michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: function test() { michael@0: /** Test for Bug 464620 (injection on input) **/ michael@0: michael@0: waitForExplicitFinish(); michael@0: michael@0: let testURL = "http://mochi.test:8888/browser/" + michael@0: "browser/components/sessionstore/test/browser_464620_a.html"; michael@0: michael@0: var frameCount = 0; michael@0: let tab = gBrowser.addTab(testURL); michael@0: tab.linkedBrowser.addEventListener("load", function(aEvent) { michael@0: // wait for all frames to load completely michael@0: if (frameCount++ < 4) michael@0: return; michael@0: this.removeEventListener("load", arguments.callee, true); michael@0: michael@0: executeSoon(function() { michael@0: frameCount = 0; michael@0: let tab2 = gBrowser.duplicateTab(tab); michael@0: tab2.linkedBrowser.addEventListener("464620_a", function(aEvent) { michael@0: tab2.linkedBrowser.removeEventListener("464620_a", arguments.callee, true); michael@0: is(aEvent.data, "done", "XSS injection was attempted"); michael@0: michael@0: // let form restoration complete and take into account the michael@0: // setTimeout(..., 0) in sss_restoreDocument_proxy michael@0: executeSoon(function() { michael@0: setTimeout(function() { michael@0: let win = tab2.linkedBrowser.contentWindow; michael@0: isnot(win.frames[0].document.location, testURL, michael@0: "cross domain document was loaded"); michael@0: ok(!/XXX/.test(win.frames[0].document.body.innerHTML), michael@0: "no content was injected"); michael@0: michael@0: // clean up michael@0: gBrowser.removeTab(tab2); michael@0: gBrowser.removeTab(tab); michael@0: michael@0: finish(); michael@0: }, 0); michael@0: }); michael@0: }, true, true); michael@0: }); michael@0: }, true); michael@0: }