search

whatwg / mimesniff

MIME Sniffing Standard
https://mimesniff.spec.whatwg.org/
Other
109 stars 44 forks source link

Sort out sniffing tests #25

Open annevk opened 7 years ago

annevk commented 7 years ago
  1. Find any existing tests.
  2. Review them against the current standard.
  3. Revise and write new tests.
GPHemsley commented 7 years ago

I don't remember what they do, but I have some tests here: http://whatwg.gphemsley.org/tests/mimesniff/

annevk commented 6 years ago

Once this is fixed, close https://github.com/w3c/web-platform-tests/issues/1851.

dd8 commented 6 years ago

We've written some test cases - they're the source of issues from the last few days. Happy to contribute them, but not sure where they should go and they probably need some infrastructure (e.g. an HTTP server with a way of mis-configuring Content-Type for each test case)

annevk commented 6 years ago

@dd8 great; a subdirectory of https://github.com/w3c/web-platform-tests/tree/master/mimesniff would be the place I think. That also has such server infrastructure. Not sure how to run these from a browser though. Probably gonna have to be manual to some extent.

dd8 commented 6 years ago

Hoping to do something that can be used for automated testing at implementation level - harder to automate using JS in-browser. At implementation level we'll do something this:

foreach ( test in JSON_testsuite ) {
assert( MimeSniffer.Sniff( test.inputMime, test.inputFile ) == test.outputMime )
}

driven by a JSON file like this:

  "All good text/html",
  {
    "inputMime": "text/htm",
    "inputFile": "test.html",
    "inputHeader": "",
    "outputMime": "text/html"
  },
  "Nosniff content-type text/html",
  {
    "inputMime": "",
    "inputFile": "test.html",
    "inputHeader": "X-Content-Type-Options: nosniff",
    "outputMime": "text/html",
  },
annevk commented 6 years ago

That looks pretty good. (I agree that we want a reusable setup like that. I was just wondering what kind of frontend we could use that would work across browsers. Perhaps some of it can be automated, for the resources that don't end up downloaded.)

dd8 commented 6 years ago

For Mozilla you could use Document.contentType. For other browsers is there a DevTools API accessible within browser?

foreach ( test in JSON_testsuite ) {
 document.getElementById( "iframe_test" ).location.href = test.inputFile;
 // wait till loaded
 var actualMime = document.getElementById( "iframe_test" ).contentWindow.document.contentType;
 assert( actualMime == test.outputMime )
}

https://developer.mozilla.org/en-US/docs/Web/API/Document/contentType

annevk commented 6 years ago

Ah yes, contentType ought to be available in other browsers too (part of the DOM Standard) so maybe if they don't implement it yet, they will to benefit from these tests...

domenic commented 6 years ago

I think that'll only work for types that the browser puts into a Document, like images and videos. Ones that it tries to download (like PDFs in many browsers) or doesn't do anything with (like fonts?) probably won't work as well...

annevk commented 6 years ago

Yeah, we need a manual wrapper for the remainder I'm afraid (or possibly get a WebDriver hook).