michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: function test() {
michael@0:   /** Test for Bug 459906 **/
michael@0: 
michael@0:   waitForExplicitFinish();
michael@0: 
michael@0:   let testURL = "http://mochi.test:8888/browser/" +
michael@0:     "browser/components/sessionstore/test/browser_459906_sample.html";
michael@0:   let uniqueValue = "<b>Unique:</b> " + Date.now();
michael@0: 
michael@0:   var frameCount = 0;
michael@0:   let tab = gBrowser.addTab(testURL);
michael@0:   tab.linkedBrowser.addEventListener("load", function(aEvent) {
michael@0:     // wait for all frames to load completely
michael@0:     if (frameCount++ < 2)
michael@0:       return;
michael@0:     tab.linkedBrowser.removeEventListener("load", arguments.callee, true);
michael@0: 
michael@0:     let iframes = tab.linkedBrowser.contentWindow.frames;
michael@0:     iframes[1].document.body.innerHTML = uniqueValue;
michael@0: 
michael@0:     frameCount = 0;
michael@0:     let tab2 = gBrowser.duplicateTab(tab);
michael@0:     tab2.linkedBrowser.addEventListener("load", function(aEvent) {
michael@0:       // wait for all frames to load (and reload!) completely
michael@0:       if (frameCount++ < 2)
michael@0:         return;
michael@0:       tab2.linkedBrowser.removeEventListener("load", arguments.callee, true);
michael@0: 
michael@0:       executeSoon(function() {
michael@0:         let iframes = tab2.linkedBrowser.contentWindow.frames;
michael@0:         if (iframes[1].document.body.innerHTML !== uniqueValue) {
michael@0:           // Poll again the value, since we can't ensure to run
michael@0:           // after SessionStore has injected innerHTML value.
michael@0:           // See bug 521802.
michael@0:           info("Polling for innerHTML value");
michael@0:           setTimeout(arguments.callee, 100);
michael@0:           return;
michael@0:         }
michael@0: 
michael@0:         is(iframes[1].document.body.innerHTML, uniqueValue,
michael@0:            "rich textarea's content correctly duplicated");
michael@0: 
michael@0:         let innerDomain = null;
michael@0:         try {
michael@0:           innerDomain = iframes[0].document.domain;
michael@0:         }
michael@0:         catch (ex) { /* throws for chrome: documents */ }
michael@0:         is(innerDomain, "mochi.test", "XSS exploit prevented!");
michael@0: 
michael@0:         // clean up
michael@0:         gBrowser.removeTab(tab2);
michael@0:         gBrowser.removeTab(tab);
michael@0: 
michael@0:         finish();
michael@0:       });
michael@0:     }, true);
michael@0:   }, true);
michael@0: }