From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../sessionstore/test/browser_464620_a.js          | 64 ++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 browser/components/sessionstore/test/browser_464620_a.js

(limited to 'browser/components/sessionstore/test/browser_464620_a.js')

diff --git a/browser/components/sessionstore/test/browser_464620_a.js b/browser/components/sessionstore/test/browser_464620_a.js
new file mode 100644
index 0000000000..9052d7bec0
--- /dev/null
+++ b/browser/components/sessionstore/test/browser_464620_a.js
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+function test() {
+  /** Test for Bug 464620 (injection on input) **/
+
+  waitForExplicitFinish();
+
+  let testURL =
+    "http://mochi.test:8888/browser/" +
+    "browser/components/sessionstore/test/browser_464620_a.html";
+
+  var frameCount = 0;
+  let tab = BrowserTestUtils.addTab(gBrowser, testURL);
+  tab.linkedBrowser.addEventListener(
+    "load",
+    function loadListener(aEvent) {
+      // wait for all frames to load completely
+      if (frameCount++ < 4) {
+        return;
+      }
+      this.removeEventListener("load", loadListener, true);
+
+      executeSoon(function () {
+        frameCount = 0;
+        let tab2 = gBrowser.duplicateTab(tab);
+        tab2.linkedBrowser.addEventListener(
+          "464620_a",
+          function listener(eventTab2) {
+            tab2.linkedBrowser.removeEventListener("464620_a", listener, true);
+            is(aEvent.data, "done", "XSS injection was attempted");
+
+            // let form restoration complete and take into account the
+            // setTimeout(..., 0) in sss_restoreDocument_proxy
+            executeSoon(function () {
+              setTimeout(function () {
+                let win = tab2.linkedBrowser.contentWindow;
+                isnot(
+                  win.frames[0].document.location,
+                  testURL,
+                  "cross domain document was loaded"
+                );
+                ok(
+                  !/XXX/.test(win.frames[0].document.body.innerHTML),
+                  "no content was injected"
+                );
+
+                // clean up
+                gBrowser.removeTab(tab2);
+                gBrowser.removeTab(tab);
+
+                finish();
+              }, 0);
+            });
+          },
+          true,
+          true
+        );
+      });
+    },
+    true
+  );
+}
-- 
cgit v1.2.3