browser/components/sessionstore/test/browser_466937.js@6474c204b198 (annotated)
browser/components/sessionstore/test/browser_466937.js
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* Any copyright is dedicated to the Public Domain. |
| michael@0 | 2 | * http://creativecommons.org/publicdomain/zero/1.0/ */ |
| michael@0 | 3 | |
| michael@0 | 4 | "use strict"; |
| michael@0 | 5 | |
| michael@0 | 6 | const URL = ROOT + "browser_466937_sample.html"; |
| michael@0 | 7 | |
| michael@0 | 8 | /** |
| michael@0 | 9 | * Bug 466937 - Prevent file stealing with sessionstore. |
| michael@0 | 10 | */ |
| michael@0 | 11 | add_task(function test_prevent_file_stealing() { |
| michael@0 | 12 | // Add a tab with some file input fields. |
| michael@0 | 13 | let tab = gBrowser.addTab(URL); |
| michael@0 | 14 | let browser = tab.linkedBrowser; |
| michael@0 | 15 | yield promiseBrowserLoaded(browser); |
| michael@0 | 16 | |
| michael@0 | 17 | // Generate a path to a 'secret' file. |
| michael@0 | 18 | let file = Services.dirsvc.get("TmpD", Ci.nsIFile); |
| michael@0 | 19 | file.append("466937_test.file"); |
| michael@0 | 20 | file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, parseInt("666", 8)); |
| michael@0 | 21 | let testPath = file.path; |
| michael@0 | 22 | |
| michael@0 | 23 | // Fill in form values. |
| michael@0 | 24 | yield setInputValue(browser, {id: "reverse_thief", value: "/home/user/secret2"}); |
| michael@0 | 25 | yield setInputValue(browser, {id: "bystander", value: testPath}); |
| michael@0 | 26 | |
| michael@0 | 27 | // Duplicate and check form values. |
| michael@0 | 28 | let tab2 = gBrowser.duplicateTab(tab); |
| michael@0 | 29 | let browser2 = tab2.linkedBrowser; |
| michael@0 | 30 | yield promiseTabRestored(tab2); |
| michael@0 | 31 | |
| michael@0 | 32 | let thief = yield getInputValue(browser2, {id: "thief"}); |
| michael@0 | 33 | is(thief, "", "file path wasn't set to text field value"); |
| michael@0 | 34 | let reverse_thief = yield getInputValue(browser2, {id: "reverse_thief"}); |
| michael@0 | 35 | is(reverse_thief, "", "text field value wasn't set to full file path"); |
| michael@0 | 36 | let bystander = yield getInputValue(browser2, {id: "bystander"}); |
| michael@0 | 37 | is(bystander, testPath, "normal case: file path was correctly preserved"); |
| michael@0 | 38 | |
| michael@0 | 39 | // Cleanup. |
| michael@0 | 40 | gBrowser.removeTab(tab); |
| michael@0 | 41 | gBrowser.removeTab(tab2); |
| michael@0 | 42 | }); |
