tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_467409-backslashplosion.js (2807B)

      1 /* Any copyright is dedicated to the Public Domain.
      2   http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 // Test Summary:
      7 // 1.  Open about:sessionrestore where formdata is a JS object, not a string
      8 // 1a. Check that #sessionData on the page is readable after JSON.parse (skipped, checking formdata is sufficient)
      9 // 1b. Check that there are no backslashes in the formdata
     10 // 1c. Check that formdata doesn't require JSON.parse
     11 //
     12 // 2.  Use the current state (currently about:sessionrestore with data) and then open that in a new instance of about:sessionrestore
     13 // 2a. Check that there are no backslashes in the formdata
     14 // 2b. Check that formdata doesn't require JSON.parse
     15 //
     16 // 3.  [backwards compat] Use a stringified state as formdata when opening about:sessionrestore
     17 // 3a. Make sure there are nodes in the tree on about:sessionrestore (skipped, checking formdata is sufficient)
     18 // 3b. Check that there are no backslashes in the formdata
     19 // 3c. Check that formdata doesn't require JSON.parse
     20 
     21 const CRASH_STATE = {
     22  windows: [
     23    {
     24      tabs: [
     25        { entries: [{ url: "about:mozilla", triggeringPrincipal_base64 }] },
     26      ],
     27    },
     28  ],
     29 };
     30 const STATE = createEntries(CRASH_STATE);
     31 const STATE2 = createEntries({ windows: [{ tabs: [STATE] }] });
     32 const STATE3 = createEntries(JSON.stringify(CRASH_STATE));
     33 
     34 function createEntries(sessionData) {
     35  return {
     36    entries: [{ url: "about:sessionrestore", triggeringPrincipal_base64 }],
     37    formdata: { id: { sessionData }, url: "about:sessionrestore" },
     38  };
     39 }
     40 
     41 add_task(async function test_nested_about_sessionrestore() {
     42  // Prepare a blank tab.
     43  let tab = BrowserTestUtils.addTab(gBrowser, "about:blank");
     44  let browser = tab.linkedBrowser;
     45  await BrowserTestUtils.browserLoaded(browser, { wantLoad: "about:blank" });
     46 
     47  // test 1
     48  await promiseTabState(tab, STATE);
     49  await checkState("test1", tab);
     50 
     51  // test 2
     52  await promiseTabState(tab, STATE2);
     53  await checkState("test2", tab);
     54 
     55  // test 3
     56  await promiseTabState(tab, STATE3);
     57  await checkState("test3", tab);
     58 
     59  // Cleanup.
     60  gBrowser.removeTab(tab);
     61 });
     62 
     63 async function checkState(prefix, tab) {
     64  // Flush and query tab state.
     65  await TabStateFlusher.flush(tab.linkedBrowser);
     66  let { formdata } = JSON.parse(ss.getTabState(tab));
     67 
     68  ok(
     69    formdata.id.sessionData,
     70    prefix + ": we have form data for about:sessionrestore"
     71  );
     72 
     73  let sessionData_raw = JSON.stringify(formdata.id.sessionData);
     74  ok(
     75    !/\\/.test(sessionData_raw),
     76    prefix + ": #sessionData contains no backslashes"
     77  );
     78  info(sessionData_raw);
     79 
     80  let gotError = false;
     81  try {
     82    JSON.parse(formdata.id.sessionData);
     83  } catch (e) {
     84    info(prefix + ": got error: " + e);
     85    gotError = true;
     86  }
     87  ok(gotError, prefix + ": attempting to JSON.parse form data threw error");
     88 }