The Tor Browser / file comparison
comparison: content/base/test/browser_bug593387.js
content/base/test/browser_bug593387.js
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:539af03e0a82 |
|---|---|
| 1 /* | |
| 2 * Test for bug 593387 | |
| 3 * Loads a chrome document in a content docshell and then inserts a | |
| 4 * X-Frame-Options: DENY iframe into the document and verifies that the document | |
| 5 * loads. The policy we are enforcing is outlined here: | |
| 6 * https://bugzilla.mozilla.org/show_bug.cgi?id=593387#c17 | |
| 7 */ | |
| 8 var newBrowser; | |
| 9 | |
| 10 function test() { | |
| 11 waitForExplicitFinish(); | |
| 12 | |
| 13 var newTab = gBrowser.addTab(); | |
| 14 gBrowser.selectedTab = newTab; | |
| 15 newBrowser = gBrowser.getBrowserForTab(newTab); | |
| 16 //alert(newBrowser.contentWindow); | |
| 17 | |
| 18 newBrowser.addEventListener("load", testXFOFrameInChrome, true); | |
| 19 newBrowser.contentWindow.location = "chrome://global/content/mozilla.xhtml"; | |
| 20 } | |
| 21 | |
| 22 function testXFOFrameInChrome() { | |
| 23 newBrowser.removeEventListener("load", testXFOFrameInChrome, true); | |
| 24 | |
| 25 // Insert an iframe that specifies "X-Frame-Options: DENY" and verify | |
| 26 // that it loads, since the top context is chrome | |
| 27 var frame = newBrowser.contentDocument.createElement("iframe"); | |
| 28 frame.src = "http://mochi.test:8888/tests/content/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny"; | |
| 29 frame.addEventListener("load", function() { | |
| 30 frame.removeEventListener("load", arguments.callee, true); | |
| 31 | |
| 32 // Test that the frame loaded | |
| 33 var test = this.contentDocument.getElementById("test"); | |
| 34 is(test.tagName, "H1", "wrong element type"); | |
| 35 is(test.textContent, "deny", "wrong textContent"); | |
| 36 | |
| 37 // Run next test (try the same with a content top-level context) | |
| 38 newBrowser.addEventListener("load", testXFOFrameInContent, true); | |
| 39 newBrowser.contentWindow.location = "http://example.com/"; | |
| 40 }, true); | |
| 41 | |
| 42 newBrowser.contentDocument.body.appendChild(frame); | |
| 43 } | |
| 44 | |
| 45 function testXFOFrameInContent() { | |
| 46 newBrowser.removeEventListener("load", testXFOFrameInContent, true); | |
| 47 | |
| 48 // Insert an iframe that specifies "X-Frame-Options: DENY" and verify that it | |
| 49 // is blocked from loading since the top browsing context is another site | |
| 50 var frame = newBrowser.contentDocument.createElement("iframe"); | |
| 51 frame.src = "http://mochi.test:8888/tests/content/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny"; | |
| 52 frame.addEventListener("load", function() { | |
| 53 frame.removeEventListener("load", arguments.callee, true); | |
| 54 | |
| 55 // Test that the frame DID NOT load | |
| 56 var test = this.contentDocument.getElementById("test"); | |
| 57 is(test, undefined, "should be about:blank"); | |
| 58 | |
| 59 // Finalize the test | |
| 60 gBrowser.removeCurrentTab(); | |
| 61 finish(); | |
| 62 }, true); | |
| 63 | |
| 64 newBrowser.contentDocument.body.appendChild(frame); | |
| 65 } |
