diff options
Diffstat (limited to 'toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js')
-rw-r--r-- | toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js b/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js new file mode 100644 index 000000000..07947a135 --- /dev/null +++ b/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_xorigin.js @@ -0,0 +1,38 @@ +// ---------------------------------------------------------------------------- +// Ensure that an inner frame from a different origin can't initiate an install + +let wasOriginBlocked = false; + +function test() { + Harness.installOriginBlockedCallback = install_blocked; + Harness.installsCompletedCallback = finish_test; + Harness.finalContentEvent = "InstallComplete"; + Harness.setup(); + + var pm = Services.perms; + pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION); + + var inner_url = encodeURIComponent(TESTROOT + "installtrigger.html?" + encodeURIComponent(JSON.stringify({ + "Unsigned XPI": { + URL: TESTROOT + "unsigned.xpi", + IconURL: TESTROOT + "icon.png", + toString: function() { return this.URL; } + } + }))); + gBrowser.selectedTab = gBrowser.addTab(); + gBrowser.loadURI(TESTROOT2 + "installtrigger_frame.html?" + inner_url); +} + +function install_blocked(installInfo) { + wasOriginBlocked = true; +} + +function finish_test(count) { + ok(wasOriginBlocked, "Should have been blocked due to the cross origin request."); + + is(count, 0, "No add-ons should have been installed"); + Services.perms.remove("http://example.com", "install"); + + gBrowser.removeCurrentTab(); + Harness.finish(); +} |