1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/docshell/test/browser/browser_bug441169.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,27 @@
1.4 +/* Make sure that netError won't allow HTML injection through badcert parameters. See bug 441169. */
1.5 +var newBrowser
1.6 +
1.7 +// An edited version of the standard neterror url which attempts to
1.8 +// insert a <span id="test_span"> tag into the text. We will navigate to this page
1.9 +// and ensure that the span tag is not parsed as HTML.
1.10 +var chromeURL = "about:neterror?e=nssBadCert&u=https%3A//test.kuix.de/&c=UTF-8&d=This%20sentence%20should%20not%20be%20parsed%20to%20include%20a%20%3Cspan%20id=%22test_span%22%3Enamed%3C/span%3E%20span%20tag.%0A%0AThe%20certificate%20is%20only%20valid%20for%20%3Ca%20id=%22cert_domain_link%22%20title=%22kuix.de%22%3Ekuix.de%3C/a%3E%0A%0A(Error%20code%3A%20ssl_error_bad_cert_domain)";
1.11 +
1.12 +function test() {
1.13 + waitForExplicitFinish();
1.14 +
1.15 + var newTab = gBrowser.addTab();
1.16 + gBrowser.selectedTab = newTab;
1.17 + newBrowser = gBrowser.getBrowserForTab(newTab);
1.18 +
1.19 + window.addEventListener("DOMContentLoaded", checkPage, false);
1.20 + newBrowser.contentWindow.location = chromeURL;
1.21 +}
1.22 +
1.23 +function checkPage() {
1.24 + window.removeEventListener("DOMContentLoaded", checkPage, false);
1.25 +
1.26 + is(newBrowser.contentDocument.getElementById("test_span"), null, "Error message should not be parsed as HTML, and hence shouldn't include the 'test_span' element.");
1.27 +
1.28 + gBrowser.removeCurrentTab();
1.29 + finish();
1.30 +}
