| <html> |
| <head> |
| <script> |
| // Identify the link by id and click on it. |
| // targetId: document element id |
| // newTab: whether open link in new tab. |
| function clickLink(targetId, newTab) { |
| var node = document.getElementById(targetId); |
| if (newTab == 1) { |
| // Click and opens link in new tab. |
| var evt = document.createEvent("MouseEvents"); |
| evt.initMouseEvent("click", false, true, window, 0, 0, 0, 0, 0, |
| newTab, false, false, false, 0, null); |
| node.dispatchEvent(evt); |
| } else { |
| // Click and open link in the same tab. |
| node.click(); |
| } |
| } |
| |
| // Helper function to query string parmeter in the URL. |
| function getParameterByName(name) { |
| url = window.location.href; |
| name = name.replace(/[\[\]]/g, "\\$&"); |
| var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"), |
| results = regex.exec(url); |
| if (!results) return null; |
| if (!results[2]) return ''; |
| return decodeURIComponent(results[2].replace(/\+/g, " ")); |
| } |
| |
| // Start test case based on URL query string paramter. |
| function startTestCase() { |
| var node = getParameterByName("test_case"); |
| var openInNewTab = getParameterByName("new_tab"); |
| if (node != null) |
| clickLink(node, openInNewTab); |
| } |
| |
| // Trigger a download in new tab and old tab navigate to an irrelevant page. |
| function downloadInNewTab(willNavigateAway) { |
| var tab = window.open(''); |
| tab.opener = null; |
| tab.document.write('<META HTTP-EQUIV="refresh" content="0; url=../signed.exe">'); |
| tab.document.close(); |
| if (willNavigateAway) |
| window.location.href = "safe_page.html"; |
| } |
| |
| // Trigger download in a new tab and the download is from a data url. |
| function downloadInNewTabWithDataURL() { |
| var tab = window.open(''); |
| tab.opener = null; |
| tab.document.write('<META HTTP-EQUIV="refresh" content="0; url=data:application/octet-stream;base64,a2poYWxrc2hkbGtoYXNka2xoYXNsa2RoYWxraGtoYWxza2hka2xzamFoZGxramhhc2xka2hhc2xrZGgKYXNrZGpoa2FzZGpoYWtzaGRrYXNoZGtoYXNrZGhhc2tkaGthc2hka2Foc2RraGFrc2hka2FzaGRraGFzCmFza2pkaGFrc2hkbSxjbmtzamFoZGtoYXNrZGhhc2tka2hrYXNkCjg3MzQ2ODEyNzQ2OGtqc2hka2FoZHNrZGhraApha3NqZGthc2Roa3NkaGthc2hka2FzaGtkaAohISomXkAqJl4qYWhpZGFzeWRpeWlhc1xcb1wKa2Fqc2Roa2FzaGRrYXNoZGsKYWtzamRoc2tkaAplbmQK">'); |
| tab.document.close(); |
| } |
| |
| // Trigger download by using html5 system API. |
| var fileLocation = null; |
| (function getFileLocationByHtml5FileSystemAPI(){ |
| var errorize = function(e){console.log(e);}; |
| var filename = 'msghello-bypass.exe'; |
| var blob = new Blob([new Uint8Array([1, 2, 3, 4])],{type:'application/octet-stream'}); |
| window.webkitRequestFileSystem( |
| window.TEMPORARY,1048576, |
| function(fs){ |
| var createFile = function(){ |
| fs.root.getFile( |
| filename, |
| {create:true, exclusive:true}, |
| function(fileEntry){ |
| fileEntry.createWriter( |
| function(writer){ |
| writer.onwriteend = function(){fileLocation = fileEntry.toURL();}; |
| writer.onerror = errorize; |
| writer.write(blob); |
| }, |
| errorize); |
| }, |
| errorize); |
| }; |
| fs.root.getFile( |
| filename,{create:false}, |
| function(fileEntry){ |
| fileEntry.remove(createFile,errorize); |
| }, |
| createFile); |
| }, |
| errorize); |
| })(); |
| </script> |
| </head> |
| <body onload="startTestCase();"> |
| <a id="direct_download" href="../signed.exe">Direct download</a><br> |
| <a id="noreferrer" href="../signed.exe" rel="noreferrer">Direct download noreferrer</a><br> |
| <a id="single_meta_refresh_redirect" href="redirect.html" >Redirect download</a><br> |
| <a id="single_meta_refresh_redirect_noreferrer" href="redirect.html" rel="noreferrer">Redirect download with noreferrer</a><br> |
| <a id="multiple_meta_refresh_redirects" href="double_redirect.html"> Redirect download multiple times</a><br> |
| <a id="new_tab_download" href="#" onclick="downloadInNewTab(false)"> Open download in new tab</a><br> |
| <a id="new_tab_download_navigate_away" href="#" onclick="downloadInNewTab(true)"> Open download in new tab and navigate away </a><br> |
| <a id="new_tab_download_with_data_url" href="#" onclick="downloadInNewTabWithDataURL()"> Open download in new tab with data url </a><br> |
| <button id="html5_file_api" onclick="window.location.href=fileLocation; return false"> Download via html5 file system API</button><br> |
| More testing cases are coming soon... |
| </body> |
| </html> |