summaryrefslogtreecommitdiffstats
path: root/browser/components/sessionstore/test/browser_911547.js
diff options
context:
space:
mode:
Diffstat (limited to 'browser/components/sessionstore/test/browser_911547.js')
-rw-r--r--browser/components/sessionstore/test/browser_911547.js63
1 files changed, 0 insertions, 63 deletions
diff --git a/browser/components/sessionstore/test/browser_911547.js b/browser/components/sessionstore/test/browser_911547.js
deleted file mode 100644
index 58b2e9ef1..000000000
--- a/browser/components/sessionstore/test/browser_911547.js
+++ /dev/null
@@ -1,63 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- http://creativecommons.org/publicdomain/zero/1.0/ */
-
-// This tests that session restore component does restore the right content
-// security policy with the document.
-// The policy being tested disallows inline scripts
-
-add_task(function* test() {
- // create a tab that has a CSP
- let testURL = "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html";
- let tab = gBrowser.selectedTab = gBrowser.addTab(testURL);
- gBrowser.selectedTab = tab;
-
- let browser = tab.linkedBrowser;
- yield promiseBrowserLoaded(browser);
-
- // this is a baseline to ensure CSP is active
- // attempt to inject and run a script via inline (pre-restore, allowed)
- yield injectInlineScript(browser, `document.getElementById("test_id").value = "fail";`);
-
- let loadedPromise = promiseBrowserLoaded(browser);
- yield ContentTask.spawn(browser, null, function() {
- is(content.document.getElementById("test_id").value, "ok",
- "CSP should block the inline script that modifies test_id");
-
- // attempt to click a link to a data: URI (will inherit the CSP of the
- // origin document) and navigate to the data URI in the link.
- content.document.getElementById("test_data_link").click();
- });
-
- yield loadedPromise;
-
- yield ContentTask.spawn(browser, null, function() {
- is(content.document.getElementById("test_id2").value, "ok",
- "CSP should block the script loaded by the clicked data URI");
- });
-
- // close the tab
- yield promiseRemoveTab(tab);
-
- // open new tab and recover the state
- tab = ss.undoCloseTab(window, 0);
- yield promiseTabRestored(tab);
- browser = tab.linkedBrowser;
-
- yield ContentTask.spawn(browser, null, function() {
- is(content.document.getElementById("test_id2").value, "ok",
- "CSP should block the script loaded by the clicked data URI after restore");
- });
-
- // clean up
- gBrowser.removeTab(tab);
-});
-
-// injects an inline script element (with a text body)
-function injectInlineScript(browser, scriptText) {
- return ContentTask.spawn(browser, scriptText, function(text) {
- let scriptElt = content.document.createElement("script");
- scriptElt.type = "text/javascript";
- scriptElt.text = text;
- content.document.body.appendChild(scriptElt);
- });
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 17:15:46 +0000