The Tor Browser / file comparison
comparison: browser/components/sessionstore/test/browser_463205.js
browser/components/sessionstore/test/browser_463205.js
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:95ddb89a2c9f |
|---|---|
| 1 /* Any copyright is dedicated to the Public Domain. | |
| 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ | |
| 3 | |
| 4 "use strict"; | |
| 5 | |
| 6 const URL = ROOT + "browser_463205_sample.html"; | |
| 7 | |
| 8 /** | |
| 9 * Bug 463205 - Check URLs before restoring form data to make sure a malicious | |
| 10 * website can't modify frame URLs and make us inject form data into the wrong | |
| 11 * web pages. | |
| 12 */ | |
| 13 add_task(function test_check_urls_before_restoring() { | |
| 14 // Add a blank tab. | |
| 15 let tab = gBrowser.addTab("about:blank"); | |
| 16 let browser = tab.linkedBrowser; | |
| 17 yield promiseBrowserLoaded(browser); | |
| 18 | |
| 19 // Restore form data with a valid URL. | |
| 20 ss.setTabState(tab, getState(URL)); | |
| 21 yield promiseTabRestored(tab); | |
| 22 | |
| 23 let value = yield getInputValue(browser, {id: "text"}); | |
| 24 is(value, "foobar", "value was restored"); | |
| 25 | |
| 26 // Restore form data with an invalid URL. | |
| 27 ss.setTabState(tab, getState("http://example.com/")); | |
| 28 yield promiseTabRestored(tab); | |
| 29 | |
| 30 let value = yield getInputValue(browser, {id: "text"}); | |
| 31 is(value, "", "value was not restored"); | |
| 32 | |
| 33 // Cleanup. | |
| 34 gBrowser.removeTab(tab); | |
| 35 }); | |
| 36 | |
| 37 function getState(url) { | |
| 38 return JSON.stringify({ | |
| 39 entries: [{url: URL}], | |
| 40 formdata: {url: url, id: {text: "foobar"}} | |
| 41 }); | |
| 42 } |
