1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,79 @@
1.4 +/* Any copyright is dedicated to the public domain.
1.5 + http://creativecommons.org/publicdomain/zero/1.0/ */
1.6 +
1.7 +// Bug 770239 - Test that X-Frame-Options will correctly block a page inside a
1.8 +// subframe of <iframe mozbrowser>.
1.9 +"use strict";
1.10 +
1.11 +SimpleTest.waitForExplicitFinish();
1.12 +browserElementTestHelpers.setEnabledPref(true);
1.13 +browserElementTestHelpers.addPermission();
1.14 +
1.15 +var initialScreenshotArrayBuffer;
1.16 +
1.17 +function arrayBuffersEqual(a, b) {
1.18 + var x = new Int8Array(a);
1.19 + var y = new Int8Array(b);
1.20 + if (x.length != y.length) {
1.21 + return false;
1.22 + }
1.23 +
1.24 + for (var i = 0; i < x.length; i++) {
1.25 + if (x[i] != y[i]) {
1.26 + return false;
1.27 + }
1.28 + }
1.29 +
1.30 + return true;
1.31 +}
1.32 +
1.33 +function runTest() {
1.34 + var iframe = document.createElement('iframe');
1.35 + SpecialPowers.wrap(iframe).mozbrowser = true;
1.36 +
1.37 + // Our child will create two iframes, so make sure this iframe is big enough
1.38 + // to show both of them without scrolling, so taking a screenshot gets both
1.39 + // frames.
1.40 + iframe.height = '1000px';
1.41 +
1.42 + iframe.addEventListener('mozbrowsershowmodalprompt', function(e) {
1.43 + switch (e.detail.message) {
1.44 + case 'step 1':
1.45 + // Make the page wait for us to unblock it (which we do after we finish
1.46 + // taking the screenshot).
1.47 + e.preventDefault();
1.48 +
1.49 + iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) {
1.50 + var fr = new FileReader();
1.51 + fr.onloadend = function() {
1.52 + initialScreenshotArrayBuffer = fr.result;
1.53 + e.detail.unblock();
1.54 + }
1.55 + fr.readAsArrayBuffer(sshot.target.result);
1.56 + };
1.57 + break;
1.58 + case 'step 2':
1.59 + // The page has now attempted to load the X-Frame-Options page; take
1.60 + // another screenshot.
1.61 + iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) {
1.62 + var fr = new FileReader();
1.63 + fr.onloadend = function() {
1.64 + ok(arrayBuffersEqual(fr.result, initialScreenshotArrayBuffer),
1.65 + "Screenshots should be identical");
1.66 + SimpleTest.finish();
1.67 + }
1.68 + fr.readAsArrayBuffer(sshot.target.result);
1.69 + };
1.70 + break;
1.71 + }
1.72 + });
1.73 +
1.74 + document.body.appendChild(iframe);
1.75 +
1.76 + // Load this page from a different origin than ourselves. This page will, in
1.77 + // turn, load a child from mochi.test:8888, our origin, with X-Frame-Options:
1.78 + // SAMEORIGIN. That load should be denied.
1.79 + iframe.src = 'http://example.com/tests/dom/browser-element/mochitest/file_browserElement_XFrameOptionsDeny.html';
1.80 +}
1.81 +
1.82 +addEventListener('testready', runTest);
