diff options
Diffstat (limited to '')
-rw-r--r-- | dom/base/test/test_pdf_print.html | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/dom/base/test/test_pdf_print.html b/dom/base/test/test_pdf_print.html new file mode 100644 index 0000000000..6e73ae2a09 --- /dev/null +++ b/dom/base/test/test_pdf_print.html @@ -0,0 +1,62 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title><!-- TODO: insert title here --></title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" href="/tests/SimpleTest/test.css"/> +</head> +<body> +<p id="display"></p> +<div id="content" style="display: none"> + <script> + SimpleTest.waitForExplicitFinish(); + const blob = new Blob(["x"], { type: "application/pdf" }); + const blobURL = URL.createObjectURL(blob); + const blobFrame = document.createElement("iframe"); + blobFrame.src = blobURL; + document.getElementById("content").appendChild(blobFrame); + + const dataURL = "data:application/pdf,"; + const dataFrame = document.createElement("iframe"); + dataFrame.src = dataURL; + document.getElementById("content").appendChild(dataFrame); + + addLoadEvent(function() { + // blob:// URLs inherit their origin, so the window inside blobFrame + // should be same-orgin with us except for the PDF viewer messing with + // origins. + const printFunc = blobFrame.contentWindow.print; + is(typeof printFunc, "function", "Should have a 'print' function"); + ok(Object.getOwnPropertyNames(blobFrame.contentWindow).includes("print"), + "Should see 'print' property in property names"); + + try { + // data: URLs get nonce origins, so the window inside dataFrame is not + // same-origin with us in any way. + dataFrame.contentWindow.print; + ok(false, "Should throw on cross-origin .print access"); + } catch (e) { + ok(/Permission denied/.test(e.message), "Should have a security error"); + } + ok(!Object.getOwnPropertyNames(dataFrame.contentWindow).includes("print"), + "Should not see 'print' property in property names"); + + try { + printFunc.call(dataFrame.contentWindow); + ok(false, "Should throw on cross-origin call"); + } catch (e) { + ok(/Permission to call/.test(e.message), + "Should have a security error for call"); + } + + // It'd be nice to test that calling the function works right, but if it + // does it'll put up the print dialog, which is not helpful in an + // automated test. + SimpleTest.finish(); + }); + </script> +</div> +<pre id="test"></pre> +</body> +</html> |