Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

9 files changed, 941 insertions, 0 deletions

diff --git a/toolkit/crashreporter/test/browser/browser.toml b/toolkit/crashreporter/test/browser/browser.toml
new file mode 100644
index 0000000000..017cf7c60c
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/browser.toml
@@ -0,0 +1,21 @@
+[DEFAULT]
+support-files = ["head.js"]
+
+["browser_aboutCrashes.js"]
+
+["browser_aboutCrashesResubmit.js"]
+https_first_disabled = true
+
+["browser_bug471404.js"]
+
+["browser_clearReports.js"]
+
+["browser_cpu_microcode.js"]
+skip-if = ["os != 'win'"]
+reason = "Windows-specific crash annotation"
+
+["browser_sandbox_crash.js"]
+skip-if = [
+  "os != 'linux'", # Linux-specific crash type
+  "release_or_beta", # release/beta builds do not crash on sandbox violations
+]
diff --git a/toolkit/crashreporter/test/browser/browser_aboutCrashes.js b/toolkit/crashreporter/test/browser/browser_aboutCrashes.js
new file mode 100644
index 0000000000..1885be4ca3
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/browser_aboutCrashes.js
@@ -0,0 +1,82 @@
+add_task(async function test() {
+  const appD = make_fake_appdir();
+  const crD = appD.clone();
+  crD.append("Crash Reports");
+  const crashes = add_fake_crashes(crD, 5);
+  // sanity check
+  const appDtest = Services.dirsvc.get("UAppData", Ci.nsIFile);
+  ok(appD.equals(appDtest), "directory service provider registered ok");
+
+  await BrowserTestUtils.withNewTab(
+    { gBrowser, url: "about:crashes" },
+    browser => {
+      info("about:crashes loaded");
+      return SpecialPowers.spawn(browser, [crashes], crashes => {
+        const doc = content.document;
+
+        const submitted = doc.getElementById("reportListSubmitted");
+        Assert.ok(
+          !submitted.classList.contains("hidden"),
+          "the submitted crash list is visible"
+        );
+        const unsubmitted = doc.getElementById("reportListUnsubmitted");
+        Assert.ok(
+          unsubmitted.classList.contains("hidden"),
+          "the unsubmitted crash list is hidden"
+        );
+
+        const crashIds = doc.getElementsByClassName("crash-id");
+        Assert.equal(
+          crashIds.length,
+          crashes.length,
+          "about:crashes lists correct number of crash reports"
+        );
+        for (let i = 0; i < crashes.length; i++) {
+          Assert.equal(
+            crashIds[i].textContent,
+            crashes[i].id,
+            i + ": crash ID is correct"
+          );
+        }
+      });
+    }
+  );
+
+  clear_fake_crashes(crD, crashes);
+  const pendingCrash = addPendingCrashreport(crD, Date.now(), { foo: "bar" });
+  await BrowserTestUtils.withNewTab(
+    { gBrowser, url: "about:crashes" },
+    browser => {
+      info("about:crashes loaded");
+      return SpecialPowers.spawn(browser, [pendingCrash], pendingCrash => {
+        const doc = content.document;
+
+        const submitted = doc.getElementById("reportListSubmitted");
+        Assert.ok(
+          submitted.classList.contains("hidden"),
+          "the submitted crash list is hidden"
+        );
+        const unsubmitted = doc.getElementById("reportListUnsubmitted");
+        Assert.ok(
+          !unsubmitted.classList.contains("hidden"),
+          "the unsubmitted crash list is visible"
+        );
+
+        const crashIds = doc.getElementsByClassName("crash-id");
+        Assert.equal(
+          crashIds.length,
+          1,
+          "about:crashes lists correct number of crash reports"
+        );
+        const pendingRow = doc.getElementById(pendingCrash.id);
+        Assert.equal(
+          pendingRow.cells[0].textContent,
+          pendingCrash.id,
+          "about:crashes lists pending crash IDs correctly"
+        );
+      });
+    }
+  );
+
+  cleanup_fake_appdir();
+});
diff --git a/toolkit/crashreporter/test/browser/browser_aboutCrashesResubmit.js b/toolkit/crashreporter/test/browser/browser_aboutCrashesResubmit.js
new file mode 100644
index 0000000000..93a21d451d
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/browser_aboutCrashesResubmit.js
@@ -0,0 +1,202 @@
+function cleanup_and_finish() {
+  try {
+    cleanup_fake_appdir();
+  } catch (ex) {}
+  Services.prefs.clearUserPref("breakpad.reportURL");
+  BrowserTestUtils.removeTab(gBrowser.selectedTab);
+  finish();
+}
+
+/*
+ * check_crash_list
+ *
+ * Check that the list of crashes displayed by about:crashes matches
+ * the list of crashes that we placed in the pending+submitted directories.
