The Tor Browser / file revision

content/base/test/browser_bug593387.js@b8a032363ba2

content/base/test/browser_bug593387.js

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 /*

     2  * Test for bug 593387

     3  * Loads a chrome document in a content docshell and then inserts a

     4  * X-Frame-Options: DENY iframe into the document and verifies that the document

     5  * loads. The policy we are enforcing is outlined here:

     6  * https://bugzilla.mozilla.org/show_bug.cgi?id=593387#c17

     7 */

     8 var newBrowser;

     9 

    10 function test() {

    11   waitForExplicitFinish();

    12 

    13   var newTab = gBrowser.addTab();

    14   gBrowser.selectedTab = newTab;

    15   newBrowser = gBrowser.getBrowserForTab(newTab);

    16   //alert(newBrowser.contentWindow);

    17 

    18   newBrowser.addEventListener("load", testXFOFrameInChrome, true);

    19   newBrowser.contentWindow.location = "chrome://global/content/mozilla.xhtml";

    20 }

    21 

    22 function testXFOFrameInChrome() {

    23   newBrowser.removeEventListener("load", testXFOFrameInChrome, true);

    24 

    25   // Insert an iframe that specifies "X-Frame-Options: DENY" and verify

    26   // that it loads, since the top context is chrome

    27   var frame = newBrowser.contentDocument.createElement("iframe");

    28   frame.src = "http://mochi.test:8888/tests/content/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";

    29   frame.addEventListener("load", function() {

    30     frame.removeEventListener("load", arguments.callee, true);

    31 

    32     // Test that the frame loaded

    33     var test = this.contentDocument.getElementById("test");

    34     is(test.tagName, "H1", "wrong element type");

    35     is(test.textContent, "deny", "wrong textContent");

    36     

    37     // Run next test (try the same with a content top-level context)

    38     newBrowser.addEventListener("load", testXFOFrameInContent, true);

    39     newBrowser.contentWindow.location = "http://example.com/";  

    40   }, true);

    41 

    42   newBrowser.contentDocument.body.appendChild(frame);

    43 }

    44 

    45 function testXFOFrameInContent() {

    46   newBrowser.removeEventListener("load", testXFOFrameInContent, true);

    47 

    48   // Insert an iframe that specifies "X-Frame-Options: DENY" and verify that it

    49   // is blocked from loading since the top browsing context is another site

    50   var frame = newBrowser.contentDocument.createElement("iframe");

    51   frame.src = "http://mochi.test:8888/tests/content/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";

    52   frame.addEventListener("load", function() {

    53     frame.removeEventListener("load", arguments.callee, true);

    54 

    55     // Test that the frame DID NOT load

    56     var test = this.contentDocument.getElementById("test");

    57     is(test, undefined, "should be about:blank");

    58 

    59     // Finalize the test

    60     gBrowser.removeCurrentTab();

    61     finish();

    62   }, true);

    63 

    64   newBrowser.contentDocument.body.appendChild(frame);

    65 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial