Bug 1229639 - Part 2: Test case. r=ckerschb
MozReview-Commit-ID: GbofB6JoFil
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_bug1229639.html
@@ -0,0 +1,7 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+ <body>
+ <!-- this should be allowed -->
+ <script src="http://mochi.test:8888/tests/dom/security/test/csp/%24.js"> </script>
+ </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/file_bug1229639.html^headers^
@@ -0,0 +1,1 @@
+Content-Security-Policy: "default-src 'self'; script-src http://mochi.test:8888/tests/dom/security/test/csp/%24.js
\ No newline at end of file
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -76,16 +76,18 @@ support-files =
file_redirects_resource.sjs
file_bug910139.sjs
file_bug910139.xml
file_bug910139.xsl
file_bug909029_star.html
file_bug909029_star.html^headers^
file_bug909029_none.html
file_bug909029_none.html^headers^
+ file_bug1229639.html
+ file_bug1229639.html^headers^
file_policyuri_regression_from_multipolicy.html
file_policyuri_regression_from_multipolicy.html^headers^
file_policyuri_regression_from_multipolicy_policy
file_shouldprocess.html
file_nonce_source.html
file_nonce_source.html^headers^
file_bug941404.html
file_bug941404_xhr.html
@@ -203,16 +205,17 @@ skip-if = (buildapp == 'b2g' && (toolkit
[test_inlinescript.html]
[test_inlinestyle.html]
[test_invalid_source_expression.html]
[test_bug836922_npolicies.html]
[test_bug886164.html]
[test_redirects.html]
[test_bug910139.html]
[test_bug909029.html]
+[test_bug1229639.html]
[test_policyuri_regression_from_multipolicy.html]
[test_nonce_source.html]
[test_bug941404.html]
[test_form-action.html]
skip-if = buildapp == 'b2g' # http-on-opening-request observers are not available in child processes
[test_hash_source.html]
skip-if = buildapp == 'b2g' # can't compute hashes in child process (bug 958702)
[test_scheme_relative_sources.html]
new file mode 100644
--- /dev/null
+++ b/dom/security/test/csp/test_bug1229639.html
@@ -0,0 +1,51 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1229639 - Percent encoded CSP path matching.</title>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content" style="display: none"></div>
+
+<iframe style="width:200px;height:200px;" id='cspframe'></iframe>
+<script class="testbody" type="text/javascript">
+
+// This is used to watch the blocked data bounce off CSP and allowed data
+// get sent out to the wire.
+function examiner() {
+ SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
+ SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
+}
+
+examiner.prototype = {
+ observe: function(subject, topic, data) {
+ if (data === 'http://mochi.test:8888/tests/dom/security/test/csp/%24.js') {
+ is(topic, "specialpowers-http-notify-request");
+ this.remove();
+ SimpleTest.finish();
+ }
+ },
+
+ // must eventually call this to remove the listener,
+ // or mochitests might get borked.
+ remove: function() {
+ SpecialPowers.removeObserver(this, "csp-on-violate-policy");
+ SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
+ }
+}
+
+window.examiner = new examiner();
+
+SimpleTest.waitForExplicitFinish();
+
+// save this for last so that our listeners are registered.
+// ... this loads the testbed of good and bad requests.
+document.getElementById('cspframe').src = 'file_bug1229639.html';
+
+</script>
+</pre>
+</body>
+</html>