+ *
+ * This function is run in a separate JS context via SpecialPowers.spawn, so
+ * it has no access to other functions or variables in this file.
+ */
+function check_crash_list(crashes) {
+  const doc = content.document;
+  const crashIdNodes = Array.from(doc.getElementsByClassName("crash-id"));
+  const pageCrashIds = new Set(crashIdNodes.map(node => node.textContent));
+  const crashIds = new Set(crashes.map(crash => crash.id));
+  Assert.deepEqual(
+    pageCrashIds,
+    crashIds,
+    "about:crashes lists the correct crash reports."
+  );
+}
+
+/*
+ * check_submit_pending
+ *
+ * Click on a pending crash in about:crashes, wait for it to be submitted (which
+ * should redirect us to the crash report page). Verify that the data provided
+ * by our test crash report server matches the data we submitted.
+ * Additionally, click "back" and verify that the link now points to our new
+ */
+function check_submit_pending(tab, crashes) {
+  const browser = gBrowser.getBrowserForTab(tab);
+  let SubmittedCrash = null;
+  let CrashID = null;
+  let CrashURL = null;
+  function csp_onsuccess() {
+    const crashLinks = content.document.getElementsByClassName("crash-link");
+    // Get the last link since it is appended to the end of the list
+    const link = crashLinks[crashLinks.length - 1];
+    link.click();
+  }
+  function csp_onload() {
+    // loaded the crash report page
+    ok(true, "got submission onload");
+
+    SpecialPowers.spawn(browser, [], function () {
+      // grab the Crash ID here to verify later
+      let CrashID = content.location.search.split("=")[1];
+      let CrashURL = content.location.toString();
+
+      // check the JSON content vs. what we submitted
+      let result = JSON.parse(content.document.documentElement.textContent);
+      Assert.equal(
+        result.upload_file_minidump,
+        "MDMP",
+        "minidump file sent properly"
+      );
+      Assert.equal(
+        result.memory_report,
+        "Let's pretend this is a memory report",
+        "memory report sent properly"
+      );
+      Assert.equal(
+        +result.Throttleable,
+        0,
+        "correctly sent as non-throttleable"
+      );
+      Assert.equal(
+        result.SubmittedFrom,
+        "AboutCrashes",
+        "correctly flagged as sent from about:crashes"
+      );
+      // we checked these, they're set by the submission process,
+      // so they won't be in the "extra" data.
+      delete result.upload_file_minidump;
+      delete result.memory_report;
+      delete result.Throttleable;
+      delete result.SubmittedFrom;
+
+      return { id: CrashID, url: CrashURL, result };
+    }).then(({ id, url, result }) => {
+      // Likewise, this is discarded before it gets to the server
+      delete SubmittedCrash.extra.ServerURL;
+
+      CrashID = id;
+      CrashURL = url;
+      for (let x in result) {
+        if (x in SubmittedCrash.extra) {
+          is(
+            result[x],
+            SubmittedCrash.extra[x],
+            "submitted value for " + x + " matches expected"
+          );
+        } else {
+          ok(false, "property " + x + " missing from submitted data!");
+        }
+      }
+      for (let y in SubmittedCrash.extra) {
+        if (!(y in result)) {
+          ok(false, "property " + y + " missing from result data!");
+        }
+      }
+
+      // We can listen for pageshow like this because the tab is not remote.
