1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/toolkit/components/passwordmgr/test/test_bug_360493_1.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,140 @@
1.4 +<!DOCTYPE HTML>
1.5 +<html>
1.6 +<head>
1.7 + <title>Test for Login Manager</title>
1.8 + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.9 + <script type="text/javascript" src="pwmgr_common.js"></script>
1.10 + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
1.11 +</head>
1.12 +<body>
1.13 +Login Manager test: 360493
1.14 +<p id="display"></p>
1.15 +<div id="content" style="display: none">
1.16 +
1.17 + <!-- normal form with normal relative action. -->
1.18 + <form id="form1" action="formtest.js">
1.19 + <input type="text" name="uname">
1.20 + <input type="password" name="pword">
1.21 +
1.22 + <button type="submit">Submit</button>
1.23 + <button type="reset"> Reset </button>
1.24 + </form>
1.25 +
1.26 + <!-- fully specify the action URL -->
1.27 + <form id="form2" action="http://mochi.test:8888/tests/toolkit/components/passwordmgr/test/formtest.js">
1.28 + <input type="text" name="uname">
1.29 + <input type="password" name="pword">
1.30 +
1.31 + <button type="submit">Submit</button>
1.32 + <button type="reset"> Reset </button>
1.33 + </form>
1.34 +
1.35 + <!-- fully specify the action URL, and change the path -->
1.36 + <form id="form3" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/formtest.js">
1.37 + <input type="text" name="uname">
1.38 + <input type="password" name="pword">
1.39 +
1.40 + <button type="submit">Submit</button>
1.41 + <button type="reset"> Reset </button>
1.42 + </form>
1.43 +
1.44 + <!-- fully specify the action URL, and change the path and filename -->
1.45 + <form id="form4" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/not_a_test.js">
1.46 + <input type="text" name="uname">
1.47 + <input type="password" name="pword">
1.48 +
1.49 + <button type="submit">Submit</button>
1.50 + <button type="reset"> Reset </button>
1.51 + </form>
1.52 +
1.53 + <!-- specify the action URL relative to the current document-->
1.54 + <form id="form5" action="./formtest.js">
1.55 + <input type="text" name="uname">
1.56 + <input type="password" name="pword">
1.57 +
1.58 + <button type="submit">Submit</button>
1.59 + <button type="reset"> Reset </button>
1.60 + </form>
1.61 +
1.62 + <!-- specify the action URL relative to the current server -->
1.63 + <form id="form6" action="/tests/toolkit/components/passwordmgr/test/formtest.js">
1.64 + <input type="text" name="uname">
1.65 + <input type="password" name="pword">
1.66 +
1.67 + <button type="submit">Submit</button>
1.68 + <button type="reset"> Reset </button>
1.69 + </form>
1.70 +
1.71 + <!-- Change the method from get to post -->
1.72 + <form id="form7" action="formtest.js" method="POST">
1.73 + <input type="text" name="uname">
1.74 + <input type="password" name="pword">
1.75 +
1.76 + <button type="submit">Submit</button>
1.77 + <button type="reset"> Reset </button>
1.78 + </form>
1.79 +
1.80 + <!-- Blank action URL specified -->
1.81 + <form id="form8" action="">
1.82 + <input type="text" name="uname">
1.83 + <input type="password" name="pword">
1.84 +
1.85 + <button type="submit">Submit</button>
1.86 + <button type="reset"> Reset </button>
1.87 + </form>
1.88 +
1.89 + <!-- |action| attribute entirely missing -->
1.90 + <form id="form9" >
1.91 + <input type="text" name="uname">
1.92 + <input type="password" name="pword">
1.93 +
1.94 + <button type="submit">Submit</button>
1.95 + <button type="reset"> Reset </button>
1.96 + </form>
1.97 +
1.98 + <!-- action url as javascript -->
1.99 + <form id="form10" action="javascript:alert('this form is not submitted so this alert should not be invoked');">
1.100 + <input type="text" name="uname">
1.101 + <input type="password" name="pword">
1.102 +
1.103 + <button type="submit">Submit</button>
1.104 + <button type="reset"> Reset </button>
1.105 + </form>
1.106 +
1.107 + <!-- TODO: action=IP.ADDRESS instead of HOSTNAME? -->
1.108 + <!-- TODO: test with |base href="http://othersite//"| ? -->
1.109 +</div>
1.110 +<pre id="test">
1.111 +<script class="testbody" type="text/javascript">
1.112 +
1.113 +/** Test for Login Manager: 360493 (Cross-Site Forms + Password
1.114 + Manager = Security Failure) **/
1.115 +
1.116 +// This test is designed to make sure variations on the form's |action|
1.117 +// and |method| continue to work with the fix for 360493.
1.118 +
1.119 +commonInit();
1.120 +
1.121 +function startTest() {
1.122 + for (var i = 1; i <= 9; i++) {
1.123 + // Check form i
1.124 + is($_(i, "uname").value, "testuser", "Checking for filled username " + i);
1.125 + is($_(i, "pword").value, "testpass", "Checking for filled password " + i);
1.126 + }
1.127 +
1.128 + // The login's formSubmitURL isn't "javascript:", so don't fill it in.
1.129 + isnot($_(10, "uname"), "testuser", "Checking username w/ JS action URL");
1.130 + isnot($_(10, "pword"), "testpass", "Checking password w/ JS action URL");
1.131 +
1.132 + SimpleTest.finish();
1.133 +}
1.134 +
1.135 +window.onload = startTest;
1.136 +
1.137 +SimpleTest.waitForExplicitFinish();
1.138 +
1.139 +</script>
1.140 +</pre>
1.141 +</body>
1.142 +</html>
1.143 +
