The Tor Browser: toolkit/components/passwordmgr/test/test_bug_360493

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 <!DOCTYPE HTML>

     2 <html>

     3 <head>

     4   <title>Test for Login Manager</title>

     5   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>

     6   <script type="text/javascript" src="pwmgr_common.js"></script>

     7   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />

     8 </head>

     9 <body>

    10 Login Manager test: 360493

    11 <p id="display"></p>

    12 <div id="content" style="display: none">

    14   <!-- normal form with normal relative action. -->

    15   <form id="form1" action="formtest.js">

    16     <input  type="text"       name="uname">

    17     <input  type="password"   name="pword">

    19     <button type="submit">Submit</button>

    20     <button type="reset"> Reset </button>

    21   </form>

    23   <!-- fully specify the action URL -->

    24   <form id="form2" action="http://mochi.test:8888/tests/toolkit/components/passwordmgr/test/formtest.js">

    25     <input  type="text"       name="uname">

    26     <input  type="password"   name="pword">

    28     <button type="submit">Submit</button>

    29     <button type="reset"> Reset </button>

    30   </form>

    32   <!-- fully specify the action URL, and change the path -->

    33   <form id="form3" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/formtest.js">

    34     <input  type="text"       name="uname">

    35     <input  type="password"   name="pword">

    37     <button type="submit">Submit</button>

    38     <button type="reset"> Reset </button>

    39   </form>

    41   <!-- fully specify the action URL, and change the path and filename -->

    42   <form id="form4" action="http://mochi.test:8888/zomg/wtf/bbq/passwordmgr/test/not_a_test.js">

    43     <input  type="text"       name="uname">

    44     <input  type="password"   name="pword">

    46     <button type="submit">Submit</button>

    47     <button type="reset"> Reset </button>

    48   </form>

    50   <!-- specify the action URL relative to the current document-->

    51   <form id="form5" action="./formtest.js">

    52     <input  type="text"       name="uname">

    53     <input  type="password"   name="pword">

    55     <button type="submit">Submit</button>

    56     <button type="reset"> Reset </button>

    57   </form>

    59   <!-- specify the action URL relative to the current server -->

    60   <form id="form6" action="/tests/toolkit/components/passwordmgr/test/formtest.js">

    61     <input  type="text"       name="uname">

    62     <input  type="password"   name="pword">

    64     <button type="submit">Submit</button>

    65     <button type="reset"> Reset </button>

    66   </form>

    68   <!-- Change the method from get to post -->

    69   <form id="form7" action="formtest.js" method="POST">

    70     <input  type="text"       name="uname">

    71     <input  type="password"   name="pword">

    73     <button type="submit">Submit</button>

    74     <button type="reset"> Reset </button>

    75   </form>

    77   <!-- Blank action URL specified -->

    78   <form id="form8" action="">

    79     <input  type="text"       name="uname">

    80     <input  type="password"   name="pword">

    82     <button type="submit">Submit</button>

    83     <button type="reset"> Reset </button>

    84   </form>

    86   <!-- |action| attribute entirely missing -->

    87   <form id="form9" >

    88     <input  type="text"       name="uname">

    89     <input  type="password"   name="pword">

    91     <button type="submit">Submit</button>

    92     <button type="reset"> Reset </button>

    93   </form>

    95   <!-- action url as javascript -->

    96   <form id="form10" action="javascript:alert('this form is not submitted so this alert should not be invoked');">

    97     <input  type="text"       name="uname">

    98     <input  type="password"   name="pword">

   100     <button type="submit">Submit</button>

   101     <button type="reset"> Reset </button>

   102   </form>

   104   <!-- TODO: action=IP.ADDRESS instead of HOSTNAME? -->

   105   <!-- TODO: test with |base href="http://othersite//"| ? -->

   106 </div>

   107 <pre id="test">

   108 <script class="testbody" type="text/javascript">

   110 /** Test for Login Manager: 360493 (Cross-Site Forms + Password

   111     Manager = Security Failure) **/

   113 // This test is designed to make sure variations on the form's |action|

   114 // and |method| continue to work with the fix for 360493.

   116 commonInit();

   118 function startTest() {

   119   for (var i = 1; i <= 9; i++) {

   120     // Check form i

   121     is($_(i, "uname").value, "testuser", "Checking for filled username " + i);

   122     is($_(i, "pword").value, "testpass", "Checking for filled password " + i);

   123   }

   125   // The login's formSubmitURL isn't "javascript:", so don't fill it in.

   126   isnot($_(10, "uname"), "testuser", "Checking username w/ JS action URL");

   127   isnot($_(10, "pword"), "testpass", "Checking password w/ JS action URL");

   129   SimpleTest.finish();

   130 }

   132 window.onload = startTest;

   134 SimpleTest.waitForExplicitFinish();

   136 </script>

   137 </pre>

   138 </body>

   139 </html>

The Tor Browser / file revision