browser/components/sessionstore/test/browser_466937.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

const URL = ROOT + "browser_466937_sample.html";

/**
 * Bug 466937 - Prevent file stealing with sessionstore.
 */
add_task(function test_prevent_file_stealing() {
  // Add a tab with some file input fields.
  let tab = gBrowser.addTab(URL);
  let browser = tab.linkedBrowser;
  yield promiseBrowserLoaded(browser);

  // Generate a path to a 'secret' file.
  let file = Services.dirsvc.get("TmpD", Ci.nsIFile);
  file.append("466937_test.file");
  file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
  let testPath = file.path;

  // Fill in form values.
  yield setInputValue(browser, {id: "reverse_thief", value: "/home/user/secret2"});
  yield setInputValue(browser, {id: "bystander", value: testPath});

  // Duplicate and check form values.
  let tab2 = gBrowser.duplicateTab(tab);
  let browser2 = tab2.linkedBrowser;
  yield promiseTabRestored(tab2);

  let thief = yield getInputValue(browser2, {id: "thief"});
  is(thief, "", "file path wasn't set to text field value");
  let reverse_thief = yield getInputValue(browser2, {id: "reverse_thief"});
  is(reverse_thief, "", "text field value wasn't set to full file path");
  let bystander = yield getInputValue(browser2, {id: "bystander"});
  is(bystander, testPath, "normal case: file path was correctly preserved");

  // Cleanup.
  gBrowser.removeTab(tab);
  gBrowser.removeTab(tab2);
});