browser_jsterm_selfxss.js (1880B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const TEST_URI = 7 "data:text/html;charset=utf-8,<!DOCTYPE html><p>Test self-XSS protection</p>"; 8 9 XPCOMUtils.defineLazyServiceGetter( 10 this, 11 "clipboardHelper", 12 "@mozilla.org/widget/clipboardhelper;1", 13 Ci.nsIClipboardHelper 14 ); 15 const WebConsoleUtils = 16 require("resource://devtools/client/webconsole/utils.js").Utils; 17 const stringToCopy = "EvilCommand"; 18 19 add_task(async function () { 20 await pushPref("devtools.chrome.enabled", false); 21 await pushPref("devtools.selfxss.count", 0); 22 const hud = await openNewTabAndConsole(TEST_URI); 23 const { ui } = hud; 24 const { document } = ui; 25 26 info("Self-xss paste tests"); 27 WebConsoleUtils.usageCount = 0; 28 is(WebConsoleUtils.usageCount, 0, "Test for usage count getter"); 29 30 // Input some commands to check if usage counting is working 31 for (let i = 0; i <= 3; i++) { 32 await executeAndWaitForResultMessage(hud, i.toString(), i); 33 } 34 35 is(WebConsoleUtils.usageCount, 4, "Usage count incremented"); 36 WebConsoleUtils.usageCount = 0; 37 38 info(`Copy "${stringToCopy}" in clipboard`); 39 await waitForClipboardPromise( 40 () => clipboardHelper.copyString(stringToCopy), 41 stringToCopy 42 ); 43 goDoCommand("cmd_paste"); 44 45 const notificationbox = document.getElementById("webconsole-notificationbox"); 46 const notification = notificationbox.querySelector(".notification"); 47 is( 48 notification.getAttribute("data-key"), 49 "selfxss-notification", 50 "Self-xss notification shown" 51 ); 52 is(getInputValue(hud), "", "Paste blocked by self-xss prevention"); 53 54 // Allow pasting 55 const allowToken = "allow pasting"; 56 for (const char of allowToken) { 57 EventUtils.sendString(char); 58 } 59 60 setInputValue(hud, ""); 61 goDoCommand("cmd_paste"); 62 is(getInputValue(hud), stringToCopy, "Paste works"); 63 });