diff -r 5762daf9bc10 docshell/test/Makefile.in
--- a/docshell/test/Makefile.in Mon Aug 16 09:46:35 2010 -0700
+++ b/docshell/test/Makefile.in Tue Aug 17 16:35:39 2010 -0700
@@ -63,6 +63,12 @@
test_bug123696.html \
bug123696-subframe.html \
test_bug344861.html \
+ test_bug354493_1.html \
+ file_bug354493_1.sjs \
+ file_bug354493_1_main.html \
+ file_bug354493_1_main.js \
+ test_bug354493_2.html \
+ file_bug354493_2_main.html \
test_bug369814.html \
bug369814.zip \
bug369814.jar \
diff -r 5762daf9bc10 docshell/test/file_bug354493_1.sjs
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_1.sjs Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,48 @@
+// SJS file for mochitests of bug 354493 (test_bug354493_1.html).
+
+function handleRequest(request, response)
+{
+ var query = {};
+ request.queryString.split('&').forEach(function (val) {
+ var [name, value] = val.split('=');
+ query[name] = unescape(value);
+ });
+
+ //avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ var isPreflight = request.method == "OPTIONS";
+ if (isPreflight) {
+ // Allow cross-site XHR
+ response.setHeader("Access-Control-Allow-Origin", "*");
+ response.setHeader("Access-Control-Allow-Methods", "*");
+ }
+
+ if ("type" in query) {
+ response.setHeader("Content-Type", unescape(query['type']), false);
+ } else {
+ response.setHeader("Content-Type", "text/html", false);
+ }
+
+ if ("redirect" in query) {
+ response.setStatusLine("1.1", 302, "Found");
+ response.setHeader("Location", unescape(query["redirect"]), false);
+
+ } else if ("refresh" in query) {
+ response.setHeader("Refresh", "0; url=" + unescape(query["refresh"]), false);
+ response.write("");
+
+ } else if ("content" in query) {
+ response.write(unescape(query['content']));
+
+ } else if ("testid" in query) {
+ response.write("");
+
+ } else if ("getState" in query) {
+ response.write(received);
+
+ } else if ("resetState" in query) {
+ response.setHeader("Content-Type", "text/html", false);
+ response.write("done");
+ }
+}
diff -r 5762daf9bc10 docshell/test/file_bug354493_1_main.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_1_main.html Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,82 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ arbitrary_private
+ arbitrary_same
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff -r 5762daf9bc10 docshell/test/file_bug354493_1_main.js
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_1_main.js Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,144 @@
+/*
+ * This script is included by file_bug354493_main.html. Various requests are
+ * initiated which test_bug354493.html watches to ensure they are correctly
+ * allowed or blocked.
+ */
+
+function createIframe() {
+ var iframe = window.document.createElement('iframe');
+ window.document.body.appendChild(iframe);
+ return iframe;
+}
+
+function doOnload() {
+
+ var privatePrefix = "http://172.16.0.0/tests/docshell/test/";
+ var samePrefix = window.location.protocol + "//" + window.location.host +
+ "/tests/docshell/test/";
+
+ // Frame src
+ var frame;
+ frame = createIframe();
+ frame.src = privatePrefix + "file_bug354493_1.sjs?testid=frame_src_private";
+ frame = createIframe();
+ frame.src = samePrefix + "file_bug354493_1.sjs?testid=frame_src_same";
+
+ // XHR (file_bug354493_1.sjs allows cross-site XHR)
+ try {
+ var xhr_private = new XMLHttpRequest();
+ var xhr_private_uri = privatePrefix + "file_bug354493_1.sjs?testid=xhr_private";
+ xhr_private.open("GET", xhr_private_uri, false);
+ xhr_private.send(null);
+ } catch(e) {}
+ try {
+ var xhr_same = new XMLHttpRequest();
+ var xhr_same_uri = samePrefix + "file_bug354493_1.sjs?testid=xhr_same";
+ xhr_same.open("GET", xhr_same_uri, false);
+ xhr_same.send(null);
+ } catch(e) {}
+
+ // Form submissions
+ var form = window.document.forms[0];
+ form.action = privatePrefix + "file_bug354493_1.sjs?testid=form_post_private";
+ form.submit();
+ form = window.document.forms[1];
+ form.action = samePrefix + "file_bug354493_1.sjs?testid=form_post_same";
+ form.submit();
+
+ // Frame content sets its own location.href
+ var privateContent = "";
+ var mochiContent = "";
+ frame = createIframe();
+ frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(privateContent);
+ frame = createIframe();
+ frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(mochiContent);
+
+ // Meta refresh
+ var privateContent = "";
+ var mochiContent = "";
+ frame = createIframe();
+ frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(privateContent);
+ frame = createIframe();
+ frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(mochiContent);
+
+ // The opener will close all of the windows we put in |childWindows|.
