The Tor Browser / file comparison
comparison: docshell/test/browser/browser_bug441169.js
docshell/test/browser/browser_bug441169.js
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:5896ca6bbd82 |
|---|---|
| 1 /* Make sure that netError won't allow HTML injection through badcert parameters. See bug 441169. */ | |
| 2 var newBrowser | |
| 3 | |
| 4 // An edited version of the standard neterror url which attempts to | |
| 5 // insert a <span id="test_span"> tag into the text. We will navigate to this page | |
| 6 // and ensure that the span tag is not parsed as HTML. | |
| 7 var chromeURL = "about:neterror?e=nssBadCert&u=https%3A//test.kuix.de/&c=UTF-8&d=This%20sentence%20should%20not%20be%20parsed%20to%20include%20a%20%3Cspan%20id=%22test_span%22%3Enamed%3C/span%3E%20span%20tag.%0A%0AThe%20certificate%20is%20only%20valid%20for%20%3Ca%20id=%22cert_domain_link%22%20title=%22kuix.de%22%3Ekuix.de%3C/a%3E%0A%0A(Error%20code%3A%20ssl_error_bad_cert_domain)"; | |
| 8 | |
| 9 function test() { | |
| 10 waitForExplicitFinish(); | |
| 11 | |
| 12 var newTab = gBrowser.addTab(); | |
| 13 gBrowser.selectedTab = newTab; | |
| 14 newBrowser = gBrowser.getBrowserForTab(newTab); | |
| 15 | |
| 16 window.addEventListener("DOMContentLoaded", checkPage, false); | |
| 17 newBrowser.contentWindow.location = chromeURL; | |
| 18 } | |
| 19 | |
| 20 function checkPage() { | |
| 21 window.removeEventListener("DOMContentLoaded", checkPage, false); | |
| 22 | |
| 23 is(newBrowser.contentDocument.getElementById("test_span"), null, "Error message should not be parsed as HTML, and hence shouldn't include the 'test_span' element."); | |
| 24 | |
| 25 gBrowser.removeCurrentTab(); | |
| 26 finish(); | |
| 27 } |
