browser/components/sessionstore/test/browser_459906.js@6474c204b198 (annotated)
browser/components/sessionstore/test/browser_459906.js
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | function test() { |
| michael@0 | 6 | /** Test for Bug 459906 **/ |
| michael@0 | 7 | |
| michael@0 | 8 | waitForExplicitFinish(); |
| michael@0 | 9 | |
| michael@0 | 10 | let testURL = "http://mochi.test:8888/browser/" + |
| michael@0 | 11 | "browser/components/sessionstore/test/browser_459906_sample.html"; |
| michael@0 | 12 | let uniqueValue = "<b>Unique:</b> " + Date.now(); |
| michael@0 | 13 | |
| michael@0 | 14 | var frameCount = 0; |
| michael@0 | 15 | let tab = gBrowser.addTab(testURL); |
| michael@0 | 16 | tab.linkedBrowser.addEventListener("load", function(aEvent) { |
| michael@0 | 17 | // wait for all frames to load completely |
| michael@0 | 18 | if (frameCount++ < 2) |
| michael@0 | 19 | return; |
| michael@0 | 20 | tab.linkedBrowser.removeEventListener("load", arguments.callee, true); |
| michael@0 | 21 | |
| michael@0 | 22 | let iframes = tab.linkedBrowser.contentWindow.frames; |
| michael@0 | 23 | iframes[1].document.body.innerHTML = uniqueValue; |
| michael@0 | 24 | |
| michael@0 | 25 | frameCount = 0; |
| michael@0 | 26 | let tab2 = gBrowser.duplicateTab(tab); |
| michael@0 | 27 | tab2.linkedBrowser.addEventListener("load", function(aEvent) { |
| michael@0 | 28 | // wait for all frames to load (and reload!) completely |
| michael@0 | 29 | if (frameCount++ < 2) |
| michael@0 | 30 | return; |
| michael@0 | 31 | tab2.linkedBrowser.removeEventListener("load", arguments.callee, true); |
| michael@0 | 32 | |
| michael@0 | 33 | executeSoon(function() { |
| michael@0 | 34 | let iframes = tab2.linkedBrowser.contentWindow.frames; |
| michael@0 | 35 | if (iframes[1].document.body.innerHTML !== uniqueValue) { |
| michael@0 | 36 | // Poll again the value, since we can't ensure to run |
| michael@0 | 37 | // after SessionStore has injected innerHTML value. |
| michael@0 | 38 | // See bug 521802. |
| michael@0 | 39 | info("Polling for innerHTML value"); |
| michael@0 | 40 | setTimeout(arguments.callee, 100); |
| michael@0 | 41 | return; |
| michael@0 | 42 | } |
| michael@0 | 43 | |
| michael@0 | 44 | is(iframes[1].document.body.innerHTML, uniqueValue, |
| michael@0 | 45 | "rich textarea's content correctly duplicated"); |
| michael@0 | 46 | |
| michael@0 | 47 | let innerDomain = null; |
| michael@0 | 48 | try { |
| michael@0 | 49 | innerDomain = iframes[0].document.domain; |
| michael@0 | 50 | } |
| michael@0 | 51 | catch (ex) { /* throws for chrome: documents */ } |
| michael@0 | 52 | is(innerDomain, "mochi.test", "XSS exploit prevented!"); |
| michael@0 | 53 | |
| michael@0 | 54 | // clean up |
| michael@0 | 55 | gBrowser.removeTab(tab2); |
| michael@0 | 56 | gBrowser.removeTab(tab); |
| michael@0 | 57 | |
| michael@0 | 58 | finish(); |
| michael@0 | 59 | }); |
| michael@0 | 60 | }, true); |
| michael@0 | 61 | }, true); |
| michael@0 | 62 | } |
