browser_464620_b.js (1978B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 function test() { 6 /** Test for Bug 464620 (injection on DOM node insertion) */ 7 8 waitForExplicitFinish(); 9 10 let testURL = 11 "http://mochi.test:8888/browser/" + 12 "browser/components/sessionstore/test/browser_464620_b.html"; 13 14 var frameCount = 0; 15 let tab = BrowserTestUtils.addTab(gBrowser, testURL); 16 tab.linkedBrowser.addEventListener( 17 "load", 18 function loadListener(aEvent) { 19 // wait for all frames to load completely 20 if (frameCount++ < 6) { 21 return; 22 } 23 this.removeEventListener("load", loadListener, true); 24 25 executeSoon(function () { 26 frameCount = 0; 27 let tab2 = gBrowser.duplicateTab(tab); 28 tab2.linkedBrowser.addEventListener( 29 "464620_b", 30 function listener() { 31 tab2.linkedBrowser.removeEventListener("464620_b", listener, true); 32 is(aEvent.data, "done", "XSS injection was attempted"); 33 34 // let form restoration complete and take into account the 35 // setTimeout(..., 0) in sss_restoreDocument_proxy 36 executeSoon(function () { 37 setTimeout(function () { 38 let win = tab2.linkedBrowser.contentWindow; 39 isnot( 40 win.frames[1].document.location, 41 testURL, 42 "cross domain document was loaded" 43 ); 44 ok( 45 !/XXX/.test(win.frames[1].document.body.innerHTML), 46 "no content was injected" 47 ); 48 49 // clean up 50 gBrowser.removeTab(tab2); 51 gBrowser.removeTab(tab); 52 53 finish(); 54 }, 0); 55 }); 56 }, 57 true, 58 true 59 ); 60 }); 61 }, 62 true 63 ); 64 }