michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: function test() {
michael@0:   /** Test for Bug 461743 **/
michael@0: 
michael@0:   waitForExplicitFinish();
michael@0: 
michael@0:   let testURL = "http://mochi.test:8888/browser/" +
michael@0:     "browser/components/sessionstore/test/browser_461743_sample.html";
michael@0: 
michael@0:   let frameCount = 0;
michael@0:   let tab = gBrowser.addTab(testURL);
michael@0:   tab.linkedBrowser.addEventListener("load", function(aEvent) {
michael@0:     // Wait for all frames to load completely.
michael@0:     if (frameCount++ < 2)
michael@0:       return;
michael@0:     tab.linkedBrowser.removeEventListener("load", arguments.callee, true);
michael@0:     let tab2 = gBrowser.duplicateTab(tab);
michael@0:     tab2.linkedBrowser.addEventListener("461743", function(aEvent) {
michael@0:       tab2.linkedBrowser.removeEventListener("461743", arguments.callee, true);
michael@0:       is(aEvent.data, "done", "XSS injection was attempted");
michael@0: 
michael@0:       executeSoon(function() {
michael@0:         let iframes = tab2.linkedBrowser.contentWindow.frames;
michael@0:         let innerHTML = iframes[1].document.body.innerHTML;
michael@0:         isnot(innerHTML, Components.utils.reportError.toString(),
michael@0:               "chrome access denied!");
michael@0: 
michael@0:         // Clean up.
michael@0:         gBrowser.removeTab(tab2);
michael@0:         gBrowser.removeTab(tab);
michael@0: 
michael@0:         finish();
michael@0:       });
michael@0:     }, true, true);
michael@0:   }, true);
michael@0: }