diff options
author | Matt A. Tobin <email@mattatobin.com> | 2018-02-11 07:03:16 -0500 |
---|---|---|
committer | Matt A. Tobin <email@mattatobin.com> | 2018-02-11 07:03:16 -0500 |
commit | 203eb0f61a09372310a2a8fb57e169cb3f47800b (patch) | |
tree | 8490329d3dae4de3c7ffd127bce1f65fdc009abd /toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js | |
parent | e45706ca3acbb6530419433212becc61d5953a2d (diff) | |
parent | 8f6d3dab81c7f8f97ef197e26ab9439b09735b8f (diff) | |
download | UXP-FF_Checkpoint_1.tar UXP-FF_Checkpoint_1.tar.gz UXP-FF_Checkpoint_1.tar.lz UXP-FF_Checkpoint_1.tar.xz UXP-FF_Checkpoint_1.zip |
Merge branch 'ext-work'FF_Checkpoint_1
Diffstat (limited to 'toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js')
-rw-r--r-- | toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js b/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js new file mode 100644 index 000000000..07947a135 --- /dev/null +++ b/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js @@ -0,0 +1,38 @@ +// ---------------------------------------------------------------------------- +// Ensure that an inner frame from a different origin can't initiate an install + +let wasOriginBlocked = false; + +function test() { + Harness.installOriginBlockedCallback = install_blocked; + Harness.installsCompletedCallback = finish_test; + Harness.finalContentEvent = "InstallComplete"; + Harness.setup(); + + var pm = Services.perms; + pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION); + + var inner_url = encodeURIComponent(TESTROOT + "installtrigger.html?" + encodeURIComponent(JSON.stringify({ + "Unsigned XPI": { + URL: TESTROOT + "unsigned.xpi", + IconURL: TESTROOT + "icon.png", + toString: function() { return this.URL; } + } + }))); + gBrowser.selectedTab = gBrowser.addTab(); + gBrowser.loadURI(TESTROOT2 + "installtrigger_frame.html?" + inner_url); +} + +function install_blocked(installInfo) { + wasOriginBlocked = true; +} + +function finish_test(count) { + ok(wasOriginBlocked, "Should have been blocked due to the cross origin request."); + + is(count, 0, "No add-ons should have been installed"); + Services.perms.remove("http://example.com", "install"); + + gBrowser.removeCurrentTab(); + Harness.finish(); +} |