The Tor Browser: toolkit/components/passwordmgr/test/test_bug_360493

toolkit/components/passwordmgr/test/test_bug_360493_1.html@6474c204b198 (annotated)

toolkit/components/passwordmgr/test/test_bug_360493_1.html

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Login Manager</title>
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <script type="text/javascript" src="pwmgr_common.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 Login Manager test: 360493
 <p id="display"></p>
 <div id="content" style="display: none">
   <!-- normal form with normal relative action. -->
   <form id="form1" action="formtest.js">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- fully specify the action URL -->
   <form id="form2" action="http://mochi.test:8888/tests/toolkit/components/passwordmgr/test/formtest.js">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- fully specify the action URL, and change the path -->
   <form id="form3" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/formtest.js">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- fully specify the action URL, and change the path and filename -->
   <form id="form4" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/not_a_test.js">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- specify the action URL relative to the current document-->
   <form id="form5" action="./formtest.js">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- specify the action URL relative to the current server -->
   <form id="form6" action="/tests/toolkit/components/passwordmgr/test/formtest.js">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- Change the method from get to post -->
   <form id="form7" action="formtest.js" method="POST">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- Blank action URL specified -->
   <form id="form8" action="">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- |action| attribute entirely missing -->
   <form id="form9" >
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- action url as javascript -->
   <form id="form10" action="javascript:alert('this form is not submitted so this alert should not be invoked');">
     <input  type="text"       name="uname">
     <input  type="password"   name="pword">
     <button type="submit">Submit</button>
     <button type="reset"> Reset </button>
   </form>
   <!-- TODO: action=IP.ADDRESS instead of HOSTNAME? -->
   <!-- TODO: test with |base href="http://othersite//"| ? -->
 </div>
 <pre id="test">
 <script class="testbody" type="text/javascript">
 /** Test for Login Manager: 360493 (Cross-Site Forms + Password
     Manager = Security Failure) **/
 // This test is designed to make sure variations on the form's |action|
 // and |method| continue to work with the fix for 360493.
 commonInit();
 function startTest() {
   for (var i = 1; i <= 9; i++) {
     // Check form i
     is($_(i, "uname").value, "testuser", "Checking for filled username " + i);
     is($_(i, "pword").value, "testpass", "Checking for filled password " + i);
   }
   // The login's formSubmitURL isn't "javascript:", so don't fill it in.
   isnot($_(10, "uname"), "testuser", "Checking username w/ JS action URL");
   isnot($_(10, "pword"), "testpass", "Checking password w/ JS action URL");
   SimpleTest.finish();
 }
 window.onload = startTest;
 SimpleTest.waitForExplicitFinish();
 </script>
 </pre>
 </body>
 </html>

The Tor Browser / annotate

toolkit/components/passwordmgr/test/test_bug_360493_1.html@6474c204b198 (annotated)

toolkit/components/passwordmgr/test/test_bug_360493_1.html