diff options
Diffstat (limited to '')
| -rw-r--r-- | netwerk/test/unit/test_bug380994.js | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/netwerk/test/unit/test_bug380994.js b/netwerk/test/unit/test_bug380994.js new file mode 100644 index 0000000000..01f896a90f --- /dev/null +++ b/netwerk/test/unit/test_bug380994.js @@ -0,0 +1,26 @@ +/* check resource: protocol for traversal problems */ + +"use strict"; + +const specs = [ + "resource:///chrome/../plugins", + "resource:///chrome%2f../plugins", + "resource:///chrome/..%2fplugins", + "resource:///chrome%2f%2e%2e%2fplugins", + "resource:///../../../..", + "resource:///..%2f..%2f..%2f..", + "resource:///%2e%2e", +]; + +function run_test() { + var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService); + + for (var spec of specs) { + var uri = ios.newURI(spec); + if (uri.spec.includes("..")) { + do_throw( + "resource: traversal remains: '" + spec + "' ==> '" + uri.spec + "'" + ); + } + } +} |