Quelle test_bug910139.html Sprache: HTML

products/Sources/formale Sprachen/C/Firefox/dom/security/test/csp/test_bug910139.html

<!DOCTYPE HTML>
<html>
<head>
  <title>CSP should block XSLT as script, not as style</title>
  
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
  <p id="display"></p>
  <div id="content" style="display: none"></div>
  <iframe style="width:100%;" id='xsltframe'></iframe>
  <iframe style="width:100%;" id='xsltframe2'></iframe>

<script class="testbody" type="text/javascript">

SimpleTest.waitForExplicitFinish();

// define the expected output of this test
var header = "this xml file should be formatted using an xsl file(lower iframe should contain xml dump)!";

function checkAllowed () {
  /*   The policy for this test is:
   *   Content-Security-Policy: default-src 'self'; script-src 'self'
   *
   *   we load the xsl file using:
   *   <?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
   */
  try {
    var cspframe = document.getElementById('xsltframe');
    var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML;
    is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!");
  }
  catch (e) {
    ok(false, "Error: could not access content in xsltframe!")
  }

  // continue with the next test
  document.getElementById('xsltframe2').addEventListener('load', checkBlocked);
  document.getElementById('xsltframe2').src = 'file_bug910139.sjs';
}

function checkBlocked () {
  /*   The policy for this test is:
   *   Content-Security-Policy: default-src 'self'; script-src *.example.com
   *
   *   we load the xsl file using:
   *   <?xml-stylesheet type="text/xsl" href="file_bug910139.xsl"?>
   */
  try {
    var cspframe = document.getElementById('xsltframe2');
    var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader');
    is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!");
  }
  catch (e) {
    ok(false, "Error: could not access content in xsltframe2!")
  }
  SimpleTest.finish();
}

document.getElementById('xsltframe').addEventListener('load', checkAllowed);
document.getElementById('xsltframe').src = 'file_bug910139.sjs';

</script>
</body>
</html>

Messung V0.5

¤ Dauer der Verarbeitung: 0.3 Sekunden ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.