diff options
| author | Moonchild <mcwerewolf@gmail.com> | 2018-05-01 09:53:46 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-01 09:53:46 +0200 |
| commit | ae45e61da06ba989fcbb856183d9578d4d4f51ed (patch) | |
| tree | 5c7dea17ce684c1cce57011ef487370c22d0e677 /docshell/test/browser | |
| parent | fefce8f7ccbc476cfc46e61b01eff069346d3c73 (diff) | |
| parent | cc4036a9cd56d504667c07fe215e61b22ab0e1f4 (diff) | |
| download | UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar.gz UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar.lz UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.tar.xz UXP-ae45e61da06ba989fcbb856183d9578d4d4f51ed.zip | |
Merge pull request #311 from janekptacijarabaci/security_blocking_data_2
Use asyncOpen2() for docshell loads
Diffstat (limited to 'docshell/test/browser')
5 files changed, 125 insertions, 0 deletions
diff --git a/docshell/test/browser/browser.ini b/docshell/test/browser/browser.ini index 9211092a4..300caff1a 100644 --- a/docshell/test/browser/browser.ini +++ b/docshell/test/browser/browser.ini @@ -1,5 +1,6 @@ [DEFAULT] support-files = + dummy_page.html favicon_bug655270.ico file_bug234628-1-child.html file_bug234628-1.html @@ -45,6 +46,7 @@ support-files = browser_timelineMarkers-frame-05.js head.js frame-head.js + file_click_link_within_view_source.html [browser_bug1206879.js] [browser_bug1309900_crossProcessHistoryNavigation.js] @@ -91,3 +93,4 @@ skip-if = true # Bug 1220415 [browser_timelineMarkers-04.js] [browser_timelineMarkers-05.js] [browser_ua_emulation.js] +[browser_click_link_within_view_source.js] diff --git a/docshell/test/browser/browser_click_link_within_view_source.js b/docshell/test/browser/browser_click_link_within_view_source.js new file mode 100644 index 000000000..84cfc1f0f --- /dev/null +++ b/docshell/test/browser/browser_click_link_within_view_source.js @@ -0,0 +1,60 @@ +"use strict"; + +/** + * Test for Bug 1359204 + * + * Loading a local file, then view-source on that file. Make sure that + * clicking a link within that view-source page is not blocked by security checks. + */ + +add_task(function* test_click_link_within_view_source() { + let TEST_FILE = "file_click_link_within_view_source.html"; + let TEST_FILE_URI = getChromeDir(getResolvedURI(gTestPath)); + TEST_FILE_URI.append(TEST_FILE); + TEST_FILE_URI = Services.io.newFileURI(TEST_FILE_URI).spec; + + let DUMMY_FILE = "dummy_page.html"; + let DUMMY_FILE_URI = getChromeDir(getResolvedURI(gTestPath)); + DUMMY_FILE_URI.append(DUMMY_FILE); + DUMMY_FILE_URI = Services.io.newFileURI(DUMMY_FILE_URI).spec; + + yield BrowserTestUtils.withNewTab(TEST_FILE_URI, function*(aBrowser) { + let tabSpec = gBrowser.selectedBrowser.currentURI.spec; + info("loading: " + tabSpec); + ok(tabSpec.startsWith("file://") && tabSpec.endsWith(TEST_FILE), + "sanity check to make sure html loaded"); + + info("click view-source of html"); + let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser); + document.getElementById("View:PageSource").doCommand(); + + let tab = yield tabPromise; + tabSpec = gBrowser.selectedBrowser.currentURI.spec; + info("loading: " + tabSpec); + ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(TEST_FILE), + "loading view-source of html succeeded"); + + info("click testlink within view-source page"); + let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, url => url.endsWith("dummy_page.html")); + yield ContentTask.spawn(gBrowser.selectedBrowser, {}, function*() { + if (content.document.readyState != "complete") { + yield ContentTaskUtils.waitForEvent(content.document, "readystatechange", false, () => + content.document.readyState == "complete"); + } + // document.getElementById() does not work on a view-source page, hence we use document.links + let linksOnPage = content.document.links; + is (linksOnPage.length, 1, "sanity check: make sure only one link is present on page"); + let myLink = content.document.links[0]; + myLink.click(); + }); + + yield loadPromise; + + tabSpec = gBrowser.selectedBrowser.currentURI.spec; + info("loading: " + tabSpec); + ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(DUMMY_FILE), + "loading view-source of html succeeded"); + + yield BrowserTestUtils.removeTab(tab); + }); +}); diff --git a/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js b/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js new file mode 100644 index 000000000..96908bbc2 --- /dev/null +++ b/docshell/test/browser/browser_history_triggeringprincipal_viewsource.js @@ -0,0 +1,50 @@ +"use strict"; + +const TEST_PATH = getRootDirectory(gTestPath).replace("chrome://mochitests/content", "http://example.com"); +const HTML_URI = TEST_PATH + "dummy_page.html"; +const VIEW_SRC_URI = "view-source:" + HTML_URI; + +add_task(function*() { + info("load baseline html in new tab"); + yield BrowserTestUtils.withNewTab(HTML_URI, function*(aBrowser) { + is(gBrowser.selectedBrowser.currentURI.spec, HTML_URI, + "sanity check to make sure html loaded"); + + info("right-click -> view-source of html"); + let vSrcCtxtMenu = document.getElementById("contentAreaContextMenu"); + let popupPromise = BrowserTestUtils.waitForEvent(vSrcCtxtMenu, "popupshown"); + BrowserTestUtils.synthesizeMouseAtCenter("body", { type: "contextmenu", button: 2 }, aBrowser); + yield popupPromise; + let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser, VIEW_SRC_URI); + let vSrcItem = vSrcCtxtMenu.getElementsByAttribute("id", "context-viewsource")[0]; + vSrcItem.click(); + vSrcCtxtMenu.hidePopup(); + let tab = yield tabPromise; + is(gBrowser.selectedBrowser.currentURI.spec, VIEW_SRC_URI, + "loading view-source of html succeeded"); + + info ("load html file again before going .back()"); + let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, HTML_URI); + yield ContentTask.spawn(tab.linkedBrowser, HTML_URI, HTML_URI => { + content.document.location = HTML_URI; + }); + yield loadPromise; + is(gBrowser.selectedBrowser.currentURI.spec, HTML_URI, + "loading html another time succeeded"); + + info("click .back() to view-source of html again and make sure the history entry has a triggeringPrincipal"); + let backCtxtMenu = document.getElementById("contentAreaContextMenu"); + popupPromise = BrowserTestUtils.waitForEvent(backCtxtMenu, "popupshown"); + BrowserTestUtils.synthesizeMouseAtCenter("body", { type: "contextmenu", button: 2 }, aBrowser); + yield popupPromise; + loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, VIEW_SRC_URI); + let backItem = backCtxtMenu.getElementsByAttribute("id", "context-back")[0]; + backItem.click(); + backCtxtMenu.hidePopup(); + yield loadPromise; + is(gBrowser.selectedBrowser.currentURI.spec, VIEW_SRC_URI, + "clicking .back() to view-source of html succeeded"); + + yield BrowserTestUtils.removeTab(tab); + }); +}); diff --git a/docshell/test/browser/dummy_page.html b/docshell/test/browser/dummy_page.html new file mode 100644 index 000000000..59bf2a5f8 --- /dev/null +++ b/docshell/test/browser/dummy_page.html @@ -0,0 +1,6 @@ +<html> +<head> <meta charset="utf-8"> </head> + <body> + just a dummy html file + </body> +</html> diff --git a/docshell/test/browser/file_click_link_within_view_source.html b/docshell/test/browser/file_click_link_within_view_source.html new file mode 100644 index 000000000..d78e4ba0f --- /dev/null +++ b/docshell/test/browser/file_click_link_within_view_source.html @@ -0,0 +1,6 @@ +<html> +<head> <meta charset="utf-8"> </head> + <body> + <a id="testlink" href="dummy_page.html">clickme</a> + </body> +</html> |