summaryrefslogtreecommitdiffstats
path: root/browser/components/sessionstore/test/browser_459906.js
blob: cadab3e5cc79b45da3bda6fb0ad65fe42200cb5e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

function test() {
  /** Test for Bug 459906 **/

  waitForExplicitFinish();

  let testURL = "http://mochi.test:8888/browser/" +
    "browser/components/sessionstore/test/browser_459906_sample.html";
  let uniqueValue = "<b>Unique:</b> " + Date.now();

  var frameCount = 0;
  let tab = gBrowser.addTab(testURL);
  tab.linkedBrowser.addEventListener("load", function(aEvent) {
    // wait for all frames to load completely
    if (frameCount++ < 2)
      return;
    tab.linkedBrowser.removeEventListener("load", arguments.callee, true);

    let iframes = tab.linkedBrowser.contentWindow.frames;
    iframes[1].document.body.innerHTML = uniqueValue;

    frameCount = 0;
    let tab2 = gBrowser.duplicateTab(tab);
    tab2.linkedBrowser.addEventListener("load", function(aEvent) {
      // wait for all frames to load (and reload!) completely
      if (frameCount++ < 2)
        return;
      tab2.linkedBrowser.removeEventListener("load", arguments.callee, true);

      executeSoon(function() {
        let iframes = tab2.linkedBrowser.contentWindow.frames;
        if (iframes[1].document.body.innerHTML !== uniqueValue) {
          // Poll again the value, since we can't ensure to run
          // after SessionStore has injected innerHTML value.
          // See bug 521802.
          info("Polling for innerHTML value");
          setTimeout(arguments.callee, 100);
          return;
        }

        is(iframes[1].document.body.innerHTML, uniqueValue,
           "rich textarea's content correctly duplicated");

        let innerDomain = null;
        try {
          innerDomain = iframes[0].document.domain;
        }
        catch (ex) { /* throws for chrome: documents */ }
        is(innerDomain, "mochi.test", "XSS exploit prevented!");

        // clean up
        gBrowser.removeTab(tab2);
        gBrowser.removeTab(tab);

        finish();
      });
    }, true);
  }, true);
}