+ window.childWindows = [];
+ var win;
+
+ // Use of window.open()
+ win = window.open(privatePrefix + "file_bug354493_1.sjs?testid=window_open_private");
+ window.childWindows.push(win);
+ win = window.open(samePrefix + "file_bug354493_1.sjs?testid=window_open_same");
+ window.childWindows.push(win);
+
+ // Write to window opened as "about:blank".
+ win = window.open("about:blank");
+ window.childWindows.push(win);
+ var html = "";
+ html += "";
+ html += "";
+ html += "";
+ win.document.write(html);
+
+ // Write to blank window opened with an empty location ("").
+ // This does actually turn out to be different/trickier than the
+ // window_write_img test above which opens the window with "about:blank".
+ win = window.open("");
+ window.childWindows.push(win);
+ var html = "";
+ html += "";
+ html += "";
+ html += "";
+ win.document.write(html);
+ win.document.close();
+
+ // Iframe with 'data:' URI opens window to 'data:' URI that requests content
+ html = "";
+ html += "";
+ html += "";
+ html += "";
+ // Use a specific window name so it's easier to close the window.
+ var windowName = "dataURIWindow";
+ var openedWindowData = "data:text/html;charset=utf-8," + escape(html);
+ var iframeHtml = "";
+ var iframeData = "data:text/html;charset=utf-8," + escape(iframeHtml);
+ frame = createIframe();
+ frame.src = iframeData;
+
+ // Iframes with 'javascript:' URIs that set their location
+ var uri = "javascript:location.href='" + privatePrefix +
+ "file_bug354493_1.sjs?testid=javascript_uri_private'";
+ frame = createIframe();
+ frame.src = uri;
+ var uri = "javascript:location.href='" + samePrefix +
+ "file_bug354493_1.sjs?testid=javascript_uri_same'";
+ frame = createIframe();
+ frame.src = uri;
+
+ // Flash can be tested by creating a swf using something like the following:
+ // ---- file_bug354493.as ----
+ // class RequestTest {
+ // function RequestTest() {
+ // }
+ // static function main(mc) {
+ // getURL("http://172.16.0.0/tests/docshell/test/" +
+ // "file_bug354493_1.sjs?testid=flash_private");
+ // }
+ // }
+ // ---------------------------
+ // The above actionscript file can be compiled with mtasc:
+ // $ mtasc -swf file_bug354493.swf -main -header 800:600:20 file_bug354493.as
+}
+
+window.addEventListener('load', doOnload, false);
diff -r 5762daf9bc10 docshell/test/file_bug354493_2_main.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_2_main.html Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,12 @@
+
+
+ file_bug354493_2_main.html
+
+
+ This page posts a message back to its opener.