+      BrowserTestUtils.waitForEvent(browser, "pageshow", true).then(
+        csp_pageshow
+      );
+
+      // now navigate back
+      browser.goBack();
+    });
+  }
+  function csp_fail() {
+    browser.removeEventListener("CrashSubmitFailed", csp_fail, true);
+    ok(false, "failed to submit crash report!");
+    cleanup_and_finish();
+  }
+  browser.addEventListener("CrashSubmitSucceeded", csp_onsuccess, true);
+  browser.addEventListener("CrashSubmitFailed", csp_fail, true);
+  BrowserTestUtils.browserLoaded(
+    browser,
+    false,
+    url => url !== "about:crashes"
+  ).then(csp_onload);
+  function csp_pageshow() {
+    SpecialPowers.spawn(
+      browser,
+      [{ CrashID, CrashURL }],
+      function ({ CrashID, CrashURL }) {
+        Assert.equal(
+          content.location.href,
+          "about:crashes",
+          "navigated back successfully"
+        );
+        const link = content.document
+          .getElementById(CrashID)
+          .getElementsByClassName("crash-link")[0];
+        Assert.notEqual(link, null, "crash report link changed correctly");
+        if (link) {
+          Assert.equal(
+            link.href,
+            CrashURL,
+            "crash report link points to correct href"
+          );
+        }
+      }
+    ).then(cleanup_and_finish);
+  }
+
+  // try submitting the pending report
+  for (const crash of crashes) {
+    if (crash.pending) {
+      SubmittedCrash = crash;
+      break;
+    }
+  }
+
+  SpecialPowers.spawn(browser, [SubmittedCrash.id], id => {
+    const submitButton = content.document
+      .getElementById(id)
+      .getElementsByClassName("submit-button")[0];
+    submitButton.click();
+  });
+}
+
+function test() {
+  waitForExplicitFinish();
+  const appD = make_fake_appdir();
+  const crD = appD.clone();
+  crD.append("Crash Reports");
+  const crashes = add_fake_crashes(crD, 1);
+  // we don't need much data here, it's not going to a real Socorro
+  crashes.push(
+    addPendingCrashreport(crD, crashes[crashes.length - 1].date + 60000, {
+      ServerURL:
+        "http://example.com/browser/toolkit/crashreporter/test/browser/crashreport.sjs",
+      ProductName: "Test App",
+      Foo: "ABC=XYZ", // test that we don't truncat eat = (bug 512853)
+    })
+  );
+  crashes.sort((a, b) => b.date - a.date);
+
+  // set this pref so we can link to our test server
+  Services.prefs.setCharPref(
+    "breakpad.reportURL",
+    "http://example.com/browser/toolkit/crashreporter/test/browser/crashreport.sjs?id="
+  );
+
+  BrowserTestUtils.openNewForegroundTab(gBrowser, "about:crashes").then(tab => {
+    SpecialPowers.spawn(tab.linkedBrowser, [crashes], check_crash_list).then(
+      () => check_submit_pending(tab, crashes)
+    );
+  });
+}
diff --git a/toolkit/crashreporter/test/browser/browser_bug471404.js b/toolkit/crashreporter/test/browser/browser_bug471404.js
new file mode 100644
index 0000000000..4f16a3b3b6
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/browser_bug471404.js
@@ -0,0 +1,61 @@
+function check_clear_visible(browser, aVisible) {
+  return SpecialPowers.spawn(browser, [aVisible], function (aVisible) {
+    const doc = content.document;
+    let visible = false;
+    const reportListSubmitted = doc.getElementById("reportListSubmitted");
+    if (reportListSubmitted) {
+      const style = doc.defaultView.getComputedStyle(reportListSubmitted);
+      if (style.display !== "none" && style.visibility === "visible") {
+        visible = true;
+      }
+    }
+    Assert.equal(
+      visible,
+      aVisible,
+      "clear submitted reports button is " + (aVisible ? "visible" : "hidden")
+    );
+  });
+}
+
+// each test here has a setup (run before loading about:crashes) and onload (run after about:crashes loads)
+var _tests = [
+  {
+    setup: null,
+    onload(browser) {
+      return check_clear_visible(browser, false);
+    },
+  },
+  {
+    setup(crD) {
+      return add_fake_crashes(crD, 1);
+    },
+    onload(browser) {
+      return check_clear_visible(browser, true);
+    },
+  },
+];
+
+add_task(async function test() {
+  let appD = make_fake_appdir();
+  let crD = appD.clone();
+  crD.append("Crash Reports");
+
+  await BrowserTestUtils.withNewTab(
+    { gBrowser, url: "about:blank" },
+    async function (browser) {
+      for (let test of _tests) {
+        // Run setup before loading about:crashes.
