browser/components/sessionstore/test/browser_463205.js@6474c204b198 (annotated)
browser/components/sessionstore/test/browser_463205.js
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* Any copyright is dedicated to the Public Domain. |
| michael@0 | 2 | * http://creativecommons.org/publicdomain/zero/1.0/ */ |
| michael@0 | 3 | |
| michael@0 | 4 | "use strict"; |
| michael@0 | 5 | |
| michael@0 | 6 | const URL = ROOT + "browser_463205_sample.html"; |
| michael@0 | 7 | |
| michael@0 | 8 | /** |
| michael@0 | 9 | * Bug 463205 - Check URLs before restoring form data to make sure a malicious |
| michael@0 | 10 | * website can't modify frame URLs and make us inject form data into the wrong |
| michael@0 | 11 | * web pages. |
| michael@0 | 12 | */ |
| michael@0 | 13 | add_task(function test_check_urls_before_restoring() { |
| michael@0 | 14 | // Add a blank tab. |
| michael@0 | 15 | let tab = gBrowser.addTab("about:blank"); |
| michael@0 | 16 | let browser = tab.linkedBrowser; |
| michael@0 | 17 | yield promiseBrowserLoaded(browser); |
| michael@0 | 18 | |
| michael@0 | 19 | // Restore form data with a valid URL. |
| michael@0 | 20 | ss.setTabState(tab, getState(URL)); |
| michael@0 | 21 | yield promiseTabRestored(tab); |
| michael@0 | 22 | |
| michael@0 | 23 | let value = yield getInputValue(browser, {id: "text"}); |
| michael@0 | 24 | is(value, "foobar", "value was restored"); |
| michael@0 | 25 | |
| michael@0 | 26 | // Restore form data with an invalid URL. |
| michael@0 | 27 | ss.setTabState(tab, getState("http://example.com/")); |
| michael@0 | 28 | yield promiseTabRestored(tab); |
| michael@0 | 29 | |
| michael@0 | 30 | let value = yield getInputValue(browser, {id: "text"}); |
| michael@0 | 31 | is(value, "", "value was not restored"); |
| michael@0 | 32 | |
| michael@0 | 33 | // Cleanup. |
| michael@0 | 34 | gBrowser.removeTab(tab); |
| michael@0 | 35 | }); |
| michael@0 | 36 | |
| michael@0 | 37 | function getState(url) { |
| michael@0 | 38 | return JSON.stringify({ |
| michael@0 | 39 | entries: [{url: URL}], |
| michael@0 | 40 | formdata: {url: url, id: {text: "foobar"}} |
| michael@0 | 41 | }); |
| michael@0 | 42 | } |
