Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma


products/Sources/formale Sprachen/C/Firefox/dom/security/test/csp/ (Browser von der Mozilla Stiftung Version 136.0.1^©) Datei vom 10.2.2025 mit Größe 4 kB

Quelle test_path_matching.html Sprache: HTML

products/Sources/formale Sprachen/C/Firefox/dom/security/test/csp/test_path_matching.html

<!DOCTYPE HTML>
<html>
<head>
  <title>Bug 808292 - Implement path-level host-source matching to CSP</title>
  
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
  <p id="display"></p>
  <div id="content" style="visibility: hidden">
    <iframe style="width:100%;" id="testframe"></iframe>
  </div>

<script class="testbody" type="text/javascript">

SimpleTest.waitForExplicitFinish();

/* Description of the test:
* We are loading the following url (including a fragment portion):
* http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js#foo
* using different policies and verify that the applied policy is accurately enforced.
*/

var policies = [
  ["allowed", "*"],
  ["allowed", "http://*"], // test for bug 1075230, enforcing scheme and wildcard
  ["allowed", "test1.example.com"],
  ["allowed", "test1.example.com/"],
  ["allowed", "test1.example.com/tests/dom/security/test/csp/"],
  ["allowed", "test1.example.com/tests/dom/security/test/csp/file_path_matching.js"],

  ["allowed", "test1.example.com?foo=val"],
  ["allowed", "test1.example.com/?foo=val"],
  ["allowed", "test1.example.com/tests/dom/security/test/csp/?foo=val"],
  ["allowed", "test1.example.com/tests/dom/security/test/csp/file_path_matching.js?foo=val"],

  ["allowed", "test1.example.com#foo"],
  ["allowed", "test1.example.com/#foo"],
  ["allowed", "test1.example.com/tests/dom/security/test/csp/#foo"],
  ["allowed", "test1.example.com/tests/dom/security/test/csp/file_path_matching.js#foo"],

  ["allowed", "*.example.com"],
  ["allowed", "*.example.com/"],
  ["allowed", "*.example.com/tests/dom/security/test/csp/"],
  ["allowed", "*.example.com/tests/dom/security/test/csp/file_path_matching.js"],

  ["allowed", "test1.example.com:80"],
  ["allowed", "test1.example.com:80/"],
  ["allowed", "test1.example.com:80/tests/dom/security/test/csp/"],
  ["allowed", "test1.example.com:80/tests/dom/security/test/csp/file_path_matching.js"],

  ["allowed", "test1.example.com:*"],
  ["allowed", "test1.example.com:*/"],
  ["allowed", "test1.example.com:*/tests/dom/security/test/csp/"],
  ["allowed", "test1.example.com:*/tests/dom/security/test/csp/file_path_matching.js"],

  ["blocked", "test1.example.com/tests"],
  ["blocked", "test1.example.com/tests/dom/security/test/csp"],
  ["blocked", "test1.example.com/tests/dom/security/test/csp/file_path_matching.py"],

  ["blocked", "test1.example.com:8888/tests"],
  ["blocked", "test1.example.com:8888/tests/dom/security/test/csp"],
  ["blocked", "test1.example.com:8888/tests/dom/security/test/csp/file_path_matching.py"],

  // case insensitive matching for scheme and host, but case sensitive matching for paths
  ["allowed", "HTTP://test1.EXAMPLE.com/tests/"],
  ["allowed", "test1.EXAMPLE.com/tests/"],
  ["blocked", "test1.example.com/tests/dom/security/test/CSP/?foo=val"],
  ["blocked", "test1.example.com/tests/dom/security/test/csp/FILE_path_matching.js?foo=val"],
]

var counter = 0;
var policy;

function loadNextTest() {
  if (counter == policies.length) {
    SimpleTest.finish();
  }
  else {
    policy = policies[counter++];
    var src = "file_testserver.sjs?file=";
    // append the file that should be served
    src += (counter % 2 == 0)
               // load url including ref: example.com#foo
             ? escape("tests/dom/security/test/csp/file_path_matching.html")
               // load url including query: example.com?val=foo (bug 1147026)
             : escape("tests/dom/security/test/csp/file_path_matching_incl_query.html");

    // append the CSP that should be used to serve the file
    src += "&csp=" + escape("default-src 'none'; script-src " + policy[1]);

    document.getElementById("testframe").addEventListener("load", test);
    document.getElementById("testframe").src = src;
  }
}

function test() {
  try {
    document.getElementById("testframe").removeEventListener('load', test);
    var testframe = document.getElementById("testframe");
    var divcontent = testframe.contentWindow.document.getElementById('testdiv').innerHTML;
    is(divcontent, policy[0], "should be " + policy[0] + " in test " + (counter - 1) + "!");
  }
  catch (e) {
    ok(false, "ERROR: could not access content in test " + (counter - 1) + "!");
  }
  loadNextTest();
}

loadNextTest();

</script>
</body>
</html>

Messung V0.5

¤ Dauer der Verarbeitung: 0.12 Sekunden (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.