+        if (test.setup) {
+          await test.setup(crD);
+        }
+
+        BrowserTestUtils.startLoadingURIString(browser, "about:crashes");
+        await BrowserTestUtils.browserLoaded(browser).then(() =>
+          test.onload(browser)
+        );
+      }
+    }
+  );
+
+  cleanup_fake_appdir();
+});
diff --git a/toolkit/crashreporter/test/browser/browser_clearReports.js b/toolkit/crashreporter/test/browser/browser_clearReports.js
new file mode 100644
index 0000000000..2f780f1955
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/browser_clearReports.js
@@ -0,0 +1,134 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function clickClearReports() {
+  const doc = content.document;
+  const reportListUnsubmitted = doc.getElementById("reportListUnsubmitted");
+  const reportListSubmitted = doc.getElementById("reportListSubmitted");
+  if (!reportListUnsubmitted || !reportListSubmitted) {
+    Assert.ok(false, "Report list not found");
+  }
+
+  const unsubmittedStyle = doc.defaultView.getComputedStyle(
+    reportListUnsubmitted
+  );
+  const submittedStyle = doc.defaultView.getComputedStyle(reportListSubmitted);
+  Assert.notEqual(
+    unsubmittedStyle.display,
+    "none",
+    "Unsubmitted report list is visible"
+  );
+  Assert.notEqual(
+    submittedStyle.display,
+    "none",
+    "Submitted report list is visible"
+  );
+
+  const clearUnsubmittedButton = doc.getElementById("clearUnsubmittedReports");
+  const clearSubmittedButton = doc.getElementById("clearSubmittedReports");
+  clearUnsubmittedButton.click();
+  clearSubmittedButton.click();
+}
+
+var promptShown = false;
+
+var oldPrompt = Services.prompt;
+Services.prompt = {
+  confirm() {
+    promptShown = true;
+    return true;
+  },
+};
+
+registerCleanupFunction(function () {
+  Services.prompt = oldPrompt;
+});
+
+add_task(async function test() {
+  let appD = make_fake_appdir();
+  let crD = appD.clone();
+  crD.append("Crash Reports");
+
+  // Add crashes to submitted dir
+  let submitdir = crD.clone();
+  submitdir.append("submitted");
+
+  let file1 = submitdir.clone();
+  file1.append("bp-nontxt");
+  file1.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+  let file2 = submitdir.clone();
+  file2.append("nonbp-file.txt");
+  file2.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+  add_fake_crashes(crD, 5);
+
+  // Add crashes to pending dir
+  let pendingdir = crD.clone();
+  pendingdir.append("pending");
+
+  let crashes = add_fake_crashes(crD, 2);
+  addPendingCrashreport(crD, crashes[0].date);
+  addPendingCrashreport(crD, crashes[1].date);
+
+  // Add crashes to reports dir
+  let report1 = crD.clone();
+  report1.append("NotInstallTime777");
+  report1.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+  let report2 = crD.clone();
+  report2.append("InstallTime" + Services.appinfo.appBuildID);
+  report2.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+  let report3 = crD.clone();
+  report3.append("InstallTimeNew");
+  report3.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+  let report4 = crD.clone();
+  report4.append("InstallTimeOld");
+  report4.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+  report4.lastModifiedTime = Date.now() - 63172000000;
+
+  registerCleanupFunction(function () {
+    cleanup_fake_appdir();
