From 8dcc716efdf415611f09e30f213342a484c70150 Mon Sep 17 00:00:00 2001
From: janekptacijarabaci <janekptacijarabaci@seznam.cz>
Date: Mon, 30 Apr 2018 23:56:11 +0200
Subject: Bug 1359204 - Test view-source can open link is not blocked by
 security policies

---
 docshell/test/browser/browser.ini                  |  2 +
 .../browser_click_link_within_view_source.js       | 60 ++++++++++++++++++++++
 .../file_click_link_within_view_source.html        |  6 +++
 3 files changed, 68 insertions(+)
 create mode 100644 docshell/test/browser/browser_click_link_within_view_source.js
 create mode 100644 docshell/test/browser/file_click_link_within_view_source.html

(limited to 'docshell/test')

diff --git a/docshell/test/browser/browser.ini b/docshell/test/browser/browser.ini
index 28d5010ed..300caff1a 100644
--- a/docshell/test/browser/browser.ini
+++ b/docshell/test/browser/browser.ini
@@ -46,6 +46,7 @@ support-files =
   browser_timelineMarkers-frame-05.js
   head.js
   frame-head.js
+  file_click_link_within_view_source.html
 
 [browser_bug1206879.js]
 [browser_bug1309900_crossProcessHistoryNavigation.js]
@@ -92,3 +93,4 @@ skip-if = true # Bug 1220415
 [browser_timelineMarkers-04.js]
 [browser_timelineMarkers-05.js]
 [browser_ua_emulation.js]
+[browser_click_link_within_view_source.js]
diff --git a/docshell/test/browser/browser_click_link_within_view_source.js b/docshell/test/browser/browser_click_link_within_view_source.js
new file mode 100644
index 000000000..84cfc1f0f
--- /dev/null
+++ b/docshell/test/browser/browser_click_link_within_view_source.js
@@ -0,0 +1,60 @@
+"use strict";
+
+/**
+ * Test for Bug 1359204
+ *
+ * Loading a local file, then view-source on that file. Make sure that
+ * clicking a link within that view-source page is not blocked by security checks.
+ */
+
+add_task(function* test_click_link_within_view_source() {
+  let TEST_FILE = "file_click_link_within_view_source.html";
+  let TEST_FILE_URI = getChromeDir(getResolvedURI(gTestPath));
+  TEST_FILE_URI.append(TEST_FILE);
+  TEST_FILE_URI = Services.io.newFileURI(TEST_FILE_URI).spec;
+
+  let DUMMY_FILE = "dummy_page.html";
+  let DUMMY_FILE_URI = getChromeDir(getResolvedURI(gTestPath));
+  DUMMY_FILE_URI.append(DUMMY_FILE);
+  DUMMY_FILE_URI = Services.io.newFileURI(DUMMY_FILE_URI).spec;
+
+  yield BrowserTestUtils.withNewTab(TEST_FILE_URI, function*(aBrowser) {
+    let tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+    info("loading: " + tabSpec);
+    ok(tabSpec.startsWith("file://") && tabSpec.endsWith(TEST_FILE),
+       "sanity check to make sure html loaded");
+
+    info("click view-source of html");
+    let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser);
+    document.getElementById("View:PageSource").doCommand();
+
+    let tab = yield tabPromise;
+    tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+    info("loading: " + tabSpec);
+    ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(TEST_FILE),
+       "loading view-source of html succeeded");
+
+    info("click testlink within view-source page");
+    let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, url => url.endsWith("dummy_page.html"));
+    yield ContentTask.spawn(gBrowser.selectedBrowser, {}, function*() {
+      if (content.document.readyState != "complete") {
+        yield ContentTaskUtils.waitForEvent(content.document, "readystatechange", false, () =>
+          content.document.readyState == "complete");
+      }
+      // document.getElementById() does not work on a view-source page, hence we use document.links
+      let linksOnPage = content.document.links;
+      is (linksOnPage.length, 1, "sanity check: make sure only one link is present on page");
+      let myLink = content.document.links[0];
+      myLink.click();
+    });
+
+    yield loadPromise;
+
+    tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+    info("loading: " + tabSpec);
+    ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(DUMMY_FILE),
+       "loading view-source of html succeeded");
+
+    yield BrowserTestUtils.removeTab(tab);
+  });
+});
diff --git a/docshell/test/browser/file_click_link_within_view_source.html b/docshell/test/browser/file_click_link_within_view_source.html
new file mode 100644
index 000000000..d78e4ba0f
--- /dev/null
+++ b/docshell/test/browser/file_click_link_within_view_source.html
@@ -0,0 +1,6 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+  <body>
+  <a id="testlink" href="dummy_page.html">clickme</a>
+  </body>
+</html>
-- 
cgit v1.2.3