michael@0: /* Any copyright is dedicated to the Public Domain.
michael@0:  * http://creativecommons.org/publicdomain/zero/1.0/ */
michael@0: 
michael@0: "use strict";
michael@0: 
michael@0: const URL = ROOT + "browser_466937_sample.html";
michael@0: 
michael@0: /**
michael@0:  * Bug 466937 - Prevent file stealing with sessionstore.
michael@0:  */
michael@0: add_task(function test_prevent_file_stealing() {
michael@0:   // Add a tab with some file input fields.
michael@0:   let tab = gBrowser.addTab(URL);
michael@0:   let browser = tab.linkedBrowser;
michael@0:   yield promiseBrowserLoaded(browser);
michael@0: 
michael@0:   // Generate a path to a 'secret' file.
michael@0:   let file = Services.dirsvc.get("TmpD", Ci.nsIFile);
michael@0:   file.append("466937_test.file");
michael@0:   file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, parseInt("666", 8));
michael@0:   let testPath = file.path;
michael@0: 
michael@0:   // Fill in form values.
michael@0:   yield setInputValue(browser, {id: "reverse_thief", value: "/home/user/secret2"});
michael@0:   yield setInputValue(browser, {id: "bystander", value: testPath});
michael@0: 
michael@0:   // Duplicate and check form values.
michael@0:   let tab2 = gBrowser.duplicateTab(tab);
michael@0:   let browser2 = tab2.linkedBrowser;
michael@0:   yield promiseTabRestored(tab2);
michael@0: 
michael@0:   let thief = yield getInputValue(browser2, {id: "thief"});
michael@0:   is(thief, "", "file path wasn't set to text field value");
michael@0:   let reverse_thief = yield getInputValue(browser2, {id: "reverse_thief"});
michael@0:   is(reverse_thief, "", "text field value wasn't set to full file path");
michael@0:   let bystander = yield getInputValue(browser2, {id: "bystander"});
michael@0:   is(bystander, testPath, "normal case: file path was correctly preserved");
michael@0: 
michael@0:   // Cleanup.
michael@0:   gBrowser.removeTab(tab);
michael@0:   gBrowser.removeTab(tab2);
michael@0: });