# HG changeset patch
# User Henri Sivonen <[email protected]>
# Date 1605719930 0
#      Wed Nov 18 17:18:50 2020 +0000
# Node ID 027514ba89006dfd5c346c307e46ed8f79e358c1
# Parent  782446e715644da3ca8226d0c3413e3fafb69d6f
Bug 1667113 test - Test innerHTML sanitizer in chrome context. r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D93928

diff -r 782446e71564 -r 027514ba8900 dom/security/test/general/chrome.ini
--- a/dom/security/test/general/chrome.ini	Wed Nov 18 17:18:56 2020 +0000
+++ b/dom/security/test/general/chrome.ini	Wed Nov 18 17:18:50 2020 +0000
@@ -3,6 +3,8 @@
     favicon_bug1277803.ico
     bug1277803.html
 
+[test_innerhtml_sanitizer.html]
+[test_innerhtml_sanitizer.xhtml]
 [test_bug1277803.xhtml]
 skip-if = os == 'android' || verify
 
diff -r 782446e71564 -r 027514ba8900 dom/security/test/general/test_innerhtml_sanitizer.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dom/security/test/general/test_innerhtml_sanitizer.html	Wed Nov 18 17:18:50 2020 +0000
@@ -0,0 +1,74 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset=utf-8>
+  <title>Test for Bug 1667113</title>
+  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a>
+<div></div>
+<script>
+SimpleTest.waitForExplicitFinish();
+
+// Please note that 'fakeServer' does not exist because the test relies
+// on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
+// which fire if either the request is blocked or fires. The test does
+// not rely on the result of the load.
+
+function fail() {
+  ok(false, "Should not call this")
+}
+
+function examiner() {
+  SpecialPowers.addObserver(this, "csp-on-violate-policy");
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
+}
+examiner.prototype  = {
+  observe(subject, topic, data) {
+    if (topic === "csp-on-violate-policy") {
+      let asciiSpec = SpecialPowers.getPrivilegedProps(
+                       SpecialPowers.do_QueryInterface(subject, "nsIURI"),
+                       "asciiSpec");
+      if (asciiSpec.includes("fakeServer")) {
+        ok (false, "Should not attempt fetch, not even blocked by CSP.");
+      }
+    }
+
+    if (topic === "specialpowers-http-notify-request") {
+      if (data.includes("fakeServer")) {
+        ok (false, "Should not try fetch");
+      }
+    }
+  },
+  remove() {
+    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
+  }
+}
+
+window.examiner = new examiner();
+
+let div = document.getElementsByTagName("div")[0];
+div.innerHTML = "<svg><style><title><audio src=fakeServer onerror=fail() onload=fail()>";
+
+let svg = div.firstChild;
+is(svg.nodeName, "svg", "Node name should be svg");
+
+let style = svg.firstChild;
+if (style) {
+  is(style.firstChild, null, "Style should not have child nodes.");
+} else {
+  ok(false, "Should have gotten a node.");
+}
+
+
+SimpleTest.executeSoon(function() {
+  window.examiner.remove();
+  SimpleTest.finish();
+});
+
+</script>
+</body>
+</html>
diff -r 782446e71564 -r 027514ba8900 dom/security/test/general/test_innerhtml_sanitizer.xhtml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dom/security/test/general/test_innerhtml_sanitizer.xhtml	Wed Nov 18 17:18:50 2020 +0000
@@ -0,0 +1,73 @@
+<!DOCTYPE HTML>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <title>Test for Bug 1667113</title>
+  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1667113">Mozilla Bug 1667113</a>
+<div></div>
+<script><![CDATA[
+SimpleTest.waitForExplicitFinish();
+
+// Please note that 'fakeServer' does not exist because the test relies
+// on "csp-on-violate-policy" , and "specialpowers-http-notify-request"
+// which fire if either the request is blocked or fires. The test does
+// not rely on the result of the load.
+
+function fail() {
+  ok(false, "Should not call this")
+}
+
+function examiner() {
+  SpecialPowers.addObserver(this, "csp-on-violate-policy");
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request");
+}
+examiner.prototype  = {
+  observe(subject, topic, data) {
+    if (topic === "csp-on-violate-policy") {
+      let asciiSpec = SpecialPowers.getPrivilegedProps(
+                       SpecialPowers.do_QueryInterface(subject, "nsIURI"),
+                       "asciiSpec");
+      if (asciiSpec.includes("fakeServer")) {
+        ok (false, "Should not attempt fetch, not even blocked by CSP.");
+      }
+    }
+
+    if (topic === "specialpowers-http-notify-request") {
+      if (data.includes("fakeServer")) {
+        ok (false, "Should not try fetch");
+      }
+    }
+  },
+  remove() {
+    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
+  }
+}
+
+window.examiner = new examiner();
+
+let div = document.getElementsByTagName("div")[0];
+div.innerHTML = "<svg xmlns='http://www.w3.org/2000/svg'><style><title><audio xmlns='http://www.w3.org/1999/xhtml' src='fakeServer' onerror='fail()' onload='fail()'></audio></title></style></svg>";
+
+let svg = div.firstChild;
+is(svg.nodeName, "svg", "Node name should be svg");
+
+let style = svg.firstChild;
+if (style) {
+  is(style.firstChild, null, "Style should not have child nodes.");
+} else {
+  ok(false, "Should have gotten a node.");
+}
+
+
+SimpleTest.executeSoon(function() {
+  window.examiner.remove();
+  SimpleTest.finish();
+});
+
+]]></script>
+</body>
+</html>