diff options
Diffstat (limited to 'browser/components/sessionstore/test/browser_464620_a.js')
| -rw-r--r-- | browser/components/sessionstore/test/browser_464620_a.js | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/browser/components/sessionstore/test/browser_464620_a.js b/browser/components/sessionstore/test/browser_464620_a.js new file mode 100644 index 000000000..9756fa703 --- /dev/null +++ b/browser/components/sessionstore/test/browser_464620_a.js @@ -0,0 +1,48 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +function test() { + /** Test for Bug 464620 (injection on input) **/ + + waitForExplicitFinish(); + + let testURL = "http://mochi.test:8888/browser/" + + "browser/components/sessionstore/test/browser_464620_a.html"; + + var frameCount = 0; + let tab = gBrowser.addTab(testURL); + tab.linkedBrowser.addEventListener("load", function(aEvent) { + // wait for all frames to load completely + if (frameCount++ < 4) + return; + this.removeEventListener("load", arguments.callee, true); + + executeSoon(function() { + frameCount = 0; + let tab2 = gBrowser.duplicateTab(tab); + tab2.linkedBrowser.addEventListener("464620_a", function(aEvent) { + tab2.linkedBrowser.removeEventListener("464620_a", arguments.callee, true); + is(aEvent.data, "done", "XSS injection was attempted"); + + // let form restoration complete and take into account the + // setTimeout(..., 0) in sss_restoreDocument_proxy + executeSoon(function() { + setTimeout(function() { + let win = tab2.linkedBrowser.contentWindow; + isnot(win.frames[0].document.location, testURL, + "cross domain document was loaded"); + ok(!/XXX/.test(win.frames[0].document.body.innerHTML), + "no content was injected"); + + // clean up + gBrowser.removeTab(tab2); + gBrowser.removeTab(tab); + + finish(); + }, 0); + }); + }, true, true); + }); + }, true); +} |