From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- .../components/sessionstore/test/browser_911547.js | 82 ++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 browser/components/sessionstore/test/browser_911547.js (limited to 'browser/components/sessionstore/test/browser_911547.js') diff --git a/browser/components/sessionstore/test/browser_911547.js b/browser/components/sessionstore/test/browser_911547.js new file mode 100644 index 0000000000..1068d8e14b --- /dev/null +++ b/browser/components/sessionstore/test/browser_911547.js @@ -0,0 +1,82 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +// This test tests that session restore component does restore the right +// content security policy with the document. (The policy being tested +// disallows inline scripts). + +add_task(async function test() { + // allow top level data: URI navigations, otherwise clicking a data: link fails + await SpecialPowers.pushPrefEnv({ + set: [["security.data_uri.block_toplevel_data_uri_navigations", false]], + }); + // create a tab that has a CSP + let testURL = + "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html"; + let tab = (gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, testURL)); + gBrowser.selectedTab = tab; + + let browser = tab.linkedBrowser; + await promiseBrowserLoaded(browser); + + // this is a baseline to ensure CSP is active + // attempt to inject and run a script via inline (pre-restore, allowed) + await injectInlineScript( + browser, + `document.getElementById("test_id1").value = "id1_modified";` + ); + + let loadedPromise = promiseBrowserLoaded(browser); + await SpecialPowers.spawn(browser, [], function () { + is( + content.document.getElementById("test_id1").value, + "id1_initial", + "CSP should block the inline script that modifies test_id" + ); + content.document.getElementById("test_data_link").click(); + }); + + await loadedPromise; + + await SpecialPowers.spawn(browser, [], function () { + // eslint-disable-line + // the data: URI inherits the CSP and the inline script needs to be blocked + is( + content.document.getElementById("test_id2").value, + "id2_initial", + "CSP should block the script loaded by the clicked data URI" + ); + }); + + // close the tab + await promiseRemoveTabAndSessionState(tab); + + // open new tab and recover the state + tab = ss.undoCloseTab(window, 0); + await promiseTabRestored(tab); + browser = tab.linkedBrowser; + + await SpecialPowers.spawn(browser, [], function () { + // eslint-disable-line + // the data: URI should be restored including the inherited CSP and the + // inline script should be blocked. + is( + content.document.getElementById("test_id2").value, + "id2_initial", + "CSP should block the script loaded by the clicked data URI after restore" + ); + }); + + // clean up + gBrowser.removeTab(tab); +}); + +// injects an inline script element (with a text body) +function injectInlineScript(browser, scriptText) { + return SpecialPowers.spawn(browser, [scriptText], function (text) { + let scriptElt = content.document.createElement("script"); + scriptElt.type = "text/javascript"; + scriptElt.text = text; + content.document.body.appendChild(scriptElt); + }); +} -- cgit v1.2.3