1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
/*
* Mixed Content Block frame navigates for target="_top" - Test for Bug 902350
*/
add_task(async function mixed_content_block_for_target_top_test() {
const PREF_ACTIVE = "security.mixed_content.block_active_content";
const httpsTestRoot = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
);
await SpecialPowers.pushPrefEnv({ set: [[PREF_ACTIVE, true]] });
let newTab = await BrowserTestUtils.openNewForegroundTab({
gBrowser,
waitForLoad: true,
});
let testBrowser = newTab.linkedBrowser;
var url = httpsTestRoot + "file_bug902350.html";
var frameUrl = httpsTestRoot + "file_bug902350_frame.html";
let loadPromise = BrowserTestUtils.browserLoaded(testBrowser, false, url);
let frameLoadPromise = BrowserTestUtils.browserLoaded(
testBrowser,
true,
frameUrl
);
BrowserTestUtils.loadURI(testBrowser, url);
await loadPromise;
await frameLoadPromise;
// Find the iframe and click the link in it.
let insecureUrl = "http://example.com/";
let insecureLoadPromise = BrowserTestUtils.browserLoaded(
testBrowser,
false,
insecureUrl
);
SpecialPowers.spawn(testBrowser, [], function() {
var frame = content.document.getElementById("testing_frame");
var topTarget = frame.contentWindow.document.getElementById("topTarget");
topTarget.click();
});
// Navigating to insecure domain through target='_top' should succeed.
await insecureLoadPromise;
// The link click should not invoke the Mixed Content Blocker.
let { gIdentityHandler } = testBrowser.ownerGlobal;
ok(
!gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
"Mixed Content Doorhanger did not appear when trying to navigate top"
);
BrowserTestUtils.removeTab(newTab);
});
|