| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Firefox/netwerk/test/unit/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 3 kB |
|
Quelle test_bug337744.js Sprache: JAVA |
|||||||||||||||
|
/* verify that certain invalid URIs are not parsed by the resource protocol handler */ "use strict"; const specs = [ "resource://res-test//", "resource://res-test/?foo=http:", "resource://res-test/?foo=" + encodeURIComponent("http://example.com/"), "resource://res-test/?foo=" + encodeURIComponent("x\\y"), "resource://res-test/..%2F", "resource://res-test/..%2f", "resource://res-test/..%2F..", "resource://res-test/..%2f..", "resource://res-test/../../", "resource://res-test/http://www.mozilla.org/", "resource://res-test/file:///", ]; const error_specs = [ "resource://res-test/..\\", "resource://res-test/..\\..\\", "resource://res-test/..%5C", "resource://res-test/..%5c", ]; // Create some fake principal that has not enough // privileges to access any resource: uri. var uri = NetUtil.newURI("http://www.example.com"); var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {}); function get_channel(spec) { var channel = NetUtil.newChannel({ uri: NetUtil.newURI(spec), loadingPrincipal: principal, securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, }); Assert.throws( () => { channel.asyncOpen(null); }, /NS_ERROR_DOM_BAD_URI/, `asyncOpen() of uri: ${spec} should throw` ); Assert.throws( () => { channel.open(); }, /NS_ERROR_DOM_BAD_URI/, `Open() of uri: ${spec} should throw` ); return channel; } function check_safe_resolution(spec, rootURI) { info(`Testing URL "${spec}"`); let channel = get_channel(spec); ok( channel.name.startsWith(rootURI), `URL resolved safely to ${channel.name}` ); let startOfQuery = channel.name.indexOf("?"); if (startOfQuery == -1) { ok(!/%2f/i.test(channel.name), `URL contains no escaped / characters`); } else { // Escaped slashes are allowed in the query or hash part of the URL ok( !channel.name.replace(/\?.*/, "").includes("%2f"), `URL contains no escaped slashes before the query ${channel.name}` ); } } function check_resolution_error(spec) { Assert.throws( () => { get_channel(spec); }, /NS_ERROR_MALFORMED_URI/, "Expected a malformed URI error" ); } function run_test() { // resource:/// and resource://gre/ are resolved specially, so we need // to create a temporary resource package to test the standard logic // with. let resProto = Cc["@mozilla.org/network/protocol;1?name=resource"].getService( Ci.nsIResProtocolHandler ); let rootFile = Services.dirsvc.get("GreD", Ci.nsIFile); let rootURI = Services.io.newFileURI(rootFile); rootFile.append("directory-that-does-not-exist"); let inexistentURI = Services.io.newFileURI(rootFile); resProto.setSubstitution("res-test", rootURI); resProto.setSubstitution("res-inexistent", inexistentURI); registerCleanupFunction(() => { resProto.setSubstitution("res-test", null); resProto.setSubstitution("res-inexistent", null); }); let baseRoot = resProto.resolveURI(Services.io.newURI("resource:///")); let greRoot = resProto.resolveURI(Services.io.newURI("resource://gre/")); for (let spec of specs) { check_safe_resolution(spec, rootURI.spec); check_safe_resolution( spec.replace("res-test", "res-inexistent"), inexistentURI.spec ); check_safe_resolution(spec.replace("res-test", ""), baseRoot); check_safe_resolution(spec.replace("res-test", "gre"), greRoot); } for (let spec of error_specs) { check_resolution_error(spec); } }
¤ Dauer der Verarbeitung: 0.3 Sekunden ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-02