1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/browser/components/sessionstore/test/browser_464620_b.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,48 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +function test() {
1.9 + /** Test for Bug 464620 (injection on DOM node insertion) **/
1.10 +
1.11 + waitForExplicitFinish();
1.12 +
1.13 + let testURL = "http://mochi.test:8888/browser/" +
1.14 + "browser/components/sessionstore/test/browser_464620_b.html";
1.15 +
1.16 + var frameCount = 0;
1.17 + let tab = gBrowser.addTab(testURL);
1.18 + tab.linkedBrowser.addEventListener("load", function(aEvent) {
1.19 + // wait for all frames to load completely
1.20 + if (frameCount++ < 6)
1.21 + return;
1.22 + this.removeEventListener("load", arguments.callee, true);
1.23 +
1.24 + executeSoon(function() {
1.25 + frameCount = 0;
1.26 + let tab2 = gBrowser.duplicateTab(tab);
1.27 + tab2.linkedBrowser.addEventListener("464620_b", function(aEvent) {
1.28 + tab2.linkedBrowser.removeEventListener("464620_b", arguments.callee, true);
1.29 + is(aEvent.data, "done", "XSS injection was attempted");
1.30 +
1.31 + // let form restoration complete and take into account the
1.32 + // setTimeout(..., 0) in sss_restoreDocument_proxy
1.33 + executeSoon(function() {
1.34 + setTimeout(function() {
1.35 + let win = tab2.linkedBrowser.contentWindow;
1.36 + isnot(win.frames[1].document.location, testURL,
1.37 + "cross domain document was loaded");
1.38 + ok(!/XXX/.test(win.frames[1].document.body.innerHTML),
1.39 + "no content was injected");
1.40 +
1.41 + // clean up
1.42 + gBrowser.removeTab(tab2);
1.43 + gBrowser.removeTab(tab);
1.44 +
1.45 + finish();
1.46 + }, 0);
1.47 + });
1.48 + }, true, true);
1.49 + });
1.50 + }, true);
1.51 +}
