Tests/LibWeb: Verify XHR.open() throws on forbidden method

This verifies that XHR.open() throws a Security Error when 'CONNECT', 'TRACE', or 'TRACK' is passed as the method argument.
Author: https://github.com/kennethmyhra Commit: https://github.com/SerenityOS/serenity/commit/68fa8f52b4 Pull-request: https://github.com/SerenityOS/serenity/pull/22084
2024-11-26 17:40:27 +00:00 · 2023-11-25 19:39:11 +01:00 · 2023-11-25 19:39:11 +01:00 · 68fa8f52b4 · 2024-07-17 03:59:29 +09:00
commit 68fa8f52b4
parent eb6a7ccc59
2 changed files with 21 additions and 0 deletions
--- a/Tests/LibWeb/Text/expected/XHR/XMLHttpRequest-forbidden-method.txt
+++ b/Tests/LibWeb/Text/expected/XHR/XMLHttpRequest-forbidden-method.txt
@ -0,0 +1 @@
+PASS
--- a/Tests/LibWeb/Text/input/XHR/XMLHttpRequest-forbidden-method.html
+++ b/Tests/LibWeb/Text/input/XHR/XMLHttpRequest-forbidden-method.html
@ -0,0 +1,20 @@
+<script src="../include.js"></script>
+<script>
+    test(() => {
+        const forbiddenMethods = ["CONNECT", "TRACE", "TRACK"];
+        const SECURITY_ERR = 18;
+        let i = 0;
+        for (const method of forbiddenMethods) {
+            const xhr = new XMLHttpRequest();
+            try {
+                xhr.open(method, "data:text/plain,", true);
+            }
+            catch (e) {
+                if (e.code === SECURITY_ERR)
+                    i += 1;
+            }
+        }
+        if (i === forbiddenMethods.length)
+            println("PASS");
+    });
+</script>