caps/tests/mochitest/test_bug423375.html
author Emilio Cobos Álvarez <emilio@crisal.io>
Sat, 12 Jan 2019 16:49:39 +0100
changeset 453672 d884f9b54dc622c7e499633aec2180c236ea5ed5
parent 357095 b99cdf171a9b0f01b3018266d656af50d5273d2d
child 469640 c9c0c6f2eed54a187e124942e53c3660b4cf17d8
permissions -rw-r--r--
Bug 1519639 - Update cbindgen config and generated FFI header. r=jrmuizel Differential Revision: https://phabricator.services.mozilla.com/D16391

<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=423375
-->
<head>
  <title>Test for Bug 423375</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=423375">Mozilla Bug 423375</a>
<p id="display"></p>
<div id="content" style="display: none">
<iframe id="load-frame"></iframe>  
</div>
<pre id="test">
<script class="testbody" type="text/javascript">

/**
 ** Test for Bug 423375
 ** (content shouldn't be able to load chrome: or resource:)
 **/
function tryLoad(url) {
    try {
        window.frames[0].location = url;
        return "loaded";
    } catch (e) {
        if (/Access.*denied/.test(String(e))) {
          return "denied";
        }
        return "unexpected: " + e;
    }
}

is(tryLoad("chrome://global/content/mozilla.xhtml"), "denied",
   "content should have been prevented from loading chrome: URL");
is(tryLoad("resource://gre-resources/html.css"), "denied",
   "content should have been prevented from loading resource: URL");
</script>
</pre>
</body>
</html>