test_bug423375.html (1175B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 https://bugzilla.mozilla.org/show_bug.cgi?id=423375 5 --> 6 <head> 7 <title>Test for Bug 423375</title> 8 <script src="/tests/SimpleTest/SimpleTest.js"></script> 9 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 10 </head> 11 <body> 12 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=423375">Mozilla Bug 423375</a> 13 <p id="display"></p> 14 <div id="content" style="display: none"> 15 <iframe id="load-frame"></iframe> 16 </div> 17 <pre id="test"> 18 <script class="testbody" type="text/javascript"> 19 20 /** 21 *Test for Bug 423375 22 *(content shouldn't be able to load chrome: or resource:) 23 */ 24 function tryLoad(url) { 25 try { 26 window.frames[0].location = url; 27 return "loaded"; 28 } catch (e) { 29 if (/Access.*denied/.test(String(e))) { 30 return "denied"; 31 } 32 return "unexpected: " + e; 33 } 34 } 35 36 is(tryLoad("chrome://global/content/mozilla.html"), "denied", 37 "content should have been prevented from loading chrome: URL"); 38 is(tryLoad("resource://gre-resources/html.css"), "denied", 39 "content should have been prevented from loading resource: URL"); 40 </script> 41 </pre> 42 </body> 43 </html>