browser_463205.js (1245B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const URL = ROOT + "browser_463205_sample.html"; 7 8 /** 9 * Bug 463205 - Check URLs before restoring form data to make sure a malicious 10 * website can't modify frame URLs and make us inject form data into the wrong 11 * web pages. 12 */ 13 add_task(async function test_check_urls_before_restoring() { 14 // Add a blank tab. 15 let tab = BrowserTestUtils.addTab(gBrowser, "about:blank"); 16 let browser = tab.linkedBrowser; 17 await BrowserTestUtils.browserLoaded(browser, { wantLoad: "about:blank" }); 18 19 // Restore form data with a valid URL. 20 await promiseTabState(tab, getState(URL)); 21 22 let value = await getPropertyOfFormField(browser, "#text", "value"); 23 is(value, "foobar", "value was restored"); 24 25 // Restore form data with an invalid URL. 26 await promiseTabState(tab, getState("http://example.com/")); 27 28 value = await getPropertyOfFormField(browser, "#text", "value"); 29 is(value, "", "value was not restored"); 30 31 // Cleanup. 32 gBrowser.removeTab(tab); 33 }); 34 35 function getState(url) { 36 return JSON.stringify({ 37 entries: [{ url: URL, triggeringPrincipal_base64 }], 38 formdata: { url, id: { text: "foobar" } }, 39 }); 40 }