tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_459906.js (2468B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /* eslint-disable mozilla/no-arbitrary-setTimeout */
      5 
      6 function test() {
      7  /** Test for Bug 459906 */
      8 
      9  waitForExplicitFinish();
     10 
     11  let testURL =
     12    "http://mochi.test:8888/browser/" +
     13    "browser/components/sessionstore/test/browser_459906_sample.html";
     14  let uniqueValue = "<b>Unique:</b> " + Date.now();
     15 
     16  var frameCount = 0;
     17  let tab = BrowserTestUtils.addTab(gBrowser, testURL);
     18  tab.linkedBrowser.addEventListener(
     19    "load",
     20    function listener() {
     21      // wait for all frames to load completely
     22      if (frameCount++ < 2) {
     23        return;
     24      }
     25      tab.linkedBrowser.removeEventListener("load", listener, true);
     26 
     27      let iframes = tab.linkedBrowser.contentWindow.frames;
     28      iframes[1].document.body.innerHTML = uniqueValue;
     29 
     30      frameCount = 0;
     31      let tab2 = gBrowser.duplicateTab(tab);
     32      tab2.linkedBrowser.addEventListener(
     33        "load",
     34        function loadListener() {
     35          // wait for all frames to load (and reload!) completely
     36          if (frameCount++ < 2) {
     37            return;
     38          }
     39          tab2.linkedBrowser.removeEventListener("load", loadListener, true);
     40 
     41          executeSoon(function innerHTMLPoller() {
     42            let iframesTab2 = tab2.linkedBrowser.contentWindow.frames;
     43            if (iframesTab2[1].document.body.innerHTML !== uniqueValue) {
     44              // Poll again the value, since we can't ensure to run
     45              // after SessionStore has injected innerHTML value.
     46              // See bug 521802.
     47              info("Polling for innerHTML value");
     48              setTimeout(innerHTMLPoller, 100);
     49              return;
     50            }
     51 
     52            is(
     53              iframesTab2[1].document.body.innerHTML,
     54              uniqueValue,
     55              "rich textarea's content correctly duplicated"
     56            );
     57 
     58            let innerDomain = null;
     59            try {
     60              innerDomain = iframesTab2[0].document.domain;
     61            } catch (ex) {
     62              /* throws for chrome: documents */
     63            }
     64            is(innerDomain, "mochi.test", "XSS exploit prevented!");
     65 
     66            // clean up
     67            gBrowser.removeTab(tab2);
     68            gBrowser.removeTab(tab);
     69 
     70            finish();
     71          });
     72        },
     73        true
     74      );
     75    },
     76    true
     77  );
     78 }