The Tor Browser / annotate

content/base/test/browser_bug593387.js@6474c204b198 (annotated)

content/base/test/browser_bug593387.js

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 /*
michael@0 2 * Test for bug 593387
michael@0 3 * Loads a chrome document in a content docshell and then inserts a
michael@0 4 * X-Frame-Options: DENY iframe into the document and verifies that the document
michael@0 5 * loads. The policy we are enforcing is outlined here:
michael@0 6 * https://bugzilla.mozilla.org/show_bug.cgi?id=593387#c17
michael@0 7 */
michael@0 8 var newBrowser;
michael@0 9
michael@0 10 function test() {
michael@0 11 waitForExplicitFinish();
michael@0 12
michael@0 13 var newTab = gBrowser.addTab();
michael@0 14 gBrowser.selectedTab = newTab;
michael@0 15 newBrowser = gBrowser.getBrowserForTab(newTab);
michael@0 16 //alert(newBrowser.contentWindow);
michael@0 17
michael@0 18 newBrowser.addEventListener("load", testXFOFrameInChrome, true);
michael@0 19 newBrowser.contentWindow.location = "chrome://global/content/mozilla.xhtml";
michael@0 20 }
michael@0 21
michael@0 22 function testXFOFrameInChrome() {
michael@0 23 newBrowser.removeEventListener("load", testXFOFrameInChrome, true);
michael@0 24
michael@0 25 // Insert an iframe that specifies "X-Frame-Options: DENY" and verify
michael@0 26 // that it loads, since the top context is chrome
michael@0 27 var frame = newBrowser.contentDocument.createElement("iframe");
michael@0 28 frame.src = "http://mochi.test:8888/tests/content/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
michael@0 29 frame.addEventListener("load", function() {
michael@0 30 frame.removeEventListener("load", arguments.callee, true);
michael@0 31
michael@0 32 // Test that the frame loaded
michael@0 33 var test = this.contentDocument.getElementById("test");
michael@0 34 is(test.tagName, "H1", "wrong element type");
michael@0 35 is(test.textContent, "deny", "wrong textContent");
michael@0 36
michael@0 37 // Run next test (try the same with a content top-level context)
michael@0 38 newBrowser.addEventListener("load", testXFOFrameInContent, true);
michael@0 39 newBrowser.contentWindow.location = "http://example.com/";
michael@0 40 }, true);
michael@0 41
michael@0 42 newBrowser.contentDocument.body.appendChild(frame);
michael@0 43 }
michael@0 44
michael@0 45 function testXFOFrameInContent() {
michael@0 46 newBrowser.removeEventListener("load", testXFOFrameInContent, true);
michael@0 47
michael@0 48 // Insert an iframe that specifies "X-Frame-Options: DENY" and verify that it
michael@0 49 // is blocked from loading since the top browsing context is another site
michael@0 50 var frame = newBrowser.contentDocument.createElement("iframe");
michael@0 51 frame.src = "http://mochi.test:8888/tests/content/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
michael@0 52 frame.addEventListener("load", function() {
michael@0 53 frame.removeEventListener("load", arguments.callee, true);
michael@0 54
michael@0 55 // Test that the frame DID NOT load
michael@0 56 var test = this.contentDocument.getElementById("test");
michael@0 57 is(test, undefined, "should be about:blank");
michael@0 58
michael@0 59 // Finalize the test
michael@0 60 gBrowser.removeCurrentTab();
michael@0 61 finish();
michael@0 62 }, true);
michael@0 63
michael@0 64 newBrowser.contentDocument.body.appendChild(frame);
michael@0 65 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial