blob: bdf6194ea0e9e97ef5f1093c2100174fc9641f6d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
// ----------------------------------------------------------------------------
// Ensure that an inner frame from a different origin can't initiate an install
var wasOriginBlocked = false;
function test() {
Harness.installOriginBlockedCallback = install_blocked;
Harness.installsCompletedCallback = finish_test;
Harness.finalContentEvent = "InstallComplete";
Harness.setup();
PermissionTestUtils.add(
"http://example.com/",
"install",
Services.perms.ALLOW_ACTION
);
var inner_url = encodeURIComponent(
TESTROOT +
"installtrigger.html?" +
encodeURIComponent(
JSON.stringify({
"Unsigned XPI": {
URL: TESTROOT + "amosigned.xpi",
IconURL: TESTROOT + "icon.png",
toString() {
return this.URL;
},
},
})
)
);
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
BrowserTestUtils.loadURI(
gBrowser,
TESTROOT2 + "installtrigger_frame.html?" + inner_url
);
}
function install_blocked(installInfo) {
wasOriginBlocked = true;
}
function finish_test(count) {
ok(
wasOriginBlocked,
"Should have been blocked due to the cross origin request."
);
is(count, 0, "No add-ons should have been installed");
PermissionTestUtils.remove("http://example.com", "install");
gBrowser.removeCurrentTab();
Harness.finish();
}
|
