dom/plugins/test/mochitest/test_bug813906.html@b8a032363ba2 (annotated)
dom/plugins/test/mochitest/test_bug813906.html
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | <!doctype html> |
| michael@0 | 2 | <html> |
| michael@0 | 3 | <head> |
| michael@0 | 4 | <title>Test for Bug 813906</title> |
| michael@0 | 5 | <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> |
| michael@0 | 6 | <script type="text/javascript" src="utils.js"></script> |
| michael@0 | 7 | <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> |
| michael@0 | 8 | |
| michael@0 | 9 | <meta http-equiv="content-type" content="text/html; charset=utf-8"> |
| michael@0 | 10 | <base href="chrome://browser/content/"> |
| michael@0 | 11 | </head> |
| michael@0 | 12 | <body> |
| michael@0 | 13 | |
| michael@0 | 14 | <script type="application/javascript"> |
| michael@0 | 15 | function f() { |
| michael@0 | 16 | document.getElementsByTagName("base")[0].href = "http://www.safe.com/"; |
| michael@0 | 17 | } |
| michael@0 | 18 | </script> |
| michael@0 | 19 | |
| michael@0 | 20 | <script type="application/javascript"> |
| michael@0 | 21 | SimpleTest.waitForExplicitFinish(); |
| michael@0 | 22 | setTestPluginEnabledState(SpecialPowers.Ci.nsIPluginTag.STATE_ENABLED); |
| michael@0 | 23 | |
| michael@0 | 24 | var frameLoadCount = 0; |
| michael@0 | 25 | function frameLoaded() { |
| michael@0 | 26 | frameLoadCount++; |
| michael@0 | 27 | if (frameLoadCount == 1) { |
| michael@0 | 28 | document.getElementsByTagName("object")[0].type = "application/x-test"; |
| michael@0 | 29 | document.getElementsByTagName("use")[0].setAttributeNS("http://www.w3.org/1999/xlink", "href", location.href + "#a"); |
| michael@0 | 30 | } else if (frameLoadCount == 2) { |
| michael@0 | 31 | isnot(SpecialPowers.wrap(window.frame1).location.href.indexOf('chrome://'), |
| michael@0 | 32 | 0, 'plugin shouldnt be able to cause navigation to chrome URLs'); |
| michael@0 | 33 | SimpleTest.finish(); |
| michael@0 | 34 | } |
| michael@0 | 35 | } |
| michael@0 | 36 | </script> |
| michael@0 | 37 | |
| michael@0 | 38 | <!-- Note that <svg:use> ends up creating an anonymous subtree, which means that the plugin |
| michael@0 | 39 | reflector gets hoisted into the XBL scope, and isn't accessible to content. We pass |
| michael@0 | 40 | the 'donttouchelement' parameter to the plugin to prevent it from trying to define the |
| michael@0 | 41 | 'pluginFoundElement' property on the plugin reflector, since doing so would throw a |
| michael@0 | 42 | security exception. --> |
| michael@0 | 43 | <svg> |
| michael@0 | 44 | <symbol id="a"> |
| michael@0 | 45 | <foreignObject> |
| michael@0 | 46 | <object bugmode="813906" frame="frame1"><param name="donttouchelement"></param></object> |
| michael@0 | 47 | </foreignObject> |
| michael@0 | 48 | </symbol> |
| michael@0 | 49 | <use /> |
| michael@0 | 50 | </svg> |
| michael@0 | 51 | |
| michael@0 | 52 | <iframe name="frame1" onload="frameLoaded()"></iframe> |
| michael@0 | 53 | </body> |
| michael@0 | 54 | </html> |