+  });
+
+  await BrowserTestUtils.withNewTab(
+    { gBrowser, url: "about:crashes" },
+    async function (browser) {
+      let dirs = [submitdir, pendingdir, crD];
+      let existing = [
+        file1.path,
+        file2.path,
+        report1.path,
+        report2.path,
+        report3.path,
+        submitdir.path,
+        pendingdir.path,
+      ];
+
+      SpecialPowers.spawn(browser, [], clickClearReports);
+      await BrowserTestUtils.waitForCondition(
+        () =>
+          content.document
+            .getElementById("reportListUnsubmitted")
+            .classList.contains("hidden") &&
+          content.document
+            .getElementById("reportListSubmitted")
+            .classList.contains("hidden")
+      );
+
+      for (let dir of dirs) {
+        let entries = dir.directoryEntries;
+        while (entries.hasMoreElements()) {
+          let file = entries.nextFile;
+          let index = existing.indexOf(file.path);
+          isnot(index, -1, file.leafName + " exists");
+
+          if (index != -1) {
+            existing.splice(index, 1);
+          }
+        }
+      }
+
+      is(existing.length, 0, "All the files that should still exist exist");
+      ok(promptShown, "Prompt shown");
+    }
+  );
+});
diff --git a/toolkit/crashreporter/test/browser/browser_cpu_microcode.js b/toolkit/crashreporter/test/browser/browser_cpu_microcode.js
new file mode 100644
index 0000000000..e4efd1c86d
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/browser_cpu_microcode.js
@@ -0,0 +1,25 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+/* global BrowserTestUtils, ok, gBrowser, add_task */
+
+"use strict";
+
+/**
+ * Checks that we set the CPUMicrocodeVersion annotation.
+ */
+add_task(async function test_cpu_microcode_version_annotation() {
+  await BrowserTestUtils.withNewTab(
+    {
+      gBrowser,
+    },
+    async function (browser) {
+      // Crash the tab
+      let annotations = await BrowserTestUtils.crashFrame(browser);
+
+      ok(
+        "CPUMicrocodeVersion" in annotations,
+        "contains CPU microcode version"
+      );
+    }
+  );
+});
diff --git a/toolkit/crashreporter/test/browser/browser_sandbox_crash.js b/toolkit/crashreporter/test/browser/browser_sandbox_crash.js
new file mode 100644
index 0000000000..4cd3d782e5
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/browser_sandbox_crash.js
@@ -0,0 +1,77 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+/* global BrowserTestUtils, ok, gBrowser, add_task */
+
+"use strict";
+
+/**
+ * Checks that we set the CPUMicrocodeVersion annotation.
+ * This is a Windows-specific crash annotation.
+ */
+if (AppConstants.platform == "win") {
+  add_task(async function test_cpu_microcode_version_annotation() {
+    await BrowserTestUtils.withNewTab(
+      {
+        gBrowser,
+      },
+      async function (browser) {
+        // Crash the tab
+        let annotations = await BrowserTestUtils.crashFrame(browser);
+
+        ok(
+          "CPUMicrocodeVersion" in annotations,
+          "contains CPU microcode version"
+        );
+      }
+    );
+  });
+}
+
+/**
+ * Checks that Linux sandbox violations are reported as SIGSYS crashes with
+ * the syscall number provided in the address field of the minidump's exception
+ * stream.
