1 files changed, 70 insertions, 0 deletions

diff --git a/dom/base/test/browser_bug593387.js b/dom/base/test/browser_bug593387.js
new file mode 100644
index 000000000..aa4f9dc0f
--- /dev/null
+++ b/dom/base/test/browser_bug593387.js
@@ -0,0 +1,70 @@
+/*
+ * Test for bug 593387
+ * Loads a chrome document in a content docshell and then inserts a
+ * X-Frame-Options: DENY iframe into the document and verifies that the document
+ * loads. The policy we are enforcing is outlined here:
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=593387#c17
+*/
+
+add_task(function* test() {
+  yield BrowserTestUtils.withNewTab({ gBrowser,
+                                      url: "chrome://global/content/mozilla.xhtml" },
+                                     function* (newBrowser) {
+    // NB: We load the chrome:// page in the parent process.
+    yield testXFOFrameInChrome(newBrowser);
+
+    // Run next test (try the same with a content top-level context)
+    yield BrowserTestUtils.loadURI(newBrowser, "http://example.com/");
+    yield BrowserTestUtils.browserLoaded(newBrowser);
+
+    yield ContentTask.spawn(newBrowser, null, testXFOFrameInContent);
+  });
+});
+
+function testXFOFrameInChrome(newBrowser) {
+  // Insert an iframe that specifies "X-Frame-Options: DENY" and verify
+  // that it loads, since the top context is chrome
+  var deferred = {};
+  deferred.promise = new Promise((resolve) => {
+    deferred.resolve = resolve;
+  });
+
+  var frame = newBrowser.contentDocument.createElement("iframe");
+  frame.src = "http://mochi.test:8888/tests/dom/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
+  frame.addEventListener("load", function loaded() {
+    frame.removeEventListener("load", loaded, true);
+
+    // Test that the frame loaded
+    var test = this.contentDocument.getElementById("test");
+    is(test.tagName, "H1", "wrong element type");
+    is(test.textContent, "deny", "wrong textContent");
+    deferred.resolve();
+  }, true);
+
+  newBrowser.contentDocument.body.appendChild(frame);
+  return deferred.promise;
+}
+
+function testXFOFrameInContent(newBrowser) {
+  // Insert an iframe that specifies "X-Frame-Options: DENY" and verify that it
+  // is blocked from loading since the top browsing context is another site
+  var deferred = {};
+  deferred.promise = new Promise((resolve) => {
+    deferred.resolve = resolve;
+  });
+
+  var frame = content.document.createElement("iframe");
+  frame.src = "http://mochi.test:8888/tests/dom/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
+  frame.addEventListener("load", function loaded() {
+    frame.removeEventListener("load", loaded, true);
+
+    // Test that the frame DID NOT load
+    var test = this.contentDocument.getElementById("test");
+    Assert.equal(test, null, "should be about:blank");
+
+    deferred.resolve();
+  }, true);
+
+  content.document.body.appendChild(frame);
+  return deferred.promise;
+}