Mypal/dom/base/test/test_bug704320_policyset.html

<!DOCTYPE HTML>
<html>
<!--
This checks if the right policies are applied from a given string (including whitespace, invalid policy strings, etc).  It doesn't do a complete check for all load types; that's done in another test.
https://bugzilla.mozilla.org/show_bug.cgi?id=704320
-->

<head>
  <meta charset="utf-8">
  <title>Test policies for Bug 704320</title>
  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="application/javascript" src="referrerHelper.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>

<script type="application/javascript;version=1.7">

SimpleTest.waitForExplicitFinish();
var advance = function() { tests.next(); };

/**
 * This is the main test routine -- serialized by use of a generator.
 * It resets the counter, then performs two tests in sequence using
 * the same iframe.
 */
var tests = (function() {
  var iframe = document.getElementById("testframe");
  const sjs = "/tests/dom/base/test/bug704320.sjs?action=generate-policy-test";


  // basic calibration check
  // reset the counter
  yield resetCounter();

  // load the first test frame
  // it will call back into this function via postMessage when it finishes loading.
  // and continue beyond the yield.
  yield iframe.src = sjs + "&policy=" + escape('default');

  // check the first test (two images, no referrers)
  yield checkIndividualResults("default", ["full"]);

  // check invalid policy
  // According to the spec section Determine token's Policy,if there is a policy
  // token and it is not one of the expected tokens, Empty string should be the
  // policy used.
  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape('invalid-policy');
  yield checkIndividualResults("invalid", ["full"]);

  // whitespace checks.
  // according to the spec section 4.1, the content attribute's value
  // is fed to the token policy algorithm after stripping leading and
  // trailing whitespace.
  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape('default   ');
  yield checkIndividualResults("trailing whitespace", ["full"]);

  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape(' origin\f');
  yield checkIndividualResults("trailing form feed", ["origin"]);

  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape('\f origin');
  yield checkIndividualResults("leading form feed", ["origin"]);

  // origin when cross-origin (trimming whitespace)
  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape(' origin-when-cross-origin');
  yield checkIndividualResults("origin-when-cross-origin", ["origin", "full"]);

  // according to the spec section 4.1:
  // "If the meta element lacks a content attribute, or if that attribute’s
  //  value is the empty string, then abort these steps."
  // This means empty or missing content attribute means to ignore the meta
  // tag and use default policy.
  // Whitespace here is space, tab, LF, FF and CR.
  // http://www.w3.org/html/wg/drafts/html/CR/infrastructure.html#space-character
  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape(' \t  ');
  yield checkIndividualResults("basic whitespace only policy", ["full"]);

  // and double-check that no-referrer works.
  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape('no-referrer');
  yield checkIndividualResults("no-referrer", ["none"]);

  // Case insensitive
  yield resetCounter();
  yield iframe.src = sjs + "&policy=" + escape('\f OrigIn');
  yield checkIndividualResults("origin case insensitive", ["origin"]);

  // complete.  Be sure to yield so we don't call this twice.
  yield SimpleTest.finish();
})();

</script>
</head>

<body onload="tests.next();">
  <iframe id="testframe"></iframe>

</body>
</html>