+ */
+if (AppConstants.platform == "linux") {
+  add_task(async function test_sandbox_violation_is_sigsys() {
+    await BrowserTestUtils.withNewTab(
+      {
+        gBrowser,
+      },
+      async function (browser) {
+        // Crash the tab
+        let annotations = await BrowserTestUtils.crashFrame(
+          browser,
+          true,
+          true,
+          /* Default browsing context */ null,
+          { crashType: "CRASH_SYSCALL" }
+        );
+
+        Assert.equal(
+          annotations.StackTraces.crash_info.type,
+          "SIGSYS",
+          "The crash type is SIGSYS"
+        );
+
+        function chroot_syscall_number() {
+          // We crash by calling chroot(), see BrowserTestUtilsChild.sys.mjs
+          switch (Services.sysinfo.get("arch")) {
+            case "x86-64":
+              return "0xa1";
+            case "aarch64":
+              return "0x33";
+            default:
+              return "0x3d";
+          }
+        }
+
+        Assert.equal(
+          annotations.StackTraces.crash_info.address,
+          chroot_syscall_number(),
+          "The address corresponds to the chroot() syscall number"
+        );
+      }
+    );
+  });
+}
diff --git a/toolkit/crashreporter/test/browser/crashreport.sjs b/toolkit/crashreporter/test/browser/crashreport.sjs
new file mode 100644
index 0000000000..908455c9e6
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/crashreport.sjs
@@ -0,0 +1,176 @@
+const CC = Components.Constructor;
+
+const BinaryInputStream = CC(
+  "@mozilla.org/binaryinputstream;1",
+  "nsIBinaryInputStream",
+  "setInputStream"
+);
+
+function parseHeaders(data, start) {
+  let headers = {};
+
+  while (true) {
+    let end = data.indexOf("\r\n", start);
+    if (end == -1) {
+      end = data.length;
+    }
+    let line = data.substring(start, end);
+    start = end + 2;
+    if (line == "") {
+      // empty line, we're done
+      break;
+    }
+
+    //XXX: this doesn't handle multi-line headers. do we care?
+    let [name, value] = line.split(":");
+    //XXX: not normalized, should probably use nsHttpHeaders or something
+    headers[name] = value.trimLeft();
+  }
+  return [headers, start];
+}
+
+function parseMultipartForm(request) {
+  let boundary = null;
+  // See if this is a multipart/form-data request, and if so, find the
+  // boundary string
+  if (request.hasHeader("Content-Type")) {
+    var contenttype = request.getHeader("Content-Type");
+    var bits = contenttype.split(";");
+    if (bits[0] == "multipart/form-data") {
+      for (var i = 1; i < bits.length; i++) {
+        var b = bits[i].trimLeft();
+        if (b.indexOf("boundary=") == 0) {
+          // grab everything after boundary=
+          boundary = "--" + b.substring(9);
+          break;
+        }
+      }
+    }
+  }
+  if (boundary == null) {
+    return null;
+  }
+
+  let body = new BinaryInputStream(request.bodyInputStream);
+  let avail;
+  let bytes = [];
+  while ((avail = body.available()) > 0) {
+    let readBytes = body.readByteArray(avail);
+    for (let b of readBytes) {
+      bytes.push(b);
+    }
+  }
+  let data = "";
+  for (let b of bytes) {
+    data += String.fromCharCode(b);
+  }
+  let formData = {};
+  let start = 0;
+  while (true) {
+    // read first line
+    let end = data.indexOf("\r\n", start);
+    if (end == -1) {
+      end = data.length;
+    }
+
+    let line = data.substring(start, end);
+    // look for closing boundary delimiter line
+    if (line == boundary + "--") {
+      break;
+    }
+
+    if (line != boundary) {
+      dump("expected boundary line but didn't find it!");
+      break;
+    }
+
+    // parse headers
+    start = end + 2;
+    let headers = null;
+    [headers, start] = parseHeaders(data, start);
+
+    // find next boundary string
+    end = data.indexOf("\r\n" + boundary, start);
+    if (end == -1) {
+      dump("couldn't find next boundary string\n");
+      break;
+    }
+
+    // read part data, stick in formData using Content-Disposition header
+    let part = data.substring(start, end);
+    start = end + 2;
+
+    if ("Content-Disposition" in headers) {
+      let bits = headers["Content-Disposition"].split(";");
+      if (bits[0] == "form-data") {
+        for (let i = 0; i < bits.length; i++) {
+          let b = bits[i].trimLeft();
+          if (b.indexOf("name=") == 0) {
+            //TODO: handle non-ascii here?
+            let name = b.substring(6, b.length - 1);
+            //TODO: handle multiple-value properties?
