From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../components/sessionstore/test/browser_463205.js | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 browser/components/sessionstore/test/browser_463205.js (limited to 'browser/components/sessionstore/test/browser_463205.js') diff --git a/browser/components/sessionstore/test/browser_463205.js b/browser/components/sessionstore/test/browser_463205.js new file mode 100644 index 0000000000..797425ab05 --- /dev/null +++ b/browser/components/sessionstore/test/browser_463205.js @@ -0,0 +1,40 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const URL = ROOT + "browser_463205_sample.html"; + +/** + * Bug 463205 - Check URLs before restoring form data to make sure a malicious + * website can't modify frame URLs and make us inject form data into the wrong + * web pages. + */ +add_task(async function test_check_urls_before_restoring() { + // Add a blank tab. + let tab = BrowserTestUtils.addTab(gBrowser, "about:blank"); + let browser = tab.linkedBrowser; + await promiseBrowserLoaded(browser); + + // Restore form data with a valid URL. + await promiseTabState(tab, getState(URL)); + + let value = await getPropertyOfFormField(browser, "#text", "value"); + is(value, "foobar", "value was restored"); + + // Restore form data with an invalid URL. + await promiseTabState(tab, getState("http://example.com/")); + + value = await getPropertyOfFormField(browser, "#text", "value"); + is(value, "", "value was not restored"); + + // Cleanup. + gBrowser.removeTab(tab); +}); + +function getState(url) { + return JSON.stringify({ + entries: [{ url: URL, triggeringPrincipal_base64 }], + formdata: { url, id: { text: "foobar" } }, + }); +} -- cgit v1.2.3