summaryrefslogtreecommitdiffstats
path: root/dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js
diff options
context:
space:
mode:
Diffstat (limited to 'dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js')
-rw-r--r--dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js63
1 files changed, 63 insertions, 0 deletions
diff --git a/dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js b/dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js
new file mode 100644
index 000000000..bf307cc19
--- /dev/null
+++ b/dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js
@@ -0,0 +1,63 @@
+/* Any copyright is dedicated to the public domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Bug 770239 - Test that X-Frame-Options will correctly block a page inside a
+// subframe of <iframe mozbrowser>.
+"use strict";
+
+SimpleTest.waitForExplicitFinish();
+browserElementTestHelpers.setEnabledPref(true);
+browserElementTestHelpers.addPermission();
+
+var initialScreenshotArrayBuffer;
+
+function arrayBuffersEqual(a, b) {
+ var x = new Int8Array(a);
+ var y = new Int8Array(b);
+ if (x.length != y.length) {
+ return false;
+ }
+
+ for (var i = 0; i < x.length; i++) {
+ if (x[i] != y[i]) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+function runTest() {
+ var iframe = document.createElement('iframe');
+ iframe.setAttribute('mozbrowser', 'true');
+
+ // Our child will create two iframes, so make sure this iframe is big enough
+ // to show both of them without scrolling, so taking a screenshot gets both
+ // frames.
+ iframe.height = '1000px';
+
+ var step1, stepfinish;
+ iframe.addEventListener('mozbrowsershowmodalprompt', function(e) {
+ switch (e.detail.message) {
+ case 'step 1':
+ step1 = SpecialPowers.snapshotWindow(iframe.contentWindow);
+ break;
+ case 'step 2':
+ // The page has now attempted to load the X-Frame-Options page; take
+ // another screenshot.
+ stepfinish = SpecialPowers.snapshotWindow(iframe.contentWindow);
+ ok(step1.toDataURL() == stepfinish.toDataURL(), "Screenshots should be identical");
+ SimpleTest.finish();
+ break;
+ }
+ });
+
+ document.body.appendChild(iframe);
+
+ // Load this page from a different origin than ourselves. This page will, in
+ // turn, load a child from mochi.test:8888, our origin, with X-Frame-Options:
+ // SAMEORIGIN. That load should be denied.
+ iframe.src = 'http://example.com/tests/dom/browser-element/mochitest/file_browserElement_XFrameOptionsDeny.html';
+}
+
+addEventListener('testready', runTest);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-02 10:07:22 +0000