+            if (
+              "Content-Type" in headers &&
+              headers["Content-Type"] == "application/json"
+            ) {
+              formData = Object.assign(formData, JSON.parse(part));
+            } else {
+              formData[name] = part;
+            }
+          }
+          //TODO: handle filename= ?
+          //TODO: handle multipart/mixed for multi-file uploads?
+        }
+      }
+    }
+  }
+  return formData;
+}
+
+function handleRequest(request, response) {
+  if (request.method == "GET") {
+    let id = null;
+    for (let p of request.queryString.split("&")) {
+      let [key, value] = p.split("=");
+      if (key == "id") {
+        id = value;
+      }
+    }
+    if (id == null) {
+      response.setStatusLine(request.httpVersion, 400, "Bad Request");
+      response.write("Missing id parameter");
+    } else {
+      let data = getState(id);
+      if (data == "") {
+        response.setStatusLine(request.httpVersion, 404, "Not Found");
+        response.write("Not Found");
+      } else {
+        response.setHeader("Content-Type", "text/plain", false);
+        response.write(data);
+      }
+    }
+  } else if (request.method == "POST") {
+    let formData = parseMultipartForm(request);
+
+    if (formData && "upload_file_minidump" in formData) {
+      response.setHeader("Content-Type", "text/plain", false);
+
+      let uuid = Services.uuid.generateUUID().toString();
+      // ditch the {}, add bp- prefix
+      uuid = "bp-" + uuid.substring(1, uuid.length - 1);
+
+      let d = JSON.stringify(formData);
+      //dump('saving crash report ' + uuid + ': ' + d + '\n');
+      setState(uuid, d);
+
+      response.write("CrashID=" + uuid + "\n");
+    } else {
+      dump("*** crashreport.sjs: Malformed request?\n");
+      response.setStatusLine(request.httpVersion, 400, "Bad Request");
+      response.write("Missing minidump file");
+    }
+  } else {
+    response.setStatusLine(request.httpVersion, 405, "Method not allowed");
+    response.write("Can't handle HTTP method " + request.method);
+  }
+}
diff --git a/toolkit/crashreporter/test/browser/head.js b/toolkit/crashreporter/test/browser/head.js
new file mode 100644
index 0000000000..fea602a028
--- /dev/null
+++ b/toolkit/crashreporter/test/browser/head.js
@@ -0,0 +1,163 @@
+function create_subdir(dir, subdirname) {
+  let subdir = dir.clone();
+  subdir.append(subdirname);
+  if (subdir.exists()) {
+    subdir.remove(true);
+  }
+  subdir.create(Ci.nsIFile.DIRECTORY_TYPE, 0o755);
+  return subdir;
+}
+
+function generate_uuid() {
+  let uuidGenerator = Services.uuid;
+  let uuid = uuidGenerator.generateUUID().toString();
+  // ditch the {}
+  return uuid.substring(1, uuid.length - 1);
+}
+
+// need to hold on to this to unregister for cleanup
+var _provider = null;
+
+function make_fake_appdir() {
+  // Create a directory inside the profile and register it as UAppData, so
+  // we can stick fake crash reports inside there. We put it inside the profile
+  // just because we know that will get cleaned up after the mochitest run.
+  let profD = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  // create a subdir just to keep our files out of the way
+  let appD = create_subdir(profD, "UAppData");
+
+  let crashesDir = create_subdir(appD, "Crash Reports");
+  create_subdir(crashesDir, "pending");
+  create_subdir(crashesDir, "submitted");
+
+  _provider = {
+    getFile(prop, persistent) {
+      persistent.value = true;
+      if (prop == "UAppData") {
+        return appD.clone();
+      }
+      // Depending on timing we can get requests for other files.
+      // When we threw an exception here, in the world before bug 997440, this got lost
+      // because of the arbitrary JSContext being used in nsXPCWrappedJS::CallMethod.
+      // After bug 997440 this gets reported to our window and causes the tests to fail.
+      // So, we'll just dump out a message to the logs.
+      dump(
+        "WARNING: make_fake_appdir - fake nsIDirectoryServiceProvider - Unexpected getFile for: '" +
+          prop +
+          "'\n"
+      );
+      return null;
+    },
+    QueryInterface: ChromeUtils.generateQI(["nsIDirectoryServiceProvider"]),
+  };
+  // register our new provider
+  Services.dirsvc
+    .QueryInterface(Ci.nsIDirectoryService)
+    .registerProvider(_provider);
+  // and undefine the old value
+  try {
+    Services.dirsvc.undefine("UAppData");
+  } catch (ex) {} // it's ok if this fails, the value might not be cached yet
+  return appD.clone();
+}
+
+function cleanup_fake_appdir() {
+  Services.dirsvc
+    .QueryInterface(Ci.nsIDirectoryService)
+    .unregisterProvider(_provider);
+  // undefine our value so future calls get the real value
+  try {
+    Services.dirsvc.undefine("UAppData");
+  } catch (ex) {
+    dump("cleanup_fake_appdir: dirSvc.undefine failed: " + ex.message + "\n");
+  }
+}
+
+function add_fake_crashes(crD, count) {
+  let results = [];
+  let submitdir = crD.clone();
+  submitdir.append("submitted");
+  // create them from oldest to newest, to ensure that about:crashes
+  // displays them in the correct order
+  let date = Date.now() - count * 60000;
+  for (let i = 0; i < count; i++) {
+    let uuid = "bp-" + generate_uuid();
+    let fn = uuid + ".txt";
+    let file = submitdir.clone();
+    file.append(fn);
+    file.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+    file.lastModifiedTime = date;
+    results.push({ id: uuid, date, pending: false });
+
+    date += 60000;
+  }
+  // we want them sorted newest to oldest, since that's the order
+  // that about:crashes lists them in
+  results.sort((a, b) => b.date - a.date);
+  return results;
+}
+
+function clear_fake_crashes(crD, crashes) {
+  let submitdir = crD.clone();
+  submitdir.append("submitted");
+  for (let i of crashes) {
+    let fn = i.id + ".txt";
+    let file = submitdir.clone();
+    file.append(fn);
+    file.remove(false);
+  }
+}
+
+function writeDataToFile(file, data) {
+  var fstream = Cc["@mozilla.org/network/file-output-stream;1"].createInstance(
+    Ci.nsIFileOutputStream
+  );
+  // open, write, truncate
+  fstream.init(file, -1, -1, 0);
+  var os = Cc["@mozilla.org/intl/converter-output-stream;1"].createInstance(
+    Ci.nsIConverterOutputStream
+  );
+  os.init(fstream, "UTF-8");
+  os.writeString(data);
+  os.close();
+  fstream.close();
+}
+
+function writeCrashReportFile(dir, uuid, suffix, date, data) {
+  let file = dir.clone();
+  file.append(uuid + suffix);
+  writeDataToFile(file, data);
+  file.lastModifiedTime = date;
+}
+
+function writeMinidumpFile(dir, uuid, date) {
+  // that's the start of a valid minidump, anyway
+  writeCrashReportFile(dir, uuid, ".dmp", date, "MDMP");
+}
+
+function writeExtraFile(dir, uuid, date, data) {
+  writeCrashReportFile(dir, uuid, ".extra", date, JSON.stringify(data));
+}
+
+function writeMemoryReport(dir, uuid, date) {
+  let data = "Let's pretend this is a memory report";
+  writeCrashReportFile(dir, uuid, ".memory.json.gz", date, data);
+}
+
+function addPendingCrashreport(crD, date, extra) {
+  let pendingdir = crD.clone();
+  pendingdir.append("pending");
+  let uuid = generate_uuid();
+  writeMinidumpFile(pendingdir, uuid, date);
+  writeExtraFile(pendingdir, uuid, date, extra);
+  writeMemoryReport(pendingdir, uuid, date);
+  return { id: uuid, date, pending: true, extra };
+}
+
+function addIncompletePendingCrashreport(crD, date) {
+  let pendingdir = crD.clone();
+  pendingdir.append("pending");
+  let uuid = generate_uuid();
+  writeMinidumpFile(pendingdir, uuid, date);
+  return { id: uuid, date, pending: true };
+}