Add m-esr52 at 52.6.0

author: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
committer: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
commit: 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree: 10027f336435511475e392454359edea8e25895d /browser/components/sessionstore/test/browser_464620_a.js
parent: 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download: UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
1 files changed, 48 insertions, 0 deletions
diff --git a/browser/components/sessionstore/test/browser_464620_a.js b/browser/components/sessionstore/test/browser_464620_a.js
new file mode 100644
index 000000000..9756fa703
--- /dev/null
+++ b/browser/components/sessionstore/test/browser_464620_a.js
@@ -0,0 +1,48 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function test() {
+  /** Test for Bug 464620 (injection on input) **/
+
+  waitForExplicitFinish();
+
+  let testURL = "http://mochi.test:8888/browser/" +
+    "browser/components/sessionstore/test/browser_464620_a.html";
+
+  var frameCount = 0;
+  let tab = gBrowser.addTab(testURL);
+  tab.linkedBrowser.addEventListener("load", function(aEvent) {
+    // wait for all frames to load completely
+    if (frameCount++ < 4)
+      return;
+    this.removeEventListener("load", arguments.callee, true);
+
+    executeSoon(function() {
+      frameCount = 0;
+      let tab2 = gBrowser.duplicateTab(tab);
+      tab2.linkedBrowser.addEventListener("464620_a", function(aEvent) {
+        tab2.linkedBrowser.removeEventListener("464620_a", arguments.callee, true);
+        is(aEvent.data, "done", "XSS injection was attempted");
+
+        // let form restoration complete and take into account the
+        // setTimeout(..., 0) in sss_restoreDocument_proxy
+        executeSoon(function() {
+          setTimeout(function() {
+            let win = tab2.linkedBrowser.contentWindow;
+            isnot(win.frames[0].document.location, testURL,
+                  "cross domain document was loaded");
+            ok(!/XXX/.test(win.frames[0].document.body.innerHTML),
+               "no content was injected");
+
+            // clean up
+            gBrowser.removeTab(tab2);
+            gBrowser.removeTab(tab);
+
+            finish();
+          }, 0);
+        });
+      }, true, true);
+    });
+  }, true);
+}
author	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
committer	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
commit	5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree	10027f336435511475e392454359edea8e25895d /browser/components/sessionstore/test/browser_464620_a.js
parent	49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download	UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip