The Tor Browser / file revision

dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js@7e26c7da4463

dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js

Wed, 31 Dec 2014 06:55:50 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:55:50 +0100
changeset 2
7e26c7da4463
permissions
-rw-r--r--

Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2

     1 /* Any copyright is dedicated to the public domain.

     2    http://creativecommons.org/publicdomain/zero/1.0/ */

     3 

     4 // Bug 770239 - Test that X-Frame-Options will correctly block a page inside a

     5 // subframe of <iframe mozbrowser>.

     6 "use strict";

     7 

     8 SimpleTest.waitForExplicitFinish();

     9 browserElementTestHelpers.setEnabledPref(true);

    10 browserElementTestHelpers.addPermission();

    11 

    12 var initialScreenshotArrayBuffer;

    13 

    14 function arrayBuffersEqual(a, b) {

    15   var x = new Int8Array(a);

    16   var y = new Int8Array(b);

    17   if (x.length != y.length) {

    18     return false;

    19   }

    20 

    21   for (var i = 0; i < x.length; i++) {

    22     if (x[i] != y[i]) {

    23       return false;

    24     }

    25   }

    26 

    27   return true;

    28 }

    29 

    30 function runTest() {

    31   var iframe = document.createElement('iframe');

    32   SpecialPowers.wrap(iframe).mozbrowser = true;

    33 

    34   // Our child will create two iframes, so make sure this iframe is big enough

    35   // to show both of them without scrolling, so taking a screenshot gets both

    36   // frames.

    37   iframe.height = '1000px';

    38 

    39   iframe.addEventListener('mozbrowsershowmodalprompt', function(e) {

    40     switch (e.detail.message) {

    41     case 'step 1':

    42       // Make the page wait for us to unblock it (which we do after we finish

    43       // taking the screenshot).

    44       e.preventDefault();

    45 

    46       iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) {

    47         var fr = new FileReader();

    48         fr.onloadend = function() {

    49           initialScreenshotArrayBuffer = fr.result;

    50           e.detail.unblock();

    51         }

    52         fr.readAsArrayBuffer(sshot.target.result);

    53       };

    54       break;

    55     case 'step 2':

    56       // The page has now attempted to load the X-Frame-Options page; take

    57       // another screenshot.

    58       iframe.getScreenshot(1000, 1000).onsuccess = function(sshot) {

    59         var fr = new FileReader();

    60         fr.onloadend = function() {

    61           ok(arrayBuffersEqual(fr.result, initialScreenshotArrayBuffer),

    62              "Screenshots should be identical");

    63           SimpleTest.finish();

    64         }

    65         fr.readAsArrayBuffer(sshot.target.result);

    66       };

    67       break;

    68     }

    69   });

    70 

    71   document.body.appendChild(iframe);

    72 

    73   // Load this page from a different origin than ourselves.  This page will, in

    74   // turn, load a child from mochi.test:8888, our origin, with X-Frame-Options:

    75   // SAMEORIGIN.  That load should be denied.

    76   iframe.src = 'http://example.com/tests/dom/browser-element/mochitest/file_browserElement_XFrameOptionsDeny.html';

    77 }

    78 

    79 addEventListener('testready', runTest);

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial