From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../sessionstore/test/browser_464620_b.js | 64 ++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 browser/components/sessionstore/test/browser_464620_b.js (limited to 'browser/components/sessionstore/test/browser_464620_b.js') diff --git a/browser/components/sessionstore/test/browser_464620_b.js b/browser/components/sessionstore/test/browser_464620_b.js new file mode 100644 index 0000000000..005bb4cc27 --- /dev/null +++ b/browser/components/sessionstore/test/browser_464620_b.js @@ -0,0 +1,64 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +function test() { + /** Test for Bug 464620 (injection on DOM node insertion) **/ + + waitForExplicitFinish(); + + let testURL = + "http://mochi.test:8888/browser/" + + "browser/components/sessionstore/test/browser_464620_b.html"; + + var frameCount = 0; + let tab = BrowserTestUtils.addTab(gBrowser, testURL); + tab.linkedBrowser.addEventListener( + "load", + function loadListener(aEvent) { + // wait for all frames to load completely + if (frameCount++ < 6) { + return; + } + this.removeEventListener("load", loadListener, true); + + executeSoon(function () { + frameCount = 0; + let tab2 = gBrowser.duplicateTab(tab); + tab2.linkedBrowser.addEventListener( + "464620_b", + function listener(eventTab2) { + tab2.linkedBrowser.removeEventListener("464620_b", listener, true); + is(aEvent.data, "done", "XSS injection was attempted"); + + // let form restoration complete and take into account the + // setTimeout(..., 0) in sss_restoreDocument_proxy + executeSoon(function () { + setTimeout(function () { + let win = tab2.linkedBrowser.contentWindow; + isnot( + win.frames[1].document.location, + testURL, + "cross domain document was loaded" + ); + ok( + !/XXX/.test(win.frames[1].document.body.innerHTML), + "no content was injected" + ); + + // clean up + gBrowser.removeTab(tab2); + gBrowser.removeTab(tab); + + finish(); + }, 0); + }); + }, + true, + true + ); + }); + }, + true + ); +} -- cgit v1.2.3