/* Any copyright is dedicated to the Public Domain. * http://creativecommons.org/publicdomain/zero/1.0/ */ "use strict"; requestLongerTimeout(2); /** * This test ensures that form data collection respects the privacy level as * set by the user. */ add_task(async function test_formdata() { const URL = "http://mochi.test:8888/browser/browser/components/" + "sessionstore/test/browser_formdata_sample.html"; const OUTER_VALUE = "browser_formdata_" + Math.random(); const INNER_VALUE = "browser_formdata_" + Math.random(); // Creates a tab, loads a page with some form fields, // modifies their values and closes the tab. async function createAndRemoveTab() { // Create a new tab. let tab = BrowserTestUtils.addTab(gBrowser, URL); let browser = tab.linkedBrowser; await promiseBrowserLoaded(browser); // Modify form data. await setPropertyOfFormField(browser, "#txt", "value", OUTER_VALUE); await setPropertyOfFormField( browser.browsingContext.children[0], "#txt", "value", INNER_VALUE ); // Remove the tab. await promiseRemoveTabAndSessionState(tab); } await createAndRemoveTab(); let [ { state: { formdata }, }, ] = ss.getClosedTabData(window); is(formdata.id.txt, OUTER_VALUE, "outer value is correct"); is(formdata.children[0].id.txt, INNER_VALUE, "inner value is correct"); // Disable saving data for encrypted sites. Services.prefs.setIntPref("browser.sessionstore.privacy_level", 1); await createAndRemoveTab(); [ { state: { formdata }, }, ] = ss.getClosedTabData(window); is(formdata.id.txt, OUTER_VALUE, "outer value is correct"); ok(!formdata.children, "inner value was *not* stored"); // Disable saving data for any site. Services.prefs.setIntPref("browser.sessionstore.privacy_level", 2); await createAndRemoveTab(); [ { state: { formdata }, }, ] = ss.getClosedTabData(window); ok(!formdata, "form data has *not* been stored"); // Restore the default privacy level. Services.prefs.clearUserPref("browser.sessionstore.privacy_level"); }); /** * This test ensures that a malicious website can't trick us into restoring * form data into a wrong website and that we always check the stored URL * before doing so. */ add_task(async function test_url_check() { const URL = "data:text/html;charset=utf-8,"; const VALUE = "value-" + Math.random(); // Create a tab with an iframe containing an input field. let tab = BrowserTestUtils.addTab(gBrowser, URL); let browser = tab.linkedBrowser; await promiseBrowserLoaded(browser); // Restore a tab state with a given form data url. async function restoreStateWithURL(url) { let state = { entries: [{ url: URL, triggeringPrincipal_base64 }], formdata: { id: { input: VALUE } }, }; if (url) { state.formdata.url = url; } await promiseTabState(tab, state); return getPropertyOfFormField(browser, "#input", "value"); } // Check that the form value is restored with the correct URL. is(await restoreStateWithURL(URL), VALUE, "form data restored"); // Check that the form value is *not* restored with the wrong URL. is(await restoreStateWithURL(URL + "?"), "", "form data not restored"); is(await restoreStateWithURL(), "", "form data not restored"); // Cleanup. gBrowser.removeTab(tab); }); /** * This test ensures that collecting form data works as expected when having * nested frame sets. */ add_task(async function test_nested() { const URL = "data:text/html;charset=utf-8," + "