browser/components/sessionstore/test/browser_464620_a.html@6474c204b198
browser/components/sessionstore/test/browser_464620_a.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!-- Testcase originally by <moz_bug_r_a4@yahoo.com> -->
3 <title>Test for bug 464620 (injection on input)</title>
5 <iframe></iframe>
6 <iframe onload="setup()"></iframe>
8 <script>
9 var targetUrl = "http://mochi.test:8888/browser/" +
10 "browser/components/sessionstore/test/browser_464620_xd.html";
11 var firstPass;
13 function setup() {
14 if (firstPass !== undefined)
15 return;
16 firstPass = frames[1].location.href == "about:blank";
17 if (firstPass) {
18 frames[0].location = 'data:text/html;charset=utf-8,<body onload="if (parent.firstPass) parent.step();"><input id="x" oninput="parent.xss()">XXX</body>';
19 }
20 frames[1].location = targetUrl;
21 }
23 function step() {
24 var x = frames[0].document.getElementById("x");
25 if (x.value == "")
26 x.value = "ready";
27 x.style.display = "none";
28 frames[0].document.designMode = "on";
29 }
31 function xss() {
32 step();
34 var documentInjected = false;
35 document.getElementsByTagName("iframe")[0].onload =
36 function() { documentInjected = true; };
37 frames[0].location = targetUrl;
39 for (var c = 0; !documentInjected && c < 20; c++) {
40 var r = new XMLHttpRequest();
41 r.open("GET", location.href, false);
42 r.overrideMimeType("text/plain");
43 r.send(null);
44 }
45 document.getElementById("state").textContent = "done";
47 var event = new MessageEvent('464620_a', { bubbles: true, cancelable: false,
48 data: "done", origin: location.href,
49 source: window });
50 document.dispatchEvent(event);
51 }
52 </script>
54 <p id="state">pending</p>
