tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_navigator_clipboard_clickjacking.js (2109B)

      1 /* -*- Mode: JavaScript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 "use strict";
      8 
      9 const kContentFileUrl =
     10  kBaseUrlForContent + "simple_navigator_clipboard_keydown.html";
     11 
     12 add_task(async function test_paste_button_clickjacking() {
     13  await BrowserTestUtils.withNewTab(kContentFileUrl, async function (browser) {
     14    const pasteButtonIsShown = promisePasteButtonIsShown();
     15 
     16    // synthesize key to trigger readText() to bring up paste popup.
     17    EventUtils.synthesizeKey("p", {}, window);
     18    await waitForPasteMenuPopupEvent("shown");
     19 
     20    const pastePopup = document.getElementById(kPasteMenuPopupId);
     21    const pasteButton = document.getElementById(kPasteMenuItemId);
     22    ok(
     23      pasteButton.disabled,
     24      "Paste button should be shown with disabled by default"
     25    );
     26 
     27    let accesskey = pasteButton.getAttribute("accesskey");
     28    let delay = Services.prefs.getIntPref("security.dialog_enable_delay") * 3;
     29    while (delay > 0) {
     30      // There's no other way to allow some time to pass and ensure we're
     31      // genuinely testing that these keypresses postpone the enabling of
     32      // the paste button, so disable this check for this line:
     33      // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
     34      await new Promise(r => setTimeout(r, 100));
     35      ok(pasteButton.disabled, "Paste button should still be disabled");
     36      EventUtils.synthesizeKey(accesskey, {}, window);
     37      is(pastePopup.state, "open", "Paste popup should still be opened");
     38      delay = delay - 100;
     39    }
     40 
     41    await BrowserTestUtils.waitForMutationCondition(
     42      pasteButton,
     43      { attributeFilter: ["disabled"] },
     44      () => !pasteButton.disabled,
     45      "Wait for paste button enabled"
     46    );
     47 
     48    const pasteButtonIsHidden = promisePasteButtonIsHidden();
     49    pastePopup.activateItem(pasteButton);
     50    await pasteButtonIsHidden;
     51  });
     52 });