From 43a97878ce14b72f0981164f87f2e35e14151312 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:22:09 +0200 Subject: Adding upstream version 110.0.1. Signed-off-by: Daniel Baumann --- .../sessionstore/test/browser_formdata.js | 227 +++++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 browser/components/sessionstore/test/browser_formdata.js (limited to 'browser/components/sessionstore/test/browser_formdata.js') diff --git a/browser/components/sessionstore/test/browser_formdata.js b/browser/components/sessionstore/test/browser_formdata.js new file mode 100644 index 0000000000..b265fd0f25 --- /dev/null +++ b/browser/components/sessionstore/test/browser_formdata.js @@ -0,0 +1,227 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +requestLongerTimeout(2); + +/** + * This test ensures that form data collection respects the privacy level as + * set by the user. + */ +add_task(async function test_formdata() { + const URL = + "http://mochi.test:8888/browser/browser/components/" + + "sessionstore/test/browser_formdata_sample.html"; + + const OUTER_VALUE = "browser_formdata_" + Math.random(); + const INNER_VALUE = "browser_formdata_" + Math.random(); + + // Creates a tab, loads a page with some form fields, + // modifies their values and closes the tab. + async function createAndRemoveTab() { + // Create a new tab. + let tab = BrowserTestUtils.addTab(gBrowser, URL); + let browser = tab.linkedBrowser; + await promiseBrowserLoaded(browser); + + // Modify form data. + await setPropertyOfFormField(browser, "#txt", "value", OUTER_VALUE); + await setPropertyOfFormField( + browser.browsingContext.children[0], + "#txt", + "value", + INNER_VALUE + ); + + // Remove the tab. + await promiseRemoveTabAndSessionState(tab); + } + + await createAndRemoveTab(); + let [ + { + state: { formdata }, + }, + ] = ss.getClosedTabData(window); + is(formdata.id.txt, OUTER_VALUE, "outer value is correct"); + is(formdata.children[0].id.txt, INNER_VALUE, "inner value is correct"); + + // Disable saving data for encrypted sites. + Services.prefs.setIntPref("browser.sessionstore.privacy_level", 1); + + await createAndRemoveTab(); + [ + { + state: { formdata }, + }, + ] = ss.getClosedTabData(window); + is(formdata.id.txt, OUTER_VALUE, "outer value is correct"); + ok(!formdata.children, "inner value was *not* stored"); + + // Disable saving data for any site. + Services.prefs.setIntPref("browser.sessionstore.privacy_level", 2); + + await createAndRemoveTab(); + [ + { + state: { formdata }, + }, + ] = ss.getClosedTabData(window); + ok(!formdata, "form data has *not* been stored"); + + // Restore the default privacy level. + Services.prefs.clearUserPref("browser.sessionstore.privacy_level"); +}); + +/** + * This test ensures that a malicious website can't trick us into restoring + * form data into a wrong website and that we always check the stored URL + * before doing so. + */ +add_task(async function test_url_check() { + const URL = "data:text/html;charset=utf-8,"; + const VALUE = "value-" + Math.random(); + + // Create a tab with an iframe containing an input field. + let tab = BrowserTestUtils.addTab(gBrowser, URL); + let browser = tab.linkedBrowser; + await promiseBrowserLoaded(browser); + + // Restore a tab state with a given form data url. + async function restoreStateWithURL(url) { + let state = { + entries: [{ url: URL, triggeringPrincipal_base64 }], + formdata: { id: { input: VALUE } }, + }; + + if (url) { + state.formdata.url = url; + } + + await promiseTabState(tab, state); + return getPropertyOfFormField(browser, "#input", "value"); + } + + // Check that the form value is restored with the correct URL. + is(await restoreStateWithURL(URL), VALUE, "form data restored"); + + // Check that the form value is *not* restored with the wrong URL. + is(await restoreStateWithURL(URL + "?"), "", "form data not restored"); + is(await restoreStateWithURL(), "", "form data not restored"); + + // Cleanup. + gBrowser.removeTab(tab); +}); + +/** + * This test ensures that collecting form data works as expected when having + * nested frame sets. + */ +add_task(async function test_nested() { + const URL = + "data:text/html;charset=utf-8," + + "