From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 02:47:55 +0200
Subject: Adding upstream version 124.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 dom/base/test/browser_bug902350.js | 56 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 dom/base/test/browser_bug902350.js

(limited to 'dom/base/test/browser_bug902350.js')

diff --git a/dom/base/test/browser_bug902350.js b/dom/base/test/browser_bug902350.js
new file mode 100644
index 0000000000..a2bab1c3ea
--- /dev/null
+++ b/dom/base/test/browser_bug902350.js
@@ -0,0 +1,56 @@
+/*
+ * Mixed Content Block frame navigates for target="_top" - Test for Bug 902350
+ */
+
+add_task(async function mixed_content_block_for_target_top_test() {
+  const PREF_ACTIVE = "security.mixed_content.block_active_content";
+  const httpsTestRoot = getRootDirectory(gTestPath).replace(
+    "chrome://mochitests/content",
+    "https://example.com"
+  );
+
+  await SpecialPowers.pushPrefEnv({ set: [[PREF_ACTIVE, true]] });
+
+  let newTab = await BrowserTestUtils.openNewForegroundTab({
+    gBrowser,
+    waitForLoad: true,
+  });
+  let testBrowser = newTab.linkedBrowser;
+
+  var url = httpsTestRoot + "file_bug902350.html";
+  var frameUrl = httpsTestRoot + "file_bug902350_frame.html";
+  let loadPromise = BrowserTestUtils.browserLoaded(testBrowser, false, url);
+  let frameLoadPromise = BrowserTestUtils.browserLoaded(
+    testBrowser,
+    true,
+    frameUrl
+  );
+  BrowserTestUtils.startLoadingURIString(testBrowser, url);
+  await loadPromise;
+  await frameLoadPromise;
+
+  // Find the iframe and click the link in it.
+  let insecureUrl = "http://example.com/";
+  let insecureLoadPromise = BrowserTestUtils.browserLoaded(
+    testBrowser,
+    false,
+    insecureUrl
+  );
+  SpecialPowers.spawn(testBrowser, [], function () {
+    var frame = content.document.getElementById("testing_frame");
+    var topTarget = frame.contentWindow.document.getElementById("topTarget");
+    topTarget.click();
+  });
+
+  // Navigating to insecure domain through target='_top' should succeed.
+  await insecureLoadPromise;
+
+  // The link click should not invoke the Mixed Content Blocker.
+  let { gIdentityHandler } = testBrowser.ownerGlobal;
+  ok(
+    !gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
+    "Mixed Content Doorhanger did not appear when trying to navigate top"
+  );
+
+  BrowserTestUtils.removeTab(newTab);
+});
-- 
cgit v1.2.3