<!
DOCTYPE HTML>
<
html>
<!--
This checks if the right policies are applied from a given string (including whitespace, invalid policy strings, etc). It doesn't do a complete check for all load types; that's done in another test.
https://bugzilla.mozilla.org/show_bug.cgi?id=704320
-->
<
head>
<
meta charset=
"utf-8">
<
title>Test policies for Bug 704320</
title>
<
script src=
"/tests/SimpleTest/SimpleTest.js"></
script>
<
script type=
"application/javascript" src=
"referrerHelper.js"></
script>
<
link rel=
"stylesheet" type=
"text/css" href=
"/tests/SimpleTest/test.css"/>
<
script type=
"application/javascript">
SimpleTest.waitForExplicitFinish();
var advance = function() { tests.next(); };
/**
* This is the main test routine -- serialized by use of a generator.
* It resets the counter, then performs two tests in sequence using
* the same
iframe.
*/
var tests = (function*() {
var iframe = document.getElementById(
"testframe");
const sjs =
"/tests/dom/base/test/bug704320.sjs?action=generate-policy-test";
// basic calibration check
// reset the counter
yield resetCounter();
// load the first test
frame
// it will call back into this function via postMessage when it finishes loading.
// and continue beyond the yield.
yield
iframe.src = sjs +
"&policy=" + escape(
'default');
// check the first test (two images, no referrers)
yield checkIndividualResults(
"default", [
"full"]);
// check invalid policy
// According to the spec
section Determine token
's Policy,if there is a policy
// token and it is not one of the expected tokens, Empty string should be the
// policy used.
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
'invalid-policy');
yield checkIndividualResults(
"invalid", [
"full"]);
// whitespace checks.
// according to the spec
section 4.1, the content attribute
's value
// is fed to the token policy algorithm after stripping leading and
// trailing whitespace.
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
'default ');
yield checkIndividualResults(
"trailing whitespace", [
"full"]);
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
' origin\f');
yield checkIndividualResults(
"trailing form feed", [
"origin"]);
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
'\f origin');
yield checkIndividualResults(
"leading form feed", [
"origin"]);
// origin when cross-origin (trimming whitespace)
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
' origin-when-cross-origin');
yield checkIndividualResults(
"origin-when-cross-origin", [
"origin",
"full"]);
// according to the spec
section 4.1:
//
"If the meta element lacks a content attribute, or if that attribute’s
// value is the empty string, then abort these steps.
"
// This means empty or missing content attribute means to ignore the
meta
// tag and use default policy.
// Whitespace here is space, tab, LF, FF and CR.
//
http://www.w3.org/html/wg/drafts/
html/CR/infrastructure.
html#space-character
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
' \t ');
yield checkIndividualResults(
"basic whitespace only policy", [
"full"]);
// and double-check that no-referrer works.
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
'no-referrer');
yield checkIndividualResults(
"no-referrer", [
"none"]);
// Case insensitive
yield resetCounter();
yield
iframe.src = sjs +
"&policy=" + escape(
'\f OrigIn');
yield checkIndividualResults(
"origin case insensitive", [
"origin"]);
// complete.
SimpleTest.finish();
})();
</
script>
</
head>
<
body onload=
"tests.next();">
<
iframe id=
"testframe"></
iframe>
</
body>
</
html>
