mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-11-07 11:48:19 +02:00
381332c51e
This was generated with the script at https://bug1544051.bmoattachments.org/attachment.cgi?id=9058672 Differential Revision: https://phabricator.services.mozilla.com/D27761 --HG-- extra : moz-landing-system : lando
139 lines
4.9 KiB
HTML
139 lines
4.9 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<head>
|
|
<title>Test for form history on type=password</title>
|
|
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<script src="/tests/SimpleTest/EventUtils.js"></script>
|
|
<script type="text/javascript" src="satchel_common.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
Test for form history on type=password
|
|
(based on test_bug_511615.html)
|
|
<p id="display"></p>
|
|
|
|
<!-- we presumably can't hide the content for this test. -->
|
|
<div id="content">
|
|
<datalist id="datalist1">
|
|
<option>value10</option>
|
|
<option>value11</option>
|
|
<option>value12</option>
|
|
</datalist>
|
|
<form id="form1" onsubmit="return false;">
|
|
<!-- Don't set the type to password until rememberSignons is false since we
|
|
want to test when rememberSignons is false. -->
|
|
<input type="to-be-password" name="field1" list="datalist1">
|
|
<button type="submit">Submit</button>
|
|
</form>
|
|
<!-- Same as form1 but with an insecure HTTP action -->
|
|
<form id="form2" onsubmit="return false;" action="http://mochi.test/">
|
|
<input type="to-be-password" name="field1" list="datalist1">
|
|
<button type="submit">Submit</button>
|
|
</form>
|
|
</div>
|
|
|
|
<pre id="test">
|
|
<script class="testbody" type="text/javascript">
|
|
var resolvePopupShownListener;
|
|
registerPopupShownListener(() => resolvePopupShownListener());
|
|
|
|
function waitForNextPopup() {
|
|
return new Promise(resolve => { resolvePopupShownListener = resolve; });
|
|
}
|
|
|
|
/**
|
|
* Indicates the time to wait before checking that the state of the autocomplete
|
|
* popup, including whether it is open, has not changed in response to events.
|
|
*
|
|
* Manual testing on a fast machine revealed that 80ms was still unreliable,
|
|
* while 100ms detected a simulated failure reliably. Unfortunately, this means
|
|
* that to take into account slower machines we should use a larger value.
|
|
*
|
|
* Note that if a machine takes more than this time to show the popup, this
|
|
* would not cause a failure, conversely the machine would not be able to detect
|
|
* whether the test should have failed. In other words, this use of timeouts is
|
|
* never expected to cause intermittent failures with test automation.
|
|
*/
|
|
const POPUP_RESPONSE_WAIT_TIME_MS = 200;
|
|
|
|
SimpleTest.requestFlakyTimeout("Must ensure that an event does not happen.");
|
|
|
|
/**
|
|
* Checks that the popup does not open in response to the given function.
|
|
*
|
|
* @param {Function} triggerFn - function that triggers an event
|
|
* @returns {Promise}
|
|
*/
|
|
function expectPopupDoesNotOpen(triggerFn) {
|
|
let popupShown = waitForNextPopup();
|
|
triggerFn();
|
|
return Promise.race([
|
|
popupShown.then(() => Promise.reject("Popup opened unexpectedly.")),
|
|
new Promise(resolve => setTimeout(resolve, POPUP_RESPONSE_WAIT_TIME_MS)),
|
|
]);
|
|
}
|
|
|
|
add_task(async function test_initialize() {
|
|
await SpecialPowers.pushPrefEnv({set: [["signon.rememberSignons", false]]});
|
|
|
|
is(window.location.protocol, "https:", "This test must run on HTTPS");
|
|
|
|
// Now that rememberSignons is false, create the password fields.
|
|
$_(1, "field1").type = "password";
|
|
$_(2, "field1").type = "password";
|
|
|
|
await new Promise(resolve => updateFormHistory([
|
|
{ op: "remove" },
|
|
{ op: "add", fieldname: "field1", value: "value1" },
|
|
{ op: "add", fieldname: "field1", value: "value2" },
|
|
{ op: "add", fieldname: "field1", value: "value3" },
|
|
{ op: "add", fieldname: "field1", value: "value4" },
|
|
{ op: "add", fieldname: "field1", value: "value5" },
|
|
{ op: "add", fieldname: "field1", value: "value6" },
|
|
{ op: "add", fieldname: "field1", value: "value7" },
|
|
{ op: "add", fieldname: "field1", value: "value8" },
|
|
{ op: "add", fieldname: "field1", value: "value9" },
|
|
], resolve));
|
|
});
|
|
|
|
add_task(async function test_secure_noFormHistoryOrWarning() {
|
|
let input = $_(1, "field1");
|
|
|
|
// The autocomplete popup should not open under any circumstances on
|
|
// type=password with password manager disabled.
|
|
for (let triggerFn of [
|
|
() => input.focus(),
|
|
() => input.click(),
|
|
() => synthesizeKey("KEY_ArrowDown"),
|
|
() => synthesizeKey("KEY_PageDown"),
|
|
() => synthesizeKey("KEY_Enter"),
|
|
() => sendString("v "),
|
|
() => synthesizeKey("KEY_Backspace"),
|
|
]) {
|
|
ok(true, "Testing: " + triggerFn.toString());
|
|
// We must wait for the entire timeout for each individual test, because the
|
|
// next event in the list might prevent the popup from opening.
|
|
await expectPopupDoesNotOpen(triggerFn);
|
|
}
|
|
|
|
// Close the popup.
|
|
input.blur();
|
|
});
|
|
|
|
add_task(async function test_insecure_focusWarning() {
|
|
// Form 2 has an insecure action so should show the warning even if password manager is disabled.
|
|
let input = $_(2, "field1");
|
|
let shownPromise = waitForNextPopup();
|
|
input.focus();
|
|
await shownPromise;
|
|
|
|
ok(getMenuEntries()[0].includes("Logins entered here could be compromised"),
|
|
"Check warning is first");
|
|
|
|
// Close the popup
|
|
input.blur();
|
|
});
|
|
</script>
|
|
</pre>
|
|
</body>
|
|
</html>
|