The Tor Browser / file comparison

comparison: browser/components/sessionstore/test/browser_464620_a.html

browser/components/sessionstore/test/browser_464620_a.html

changeset 0
6474c204b198
equal deleted inserted replaced
-1:000000000000 0:f597d5be42af
1 <!-- Testcase originally by <moz_bug_r_a4@yahoo.com> -->
2
3 <title>Test for bug 464620 (injection on input)</title>
4
5 <iframe></iframe>
6 <iframe onload="setup()"></iframe>
7
8 <script>
9 var targetUrl = "http://mochi.test:8888/browser/" +
10 "browser/components/sessionstore/test/browser_464620_xd.html";
11 var firstPass;
12
13 function setup() {
14 if (firstPass !== undefined)
15 return;
16 firstPass = frames[1].location.href == "about:blank";
17 if (firstPass) {
18 frames[0].location = 'data:text/html;charset=utf-8,<body onload="if (parent.firstPass) parent.step();"><input id="x" oninput="parent.xss()">XXX</body>';
19 }
20 frames[1].location = targetUrl;
21 }
22
23 function step() {
24 var x = frames[0].document.getElementById("x");
25 if (x.value == "")
26 x.value = "ready";
27 x.style.display = "none";
28 frames[0].document.designMode = "on";
29 }
30
31 function xss() {
32 step();
33
34 var documentInjected = false;
35 document.getElementsByTagName("iframe")[0].onload =
36 function() { documentInjected = true; };
37 frames[0].location = targetUrl;
38
39 for (var c = 0; !documentInjected && c < 20; c++) {
40 var r = new XMLHttpRequest();
41 r.open("GET", location.href, false);
42 r.overrideMimeType("text/plain");
43 r.send(null);
44 }
45 document.getElementById("state").textContent = "done";
46
47 var event = new MessageEvent('464620_a', { bubbles: true, cancelable: false,
48 data: "done", origin: location.href,
49 source: window });
50 document.dispatchEvent(event);
51 }
52 </script>
53
54 <p id="state">pending</p>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial