Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-02 15:15:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8f899ebf07
gecko-dev/browser/components/sessionstore/test/browser_463205.js
Tim Taubert c78635bf60 Bug 947212 - Tests for broadcasting form data r=yoric 
From 53d47a84c35781e73545eab3e665d63c742a9d20 Mon Sep 17 00:00:00 2001

--HG--
rename : browser/components/sessionstore/test/browser_346337_sample.html => browser/components/sessionstore/test/browser_formdata_xpath_sample.html
2013-12-04 10:15:43 +01:00

43 lines
1.2 KiB
JavaScript
Raw Blame History

/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const URL = ROOT + "browser_463205_sample.html";
/**
* Bug 463205 - Check URLs before restoring form data to make sure a malicious
* website can't modify frame URLs and make us inject form data into the wrong
* web pages.
*/
add_task(function test_check_urls_before_restoring() {
// Add a blank tab.
let tab = gBrowser.addTab("about:blank");
let browser = tab.linkedBrowser;
yield promiseBrowserLoaded(browser);
// Restore form data with a valid URL.
ss.setTabState(tab, getState(URL));
yield promiseTabRestored(tab);
let value = yield getInputValue(browser, {id: "text"});
is(value, "foobar", "value was restored");
// Restore form data with an invalid URL.
ss.setTabState(tab, getState("http://example.com/"));
yield promiseTabRestored(tab);
let value = yield getInputValue(browser, {id: "text"});
is(value, "", "value was not restored");
// Cleanup.
gBrowser.removeTab(tab);
});
function getState(url) {
return JSON.stringify({
entries: [{url: URL}],
formdata: {url: url, id: {text: "foobar"}}
});
}
Reference in New Issue View Git Blame Copy Permalink