+ public address link
+ private address link
+
+
diff -r 5762daf9bc10 docshell/test/test_bug354493_1.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/test_bug354493_1.html Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,298 @@
+
+
+
+Test 1 for bug 354493
+
+
+
+
+
+
+
+
+
+
+
diff -r 5762daf9bc10 docshell/test/test_bug354493_2.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/test_bug354493_2.html Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,352 @@
+
+
+
+Test 2 for bug 354493
+
+
+
+
+
+
+
+
+
+
+
+
diff -r 5762daf9bc10 netwerk/test/unit/test_addressrestrictionservice.js
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netwerk/test/unit/test_addressrestrictionservice.js Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,113 @@
+/* -*- Mode: JavaScript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+
+/* Tests for the Address Service */
+
+var addrs = Components
+ .classes["@mozilla.org/network/address-restriction-service;1"]
+ .getService(Components.interfaces.nsIAddressRestrictionService);
+
+function run_test() {
+
+ var i;
+
+ if (addrs.ADDRESS_GROUP_UNKNOWN >= addrs.ADDRESS_GROUP_LOCAL) {
+ do_throw("Address group numeric ordering incorrect.");
+ } else if (addrs.ADDRESS_GROUP_LOCAL >= addrs.ADDRESS_GROUP_PRIVATE) {
+ do_throw("Address group numeric ordering incorrect.");
+ } else if (addrs.ADDRESS_GROUP_PRIVATE >= addrs.ADDRESS_GROUP_PUBLIC) {
+ do_throw("Address group numeric ordering incorrect.");
+ }
+
+ // Note that integer strings such as "0" and "123456" get treated like
+ // ipv4 addresses by the underlying PR_StringToNetAddr call. It also
+ // accepts addresses with less than four octets such as:
+ // "1.2" gets interpreted as 1.0.0.2
+ // "1.2.3" gets interpreted as 1.2.0.3
+ var invalidAddresses = [ "1.2.3.256", "::-1", "::z", "[::1]" ];
+
+ for (i = 0; i < invalidAddresses.length; i++) {
+ try {
+ addrs.determineIPAddressGroup(invalidAddresses[i]);
+ do_throw("Bad address didn't throw an exception: " + invalidAddresses[i]);
+ } catch (e) {
+ }
+ }
+
+ // 127.0.0.0/8
+ // 0.0.0.0/8
+ // 169.254.0.0/16
+ // 255.255.255.255/32
+ var v4local = [ "127.0.0.0", "127.0.0.1", "127.255.255.255", "0.0.0.0",
+ "0.255.255.255", "169.254.0.0", "169.254.255.255", "255.255.255.255" ];
+
+ for (i = 0; i < v4local.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_LOCAL, addrs
+ .determineIPAddressGroup(v4local[i]));
+ }
+
+ // 10.0.0.0/8
+ // 172.16.0.0/12
+ // 192.168.0.0/16
+ var v4private = [ "10.0.0.0", "10.255.255.255", "172.16.0.0",
+ "172.31.255.255", "192.168.0.0", "192.168.255.255" ];
+
+ for (i = 0; i < v4private.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_PRIVATE, addrs
+ .determineIPAddressGroup(v4private[i]));
+ }
+
+ // Includes boundary addresses close to local and private addresses.
+ // 192.0.2.0 is a public address that is part of a block set aside for
+ // documentation and examples. We use it as a public address in mochitests.
+ var v4public = [ "126.255.255.255", "128.0.0.0", "1.0.0.0", "169.255.0.0",
+ "169.253.255.255", "192.0.2.0", "255.255.255.254" ];
+
+ for (i = 0; i < v4public.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_PUBLIC, addrs
+ .determineIPAddressGroup(v4public[i]));
+ }
+
+ // ::1/128 -- host-local
+ // fe80::/10 -- link-local
+ var v6local = [ "::1", "0:0:0:0:0:0:0:1", "fe80::",
+ "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff" ];
+
+ for (i = 0; i < v6local.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_LOCAL, addrs
+ .determineIPAddressGroup(v6local[i]));
+ }
+
+ // fc00::/7 -- local comm
+ var v6private = [ "fc00::", "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" ];
+
+ for (i = 0; i < v6private.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_PRIVATE, addrs
+ .determineIPAddressGroup(v6private[i]));
+ }
+
+ // "::0" is public because we don't consider it private or local.
+ var v6public = [ "::0", "::2", "fe4f:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+ "fec0::", "faff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", "fe00::" ];
+
+ for (i = 0; i < v6public.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_PUBLIC, addrs
+ .determineIPAddressGroup(v6public[i]));
+ }
+
+ // Check the v4-mapped ipv6 addresses.
+ // These can legally be written as "::ffff:127.0.0.1".
+ for (i = 0; i < v4local.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_LOCAL, addrs
+ .determineIPAddressGroup("::ffff:" + v4local[i]));
+ }
+ for (i = 0; i < v4private.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_PRIVATE, addrs
+ .determineIPAddressGroup("::ffff:" + v4private[i]));
+ }
+ for (i = 0; i < v4public.length; i++) {
+ do_check_eq(addrs.ADDRESS_GROUP_PUBLIC, addrs
+ .determineIPAddressGroup("::ffff:" + v4public[i]));
+ }
+
+}