| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Firefox/dom/security/test/csp/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 2 kB |
|
Quelle test_iframe_sandbox_top_1.html Sprache: HTML |
|||||||||||||||||
<!DOCTYPE HTML> <html> <!-- https://bugzilla.mozilla.org/show_bug.cgi?id=671389 Bug 671389 - Implement CSP sandbox directive Tests CSP sandbox attribute on top-level page. Minimal flags: allow-same-origin allow-scripts: Since we need to load the SimpleTest files, we have to set the allow-same-origin flag. Additionally, we set the allow-scripts flag since we need JS to check the flags. Though not necessary, for this test we also set the allow-forms flag. We may later wish to extend the testing suite with sandbox_csp_top_* tests that set different permutations of the flags. CSP header: Content-Security-Policy: sandbox allow-forms allow-scripts allow-same-orig --> <head> <meta charset="utf-8"> <title>Tests for Bug 671389</title> <script src="/tests/SimpleTest/SimpleTest.js"></script> <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> </head> <script type="application/javascript"> SimpleTest.waitForExplicitFinish(); // Check if two sandbox flags are the same. // getSandboxFlags returns a list of sandbox flags (if any) or // null if the flag is not set. // This function checks if two flags are the same, i.e., they're // either not set or have the same flags. function eqFlags(a, b) { if (a === null && b === null) { return true; } if (a === null || b === null) { return false; } if (a.length !== b.length) { return false; } var a_sorted = a.sort(); var b_sorted = b.sort(); for (var i in a_sorted) { if (a_sorted[i] !== b_sorted[i]) { return false; } } return true; } // Get the sandbox flags of document doc. // If the flag is not set sandboxFlagsAsString returns null, // this function also returns null. // If the flag is set it may have some flags; in this case // this function returns the (potentially empty) list of flags. function getSandboxFlags(doc) { var flags = doc.sandboxFlagsAsString; if (flags === null) { return null; } return flags? flags.split(" "):[]; } function checkFlags(expected) { try { var flags = getSandboxFlags(SpecialPowers.wrap(document)); ok(eqFlags(flags, expected), name + ' expected: "' + expected + '", got: "' + flags + '"'); } catch (e) { ok(false, name + ' expected "' + expected + ', but failed with ' + e); } SimpleTest.finish(); } </script> <body onLoad='checkFlags(["allow-forms", "allow-scripts", "allow-same-origin"]);'> <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=671389">Mozill <p id="display"></p> <div id="content"> I am a top-level page sandboxed with "allow-scripts allow-forms allow-same-origin". </div> </body> </html>
¤ Dauer der Verarbeitung: 0.1 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||||
2026-04-02