nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/browser/components/sessionstore/test/browser_911547.js
Blake Kaplan 66ff3b755f Bug 1346286 - Remove CPOWs from browser_911547.js. r=Felipe 
MozReview-Commit-ID: 3Y5K84X2EIe

--HG--
extra : rebase_source : 3ef4c073a92ab580d0baa1caa0a1cd14e5bec160
2017-03-09 11:36:28 -08:00

63 lines
2.3 KiB
JavaScript
Raw Blame History

/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
// This tests that session restore component does restore the right content
// security policy with the document.
// The policy being tested disallows inline scripts
add_task(function* test() {
// create a tab that has a CSP
let testURL = "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html";
let tab = gBrowser.selectedTab = gBrowser.addTab(testURL);
gBrowser.selectedTab = tab;
let browser = tab.linkedBrowser;
yield promiseBrowserLoaded(browser);
// this is a baseline to ensure CSP is active
// attempt to inject and run a script via inline (pre-restore, allowed)
yield injectInlineScript(browser, `document.getElementById("test_id").value = "fail";`);
let loadedPromise = promiseBrowserLoaded(browser);
yield ContentTask.spawn(browser, null, function() {
is(content.document.getElementById("test_id").value, "ok",
"CSP should block the inline script that modifies test_id");
// attempt to click a link to a data: URI (will inherit the CSP of the
// origin document) and navigate to the data URI in the link.
content.document.getElementById("test_data_link").click();
});
yield loadedPromise;
yield ContentTask.spawn(browser, null, function() {
is(content.document.getElementById("test_id2").value, "ok",
"CSP should block the script loaded by the clicked data URI");
});
// close the tab
yield promiseRemoveTab(tab);
// open new tab and recover the state
tab = ss.undoCloseTab(window, 0);
yield promiseTabRestored(tab);
browser = tab.linkedBrowser;
yield ContentTask.spawn(browser, null, function() {
is(content.document.getElementById("test_id2").value, "ok",
"CSP should block the script loaded by the clicked data URI after restore");
});
// clean up
gBrowser.removeTab(tab);
});
// injects an inline script element (with a text body)
function injectInlineScript(browser, scriptText) {
return ContentTask.spawn(browser, scriptText, function(text) {
let scriptElt = content.document.createElement("script");
scriptElt.type = "text/javascript";
scriptElt.text = text;
content.document.body.appendChild(scriptElt);
});
}
View git blame Copy permalink