• file
• revisions
• annotate
• diff
• comparison
• raw

dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js@7e26c7da4463 (annotated)

dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js

Wed, 31 Dec 2014 06:55:50 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 06:55:50 +0100

changeset 2

7e26c7da4463

permissions

-rw-r--r--

Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2

michael@0	1	/* Any copyright is dedicated to the public domain.
michael@0	2	http://creativecommons.org/publicdomain/zero/1.0/ */
michael@0	3
michael@0	4	// Bug 770239 - Test that X-Frame-Options will correctly block a page inside a
michael@0	5	// subframe of <iframe mozbrowser>.
michael@0	6	"use strict";
michael@0	7
michael@0	8	SimpleTest.waitForExplicitFinish();
michael@0	9	browserElementTestHelpers.setEnabledPref(true);
michael@0	10	browserElementTestHelpers.addPermission();
michael@0	11
michael@0	12	var initialScreenshotArrayBuffer;
michael@0	13
michael@0	14	function arrayBuffersEqual(a, b) {
michael@0	15	var x = new Int8Array(a);
michael@0	16	var y = new Int8Array(b);
michael@0	17	if (x.length != y.length) {
michael@0	18	return false;
michael@0	19	}
michael@0	20
michael@0	21	for (var i = 0; i < x.length; i++) {
michael@0	22	if (x[i] != y[i]) {
michael@0	23	return false;
michael@0	24	}
michael@0	25	}
michael@0	26
michael@0	27	return true;
michael@0	28	}
michael@0	29
michael@0	30	function runTest() {
michael@0	31	var iframe = document.createElement('iframe');
michael@0	32	SpecialPowers.wrap(iframe).mozbrowser = true;
michael@0	33
michael@0	34	// Our child will create two iframes, so make sure this iframe is big enough
michael@0	35	// to show both of them without scrolling, so taking a screenshot gets both
michael@0	36	// frames.
michael@0	37	iframe.height = '1000px';
michael@0	38
michael@0	39	iframe.addEventListener('mozbrowsershowmodalprompt', function(e) {
michael@0	40	switch (e.detail.message) {
michael@0	41	case 'step 1':
michael@0	42	// Make the page wait for us to unblock it (which we do after we finish
michael@0	43	// taking the screenshot).
michael@0	44	e.preventDefault();
michael@0	45
michael@0	46	iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) {
michael@0	47	var fr = new FileReader();
michael@0	48	fr.onloadend = function() {
michael@0	49	initialScreenshotArrayBuffer = fr.result;
michael@0	50	e.detail.unblock();
michael@0	51	}
michael@0	52	fr.readAsArrayBuffer(sshot.target.result);
michael@0	53	};
michael@0	54	break;
michael@0	55	case 'step 2':
michael@0	56	// The page has now attempted to load the X-Frame-Options page; take
michael@0	57	// another screenshot.
michael@0	58	iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) {
michael@0	59	var fr = new FileReader();
michael@0	60	fr.onloadend = function() {
michael@0	61	ok(arrayBuffersEqual(fr.result, initialScreenshotArrayBuffer),
michael@0	62	"Screenshots should be identical");
michael@0	63	SimpleTest.finish();
michael@0	64	}
michael@0	65	fr.readAsArrayBuffer(sshot.target.result);
michael@0	66	};
michael@0	67	break;
michael@0	68	}
michael@0	69	});
michael@0	70
michael@0	71	document.body.appendChild(iframe);
michael@0	72
michael@0	73	// Load this page from a different origin than ourselves. This page will, in
michael@0	74	// turn, load a child from mochi.test:8888, our origin, with X-Frame-Options:
michael@0	75	// SAMEORIGIN. That load should be denied.
michael@0	76	iframe.src = 'http://example.com/tests/dom/browser-element/mochitest/file_browserElement_XFrameOptionsDeny.html';
michael@0	77	}
michael@0	78
michael@0	79	addEventListener('testready', runTest);