1 files changed, 55 insertions, 0 deletions

diff --git a/toolkit/components/webextensions/test/mochitest/file_permission_xhr.html b/toolkit/components/webextensions/test/mochitest/file_permission_xhr.html
new file mode 100644
index 000000000..22a55f90d
--- /dev/null
+++ b/toolkit/components/webextensions/test/mochitest/file_permission_xhr.html
@@ -0,0 +1,55 @@
+<!DOCTYPE HTML>
+
+<html>
+<head>
+<meta charset="utf-8">
+</head>
+<body>
+
+<script>
+"use strict";
+
+/* globals privilegedFetch, privilegedXHR */
+/* eslint-disable mozilla/balanced-listeners */
+
+addEventListener("message", function rcv(event) {
+  removeEventListener("message", rcv, false);
+
+  function assertTrue(condition, description) {
+    postMessage({msg: "assertTrue", condition, description}, "*");
+  }
+
+  function passListener() {
+    assertTrue(true, "Content XHR has no elevated privileges");
+    postMessage({"msg": "finish"}, "*");
+  }
+
+  function failListener() {
+    assertTrue(false, "Content XHR has no elevated privileges");
+    postMessage({"msg": "finish"}, "*");
+  }
+
+  try {
+    new privilegedXHR();
+    assertTrue(false, "Content should not have access to privileged XHR constructor");
+  } catch (e) {
+    assertTrue(/Permission denied to access object/.test(e), "Content should not have access to privileged XHR constructor");
+  }
+
+  try {
+    new privilegedFetch();
+    assertTrue(false, "Content should not have access to privileged fetch() constructor");
+  } catch (e) {
+    assertTrue(/Permission denied to access object/.test(e), "Content should not have access to privileged fetch() constructor");
+  }
+
+  let req = new XMLHttpRequest();
+  req.addEventListener("load", failListener);
+  req.addEventListener("error", passListener);
+  req.open("GET", "http://example.org/example.txt");
+  req.send();
+}, false);
+</script>
+
+</body>
+</html>