toolkit/components/passwordmgr/test/test_bug_360493_1.html@129ffea94266
toolkit/components/passwordmgr/test/test_bug_360493_1.html
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
1 <!DOCTYPE HTML>
2 <html>
3 <head>
4 <title>Test for Login Manager</title>
5 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
6 <script type="text/javascript" src="pwmgr_common.js"></script>
7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
8 </head>
9 <body>
10 Login Manager test: 360493
11 <p id="display"></p>
12 <div id="content" style="display: none">
14 <!-- normal form with normal relative action. -->
15 <form id="form1" action="formtest.js">
16 <input type="text" name="uname">
17 <input type="password" name="pword">
19 <button type="submit">Submit</button>
20 <button type="reset"> Reset </button>
21 </form>
23 <!-- fully specify the action URL -->
24 <form id="form2" action="http://mochi.test:8888/tests/toolkit/components/passwordmgr/test/formtest.js">
25 <input type="text" name="uname">
26 <input type="password" name="pword">
28 <button type="submit">Submit</button>
29 <button type="reset"> Reset </button>
30 </form>
32 <!-- fully specify the action URL, and change the path -->
33 <form id="form3" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/formtest.js">
34 <input type="text" name="uname">
35 <input type="password" name="pword">
37 <button type="submit">Submit</button>
38 <button type="reset"> Reset </button>
39 </form>
41 <!-- fully specify the action URL, and change the path and filename -->
42 <form id="form4" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/not_a_test.js">
43 <input type="text" name="uname">
44 <input type="password" name="pword">
46 <button type="submit">Submit</button>
47 <button type="reset"> Reset </button>
48 </form>
50 <!-- specify the action URL relative to the current document-->
51 <form id="form5" action="./formtest.js">
52 <input type="text" name="uname">
53 <input type="password" name="pword">
55 <button type="submit">Submit</button>
56 <button type="reset"> Reset </button>
57 </form>
59 <!-- specify the action URL relative to the current server -->
60 <form id="form6" action="/tests/toolkit/components/passwordmgr/test/formtest.js">
61 <input type="text" name="uname">
62 <input type="password" name="pword">
64 <button type="submit">Submit</button>
65 <button type="reset"> Reset </button>
66 </form>
68 <!-- Change the method from get to post -->
69 <form id="form7" action="formtest.js" method="POST">
70 <input type="text" name="uname">
71 <input type="password" name="pword">
73 <button type="submit">Submit</button>
74 <button type="reset"> Reset </button>
75 </form>
77 <!-- Blank action URL specified -->
78 <form id="form8" action="">
79 <input type="text" name="uname">
80 <input type="password" name="pword">
82 <button type="submit">Submit</button>
83 <button type="reset"> Reset </button>
84 </form>
86 <!-- |action| attribute entirely missing -->
87 <form id="form9" >
88 <input type="text" name="uname">
89 <input type="password" name="pword">
91 <button type="submit">Submit</button>
92 <button type="reset"> Reset </button>
93 </form>
95 <!-- action url as javascript -->
96 <form id="form10" action="javascript:alert('this form is not submitted so this alert should not be invoked');">
97 <input type="text" name="uname">
98 <input type="password" name="pword">
100 <button type="submit">Submit</button>
101 <button type="reset"> Reset </button>
102 </form>
104 <!-- TODO: action=IP.ADDRESS instead of HOSTNAME? -->
105 <!-- TODO: test with |base href="http://othersite//"| ? -->
106 </div>
107 <pre id="test">
108 <script class="testbody" type="text/javascript">
110 /** Test for Login Manager: 360493 (Cross-Site Forms + Password
111 Manager = Security Failure) **/
113 // This test is designed to make sure variations on the form's |action|
114 // and |method| continue to work with the fix for 360493.
116 commonInit();
118 function startTest() {
119 for (var i = 1; i <= 9; i++) {
120 // Check form i
121 is($_(i, "uname").value, "testuser", "Checking for filled username " + i);
122 is($_(i, "pword").value, "testpass", "Checking for filled password " + i);
123 }
125 // The login's formSubmitURL isn't "javascript:", so don't fill it in.
126 isnot($_(10, "uname"), "testuser", "Checking username w/ JS action URL");
127 isnot($_(10, "pword"), "testpass", "Checking password w/ JS action URL");
129 SimpleTest.finish();
130 }
132 window.onload = startTest;
134 SimpleTest.waitForExplicitFinish();
136 </script>
137 </pre>
138 </body>
139 </html>
