blob: eb1cfee4e96103cc2d1cc0bb851534eab06b8881 [file] [log] [blame]
<html>
<head>
<script>
// Identify the link by id and click on it.
// targetId: document element id
// newTab: whether open link in new tab.
function clickLink(targetId, newTab) {
var node = document.getElementById(targetId);
if (newTab == 1) {
// Click and opens link in new tab.
var evt = document.createEvent("MouseEvents");
evt.initMouseEvent("click", false, true, window, 0, 0, 0, 0, 0,
newTab, false, false, false, 0, null);
node.dispatchEvent(evt);
} else {
// Click and open link in the same tab.
node.click();
}
}
// Helper function to query string parmeter in the URL.
function getParameterByName(name) {
url = window.location.href;
name = name.replace(/[\[\]]/g, "\\$&");
var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
results = regex.exec(url);
if (!results) return null;
if (!results[2]) return '';
return decodeURIComponent(results[2].replace(/\+/g, " "));
}
// Start test case based on URL query string paramter.
function startTestCase() {
var node = getParameterByName("test_case");
var openInNewTab = getParameterByName("new_tab");
if (node != null)
clickLink(node, openInNewTab);
}
// Trigger a download in new tab and old tab navigate to an irrelevant page.
function downloadInNewTab(willNavigateAway) {
var tab = window.open('');
tab.opener = null;
tab.document.write('<META HTTP-EQUIV="refresh" content="0; url=../signed.exe">');
tab.document.close();
if (willNavigateAway)
window.location.href = "safe_page.html";
}
// Trigger download in a new tab and the download is from a data url.
function downloadInNewTabWithDataURL() {
var tab = window.open('');
tab.opener = null;
tab.document.write('<META HTTP-EQUIV="refresh" content="0; url=data:application/octet-stream;base64,a2poYWxrc2hkbGtoYXNka2xoYXNsa2RoYWxraGtoYWxza2hka2xzamFoZGxramhhc2xka2hhc2xrZGgKYXNrZGpoa2FzZGpoYWtzaGRrYXNoZGtoYXNrZGhhc2tkaGthc2hka2Foc2RraGFrc2hka2FzaGRraGFzCmFza2pkaGFrc2hkbSxjbmtzamFoZGtoYXNrZGhhc2tka2hrYXNkCjg3MzQ2ODEyNzQ2OGtqc2hka2FoZHNrZGhraApha3NqZGthc2Roa3NkaGthc2hka2FzaGtkaAohISomXkAqJl4qYWhpZGFzeWRpeWlhc1xcb1wKa2Fqc2Roa2FzaGRrYXNoZGsKYWtzamRoc2tkaAplbmQK">');
tab.document.close();
}
// Trigger download by using html5 system API.
var fileLocation = null;
(function getFileLocationByHtml5FileSystemAPI(){
var errorize = function(e){console.log(e);};
var filename = 'msghello-bypass.exe';
var blob = new Blob([new Uint8Array([1, 2, 3, 4])],{type:'application/octet-stream'});
window.webkitRequestFileSystem(
window.TEMPORARY,1048576,
function(fs){
var createFile = function(){
fs.root.getFile(
filename,
{create:true, exclusive:true},
function(fileEntry){
fileEntry.createWriter(
function(writer){
writer.onwriteend = function(){fileLocation = fileEntry.toURL();};
writer.onerror = errorize;
writer.write(blob);
},
errorize);
},
errorize);
};
fs.root.getFile(
filename,{create:false},
function(fileEntry){
fileEntry.remove(createFile,errorize);
},
createFile);
},
errorize);
})();
</script>
</head>
<body onload="startTestCase();">
<a id="direct_download" href="../signed.exe">Direct download</a><br>
<a id="noreferrer" href="../signed.exe" rel="noreferrer">Direct download noreferrer</a><br>
<a id="single_meta_refresh_redirect" href="redirect.html" >Redirect download</a><br>
<a id="single_meta_refresh_redirect_noreferrer" href="redirect.html" rel="noreferrer">Redirect download with noreferrer</a><br>
<a id="multiple_meta_refresh_redirects" href="double_redirect.html"> Redirect download multiple times</a><br>
<a id="new_tab_download" href="#" onclick="downloadInNewTab(false)"> Open download in new tab</a><br>
<a id="new_tab_download_navigate_away" href="#" onclick="downloadInNewTab(true)"> Open download in new tab and navigate away </a><br>
<a id="new_tab_download_with_data_url" href="#" onclick="downloadInNewTabWithDataURL()"> Open download in new tab with data url </a><br>
<button id="html5_file_api" onclick="window.location.href=fileLocation; return false"> Download via html5 file system API</button><br>
More testing cases are coming soon...
</body>
</html>