blob: 07947a13559575ac3448220b329f3b44dd4658fe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
// ----------------------------------------------------------------------------
// Ensure that an inner frame from a different origin can't initiate an install
let wasOriginBlocked = false;
function test() {
Harness.installOriginBlockedCallback = install_blocked;
Harness.installsCompletedCallback = finish_test;
Harness.finalContentEvent = "InstallComplete";
Harness.setup();
var pm = Services.perms;
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
var inner_url = encodeURIComponent(TESTROOT + "installtrigger.html?" + encodeURIComponent(JSON.stringify({
"Unsigned XPI": {
URL: TESTROOT + "unsigned.xpi",
IconURL: TESTROOT + "icon.png",
toString: function() { return this.URL; }
}
})));
gBrowser.selectedTab = gBrowser.addTab();
gBrowser.loadURI(TESTROOT2 + "installtrigger_frame.html?" + inner_url);
}
function install_blocked(installInfo) {
wasOriginBlocked = true;
}
function finish_test(count) {
ok(wasOriginBlocked, "Should have been blocked due to the cross origin request.");
is(count, 0, "No add-ons should have been installed");
Services.perms.remove("http://example.com", "install");
gBrowser.removeCurrentTab();
Harness.finish();
}
|
