRules;
ok(true, "data:stylesheet is considered same origin.");
} catch (ex) {
ok(false, "data:stylesheet is NOT considered same origin: " + ex);
}
// Test if data:font is same-origin.
let p7 = new Promise((resolve, reject) => {
let text = document.createElement('p');
// Cross-domain font will not load according to [1] so we try to apply
// data:font to this text and see if the font can be loaded.
// [1] https://www.w3.org/TR/css-fonts-3/#same-origin-restriction
text.style = 'font-family: DataFont';
text.innerHTML = "This text should trigger 'TestFont' to load.";
document.body.appendChild(text);
document.fonts.ready.then(fontFaces => {
is(fontFaces.size, 1, "should FontFace entry for data:font");
fontFaces.forEach(fontFace => {
is(fontFace.status, "loaded", "data:font should be same-origin");
});
resolve();
},
_ => {
ok(false, "data:font is not same-origin.");
reject();
});
});
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
