The Tor Browser / file revision

dom/plugins/test/mochitest/test_bug813906.html@6474c204b198

dom/plugins/test/mochitest/test_bug813906.html

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 <!doctype html>

     2 <html>

     3 <head>

     4   <title>Test for Bug 813906</title>

     5   <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>

     6   <script type="text/javascript" src="utils.js"></script>

     7   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>

     8 

     9   <meta http-equiv="content-type" content="text/html; charset=utf-8">

    10   <base href="chrome://browser/content/">

    11 </head>

    12 <body>

    13 

    14 <script type="application/javascript">

    15 function f() {

    16   document.getElementsByTagName("base")[0].href = "http://www.safe.com/";

    17 }

    18 </script>

    19 

    20 <script type="application/javascript">

    21 SimpleTest.waitForExplicitFinish();

    22 setTestPluginEnabledState(SpecialPowers.Ci.nsIPluginTag.STATE_ENABLED);

    23 

    24 var frameLoadCount = 0;

    25 function frameLoaded() {

    26   frameLoadCount++;

    27   if (frameLoadCount == 1) {

    28     document.getElementsByTagName("object")[0].type = "application/x-test";

    29     document.getElementsByTagName("use")[0].setAttributeNS("http://www.w3.org/1999/xlink", "href", location.href + "#a");

    30   } else if (frameLoadCount == 2) {

    31     isnot(SpecialPowers.wrap(window.frame1).location.href.indexOf('chrome://'),

    32           0, 'plugin shouldnt be able to cause navigation to chrome URLs');

    33     SimpleTest.finish();

    34   }

    35 }

    36 </script>

    37 

    38 <!-- Note that <svg:use> ends up creating an anonymous subtree, which means that the plugin

    39      reflector gets hoisted into the XBL scope, and isn't accessible to content. We pass

    40      the 'donttouchelement' parameter to the plugin to prevent it from trying to define the

    41      'pluginFoundElement' property on the plugin reflector, since doing so would throw a

    42      security exception. -->

    43 <svg>

    44   <symbol id="a">

    45     <foreignObject>

    46       <object bugmode="813906" frame="frame1"><param name="donttouchelement"></param></object>

    47     </foreignObject>

    48   </symbol>

    49   <use />

    50 </svg>

    51 

    52 <iframe name="frame1" onload="frameLoaded()"></iframe>

    53 </body>

    54 </html>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial