From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../browser_csp_sandbox_no_script_js_uri.js        | 55 ++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js

(limited to 'docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js')

diff --git a/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js b/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js
new file mode 100644
index 0000000000..d0b92084ec
--- /dev/null
+++ b/docshell/test/browser/browser_csp_sandbox_no_script_js_uri.js
@@ -0,0 +1,55 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const TEST_PATH = getRootDirectory(gTestPath).replace(
+  "chrome://mochitests/content",
+  "https://example.com"
+);
+
+/**
+ * Test that javascript URIs in CSP-sandboxed contexts can't be used to bypass
+ * script restrictions.
+ */
+add_task(async function test_csp_sandbox_no_script_js_uri() {
+  await BrowserTestUtils.withNewTab(
+    TEST_PATH + "dummy_page.html",
+    async browser => {
+      info("Register observer and wait for javascript-uri-blocked message.");
+      let observerPromise = SpecialPowers.spawn(browser, [], () => {
+        return new Promise(resolve => {
+          SpecialPowers.addObserver(function obs(subject) {
+            ok(
+              subject == content,
+              "Should block script spawned via javascript uri"
+            );
+            SpecialPowers.removeObserver(
+              obs,
+              "javascript-uri-blocked-by-sandbox"
+            );
+            resolve();
+          }, "javascript-uri-blocked-by-sandbox");
+        });
+      });
+
+      info("Spawn csp-sandboxed iframe with javascript URI");
+      let frameBC = await SpecialPowers.spawn(
+        browser,
+        [TEST_PATH + "file_csp_sandbox_no_script_js_uri.html"],
+        async url => {
+          let frame = content.document.createElement("iframe");
+          let loadPromise = ContentTaskUtils.waitForEvent(frame, "load", true);
+          frame.src = url;
+          content.document.body.appendChild(frame);
+          await loadPromise;
+          return frame.browsingContext;
+        }
+      );
+
+      info("Click javascript URI link in iframe");
+      BrowserTestUtils.synthesizeMouseAtCenter("a", {}, frameBC);
+      await observerPromise;
+    }
+  );
+});
-- 
cgit v1.2.3