diff options
Diffstat (limited to 'dom/plugins/test/mochitest/test_bug813906.html')
| -rw-r--r-- | dom/plugins/test/mochitest/test_bug813906.html | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/dom/plugins/test/mochitest/test_bug813906.html b/dom/plugins/test/mochitest/test_bug813906.html new file mode 100644 index 000000000..04c34daaf --- /dev/null +++ b/dom/plugins/test/mochitest/test_bug813906.html @@ -0,0 +1,54 @@ +<!doctype html> +<html> +<head> + <title>Test for Bug 813906</title> + <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <script type="text/javascript" src="plugin-utils.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> + + <meta http-equiv="content-type" content="text/html; charset=utf-8"> + <base href="chrome://browser/content/"> +</head> +<body> + +<script type="application/javascript"> +function f() { + document.getElementsByTagName("base")[0].href = "http://www.safe.com/"; +} +</script> + +<script type="application/javascript"> +SimpleTest.waitForExplicitFinish(); +setTestPluginEnabledState(SpecialPowers.Ci.nsIPluginTag.STATE_ENABLED); + +var frameLoadCount = 0; +function frameLoaded() { + frameLoadCount++; + if (frameLoadCount == 1) { + document.getElementsByTagName("object")[0].type = "application/x-test"; + document.getElementsByTagName("use")[0].setAttributeNS("http://www.w3.org/1999/xlink", "href", location.href + "#a"); + } else if (frameLoadCount == 2) { + isnot(SpecialPowers.wrap(window.frame1).location.href.indexOf('chrome://'), + 0, 'plugin shouldnt be able to cause navigation to chrome URLs'); + SimpleTest.finish(); + } +} +</script> + +<!-- Note that <svg:use> ends up creating an anonymous subtree, which means that the plugin + reflector gets hoisted into the XBL scope, and isn't accessible to content. We pass + the 'donttouchelement' parameter to the plugin to prevent it from trying to define the + 'pluginFoundElement' property on the plugin reflector, since doing so would throw a + security exception. --> +<svg> + <symbol id="a"> + <foreignObject> + <object bugmode="813906" frame="frame1"><param name="donttouchelement"></param></object> + </foreignObject> + </symbol> + <use /> +</svg> + +<iframe name="frame1" onload="frameLoaded()"></iframe> +</body> +</html> |