From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../components/sessionstore/test/browser_466937.js | 51 ++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 browser/components/sessionstore/test/browser_466937.js

(limited to 'browser/components/sessionstore/test/browser_466937.js')

diff --git a/browser/components/sessionstore/test/browser_466937.js b/browser/components/sessionstore/test/browser_466937.js
new file mode 100644
index 0000000000..cca45fec3a
--- /dev/null
+++ b/browser/components/sessionstore/test/browser_466937.js
@@ -0,0 +1,51 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const URL = ROOT + "browser_466937_sample.html";
+
+/**
+ * Bug 466937 - Prevent file stealing with sessionstore.
+ */
+add_task(async function test_prevent_file_stealing() {
+  // Add a tab with some file input fields.
+  let tab = BrowserTestUtils.addTab(gBrowser, URL);
+  let browser = tab.linkedBrowser;
+  await promiseBrowserLoaded(browser);
+
+  // Generate a path to a 'secret' file.
+  let file = Services.dirsvc.get("TmpD", Ci.nsIFile);
+  file.append("466937_test.file");
+  file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+  let testPath = file.path;
+
+  // Fill in form values.
+  await setPropertyOfFormField(
+    browser,
+    "#reverse_thief",
+    "value",
+    "/home/user/secret2"
+  );
+  await setPropertyOfFormField(browser, "#bystander", "value", testPath);
+
+  // Duplicate and check form values.
+  let tab2 = gBrowser.duplicateTab(tab);
+  let browser2 = tab2.linkedBrowser;
+  await promiseTabRestored(tab2);
+
+  let thief = await getPropertyOfFormField(browser2, "#thief", "value");
+  is(thief, "", "file path wasn't set to text field value");
+  let reverse_thief = await getPropertyOfFormField(
+    browser2,
+    "#reverse_thief",
+    "value"
+  );
+  is(reverse_thief, "", "text field value wasn't set to full file path");
+  let bystander = await getPropertyOfFormField(browser2, "#bystander", "value");
+  is(bystander, testPath, "normal case: file path was correctly preserved");
+
+  // Cleanup.
+  gBrowser.removeTab(tab);
+  gBrowser.removeTab(tab2);
+});
-- 
cgit v1.2.3