summaryrefslogtreecommitdiffstats
path: root/dom/base/test/test_pdf_print.html
blob: 6e73ae2a09cb59d204ba47b93375ba83779baefa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title><!-- TODO: insert title here --></title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none">
  <script>
    SimpleTest.waitForExplicitFinish();
    const blob = new Blob(["x"], { type: "application/pdf" });
    const blobURL = URL.createObjectURL(blob);
    const blobFrame = document.createElement("iframe");
    blobFrame.src = blobURL;
    document.getElementById("content").appendChild(blobFrame);

    const dataURL = "data:application/pdf,";
    const dataFrame = document.createElement("iframe");
    dataFrame.src = dataURL;
    document.getElementById("content").appendChild(dataFrame);

    addLoadEvent(function() {
      // blob:// URLs inherit their origin, so the window inside blobFrame
      // should be same-orgin with us except for the PDF viewer messing with
      // origins.
      const printFunc = blobFrame.contentWindow.print;
      is(typeof printFunc, "function", "Should have a 'print' function");
      ok(Object.getOwnPropertyNames(blobFrame.contentWindow).includes("print"),
         "Should see 'print' property in property names");

      try {
        // data: URLs get nonce origins, so the window inside dataFrame is not
        // same-origin with us in any way.
        dataFrame.contentWindow.print;
        ok(false, "Should throw on cross-origin .print access");
      } catch (e) {
        ok(/Permission denied/.test(e.message), "Should have a security error");
      }
      ok(!Object.getOwnPropertyNames(dataFrame.contentWindow).includes("print"),
         "Should not see 'print' property in property names");

      try {
        printFunc.call(dataFrame.contentWindow);
        ok(false, "Should throw on cross-origin call");
      } catch (e) {
        ok(/Permission to call/.test(e.message),
           "Should have a security error for call");
      }

      // It'd be nice to test that calling the function works right, but if it
      // does it'll put up the print dialog, which is not helpful in an
      // automated test.
      SimpleTest.finish();
    });
  </script>
</div>
<pre id="test"></pre>
</body>
</html>