The Tor Browser / file comparison
comparison: dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js
dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:c85343fab666 |
|---|---|
| 1 /* Any copyright is dedicated to the public domain. | |
| 2 http://creativecommons.org/publicdomain/zero/1.0/ */ | |
| 3 | |
| 4 // Bug 770239 - Test that X-Frame-Options will correctly block a page inside a | |
| 5 // subframe of <iframe mozbrowser>. | |
| 6 "use strict"; | |
| 7 | |
| 8 SimpleTest.waitForExplicitFinish(); | |
| 9 browserElementTestHelpers.setEnabledPref(true); | |
| 10 browserElementTestHelpers.addPermission(); | |
| 11 | |
| 12 var initialScreenshotArrayBuffer; | |
| 13 | |
| 14 function arrayBuffersEqual(a, b) { | |
| 15 var x = new Int8Array(a); | |
| 16 var y = new Int8Array(b); | |
| 17 if (x.length != y.length) { | |
| 18 return false; | |
| 19 } | |
| 20 | |
| 21 for (var i = 0; i < x.length; i++) { | |
| 22 if (x[i] != y[i]) { | |
| 23 return false; | |
| 24 } | |
| 25 } | |
| 26 | |
| 27 return true; | |
| 28 } | |
| 29 | |
| 30 function runTest() { | |
| 31 var iframe = document.createElement('iframe'); | |
| 32 SpecialPowers.wrap(iframe).mozbrowser = true; | |
| 33 | |
| 34 // Our child will create two iframes, so make sure this iframe is big enough | |
| 35 // to show both of them without scrolling, so taking a screenshot gets both | |
| 36 // frames. | |
| 37 iframe.height = '1000px'; | |
| 38 | |
| 39 iframe.addEventListener('mozbrowsershowmodalprompt', function(e) { | |
| 40 switch (e.detail.message) { | |
| 41 case 'step 1': | |
| 42 // Make the page wait for us to unblock it (which we do after we finish | |
| 43 // taking the screenshot). | |
| 44 e.preventDefault(); | |
| 45 | |
| 46 iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) { | |
| 47 var fr = new FileReader(); | |
| 48 fr.onloadend = function() { | |
| 49 initialScreenshotArrayBuffer = fr.result; | |
| 50 e.detail.unblock(); | |
| 51 } | |
| 52 fr.readAsArrayBuffer(sshot.target.result); | |
| 53 }; | |
| 54 break; | |
| 55 case 'step 2': | |
| 56 // The page has now attempted to load the X-Frame-Options page; take | |
| 57 // another screenshot. | |
| 58 iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) { | |
| 59 var fr = new FileReader(); | |
| 60 fr.onloadend = function() { | |
| 61 ok(arrayBuffersEqual(fr.result, initialScreenshotArrayBuffer), | |
| 62 "Screenshots should be identical"); | |
| 63 SimpleTest.finish(); | |
| 64 } | |
| 65 fr.readAsArrayBuffer(sshot.target.result); | |
| 66 }; | |
| 67 break; | |
| 68 } | |
| 69 }); | |
| 70 | |
| 71 document.body.appendChild(iframe); | |
| 72 | |
| 73 // Load this page from a different origin than ourselves. This page will, in | |
| 74 // turn, load a child from mochi.test:8888, our origin, with X-Frame-Options: | |
| 75 // SAMEORIGIN. That load should be denied. | |
| 76 iframe.src = 'http://example.com/tests/dom/browser-element/mochitest/file_browserElement_XFrameOptionsDeny.html'; | |
| 77 } | |
| 78 | |
| 79 addEventListener('testready', runTest); |
