test_unsecureRedirect.html - This HTML code creates a test …

/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html

http://github.com/zpao/v8monkey · HTML · 33 lines · 28 code · 5 blank · 0 comment · 0 complexity · 9300c64cdcf1f2e5df2722d2d6801a32 MD5 · raw file


<!DOCTYPE HTML>
<html>
<head>
  <title>Redirect from secure to unsecure img</title>
  <script type="text/javascript" src="/MochiKit/Base.js"></script>
  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
  <script type="text/javascript" src="/MochiKit/Style.js"></script>
  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="mixedContentTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />

  <script class="testbody" type="text/javascript">

  function runTest()
  {
    isSecurityState("broken", "insecure <img> load breaks security");
    finish();
  }

  function afterNavigationTest()
  {
    isSecurityState("broken", "security still broken after navigation");
    finish();
  }

  </script>
</head>

<body>
  <img src="https://example.com/tests/security/ssl/mixedcontent/imgunsecredirect.sjs" />
</body>
</html>

Summary ✨

This HTML code creates a test page that loads an image from a URL with mixed content, which is both secure and insecure. The script checks if the security state of the page remains broken after loading the image, demonstrating a vulnerability in handling mixed content. It also tests navigation to ensure the issue persists.

Alerts (2)

'<img' Image missing alt attribute; add alt text for accessibility
17 31