Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 53 insertions, 0 deletions

diff --git a/browser/components/sessionstore/test/browser_461743.js b/browser/components/sessionstore/test/browser_461743.js
new file mode 100644
index 0000000000..fd4501b5ac
--- /dev/null
+++ b/browser/components/sessionstore/test/browser_461743.js
@@ -0,0 +1,53 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function test() {
+  /** Test for Bug 461743 **/
+
+  waitForExplicitFinish();
+
+  let testURL =
+    "http://mochi.test:8888/browser/" +
+    "browser/components/sessionstore/test/browser_461743_sample.html";
+
+  let frameCount = 0;
+  let tab = BrowserTestUtils.addTab(gBrowser, testURL);
+  tab.linkedBrowser.addEventListener(
+    "load",
+    function loadListener(aEvent) {
+      // Wait for all frames to load completely.
+      if (frameCount++ < 2) {
+        return;
+      }
+      tab.linkedBrowser.removeEventListener("load", loadListener, true);
+      let tab2 = gBrowser.duplicateTab(tab);
+      tab2.linkedBrowser.addEventListener(
+        "461743",
+        function listener(eventTab2) {
+          tab2.linkedBrowser.removeEventListener("461743", listener, true);
+          is(aEvent.data, "done", "XSS injection was attempted");
+
+          executeSoon(function () {
+            let iframes = tab2.linkedBrowser.contentWindow.frames;
+            let innerHTML = iframes[1].document.body.innerHTML;
+            isnot(
+              innerHTML,
+              Cu.reportError.toString(),
+              "chrome access denied!"
+            );
+
+            // Clean up.
+            gBrowser.removeTab(tab2);
+            gBrowser.removeTab(tab);
+
+            finish();
+          });
+        },
+        true,
+        true
+      );
+    },
+    true
+  );
+}