1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const TEST_URI =
"data:text/html;charset=utf-8,<!DOCTYPE html><p>Test self-XSS protection</p>";
XPCOMUtils.defineLazyServiceGetter(
this,
"clipboardHelper",
"@mozilla.org/widget/clipboardhelper;1",
"nsIClipboardHelper"
);
const WebConsoleUtils =
require("resource://devtools/client/webconsole/utils.js").Utils;
const stringToCopy = "EvilCommand";
add_task(async function () {
await pushPref("devtools.chrome.enabled", false);
await pushPref("devtools.selfxss.count", 0);
const hud = await openNewTabAndConsole(TEST_URI);
const { ui } = hud;
const { document } = ui;
info("Self-xss paste tests");
WebConsoleUtils.usageCount = 0;
is(WebConsoleUtils.usageCount, 0, "Test for usage count getter");
// Input some commands to check if usage counting is working
for (let i = 0; i <= 3; i++) {
await executeAndWaitForResultMessage(hud, i.toString(), i);
}
is(WebConsoleUtils.usageCount, 4, "Usage count incremented");
WebConsoleUtils.usageCount = 0;
info(`Copy "${stringToCopy}" in clipboard`);
await waitForClipboardPromise(
() => clipboardHelper.copyString(stringToCopy),
stringToCopy
);
goDoCommand("cmd_paste");
const notificationbox = document.getElementById("webconsole-notificationbox");
const notification = notificationbox.querySelector(".notification");
is(
notification.getAttribute("data-key"),
"selfxss-notification",
"Self-xss notification shown"
);
is(getInputValue(hud), "", "Paste blocked by self-xss prevention");
// Allow pasting
const allowToken = "allow pasting";
for (const char of allowToken) {
EventUtils.sendString(char);
}
setInputValue(hud, "");
goDoCommand("cmd_paste");
is(getInputValue(hud), stringToCopy, "Paste works");
});
|