The Tor Browser / file diff

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/caps/tests/mochitest/test_bug423375.html	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,44 @@
     1.4 +<!DOCTYPE HTML>
     1.5 +<html>
     1.6 +<!--
     1.7 +https://bugzilla.mozilla.org/show_bug.cgi?id=423375
     1.8 +-->
     1.9 +<head>
    1.10 +  <title>Test for Bug 423375</title>
    1.11 +  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
    1.12 +  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
    1.13 +</head>
    1.14 +<body>
    1.15 +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=423375">Mozilla Bug 423375</a>
    1.16 +<p id="display"></p>
    1.17 +<div id="content" style="display: none">
    1.18 +<iframe id="load-frame"></iframe>  
    1.19 +</div>
    1.20 +<pre id="test">
    1.21 +<script class="testbody" type="text/javascript">
    1.22 +
    1.23 +/**
    1.24 + ** Test for Bug 423375
    1.25 + ** (content shouldn't be able to load chrome: or resource:)
    1.26 + **/
    1.27 +function tryLoad(url)
    1.28 +{
    1.29 +    try {
    1.30 +        window.frames[0].location = url;
    1.31 +        return "loaded";
    1.32 +    } catch (e if /Access.*denied/.test(String(e))) {
    1.33 +        return "denied";
    1.34 +    } catch (e) {
    1.35 +        return "unexpected: " + e;
    1.36 +    }
    1.37 +}
    1.38 +
    1.39 +is(tryLoad("chrome://global/content/mozilla.xhtml"), "denied",
    1.40 +   "content should have been prevented from loading chrome: URL");
    1.41 +is(tryLoad("resource://gre-resources/html.css"), "denied",
    1.42 +   "content should have been prevented from loading resource: URL");
    1.43 +</script>
    1.44 +</pre>
    1.45 +</body>
    1.46 +</html>
    1.47 +