Bug 1267720 - Ensure that .open() on web content called with chrome privileges results in a new window with the appropriate principal. r?anybody draft
authorMike Conley <mconley@mozilla.com>
Mon, 02 May 2016 17:36:12 -0400
changeset 370967 f8bc67a0c635e314b4110fff5b5ed031f8906883
parent 370966 c4cc41f5a12c121710f88f7f82f77aee6274bef8
child 370968 bcc0f3e3ace1b67ba95d21d449010ac16f9b451d
push id19190
push usermconley@mozilla.com
push dateWed, 25 May 2016 17:23:31 +0000
reviewersanybody
bugs1267720
milestone49.0a1
Bug 1267720 - Ensure that .open() on web content called with chrome privileges results in a new window with the appropriate principal. r?anybody MozReview-Commit-ID: IG9ioQLTI78
embedding/components/windowwatcher/test/browser.ini
embedding/components/windowwatcher/test/browser_new_content_window_from_chrome_principal.js
--- a/embedding/components/windowwatcher/test/browser.ini
+++ b/embedding/components/windowwatcher/test/browser.ini
@@ -1,9 +1,10 @@
 [DEFAULT]
 support-files =
   head.js
 tags = openwindow
 
 [browser_new_content_window_chromeflags.js]
 [browser_new_remote_window_flags.js]
 run-if = e10s
+[browser_new_content_window_from_chrome_principal.js]
 [browser_new_sized_window.js]
new file mode 100644
--- /dev/null
+++ b/embedding/components/windowwatcher/test/browser_new_content_window_from_chrome_principal.js
@@ -0,0 +1,34 @@
+"use strict";
+
+// This magic value of 2 means that by default, when content tries
+// to open a new window, it'll actually open in a new window instead
+// of a new tab.
+Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("browser.link.open_newwindow");
+});
+
+/**
+ * Tests that if chrome-privileged code calls .open() on an
+ * unprivileged window, that the principal in the newly
+ * opened window is appropriately set.
+ */
+add_task(function* test_chrome_opens_window() {
+  let newWinPromise = BrowserTestUtils.waitForNewWindow();
+
+  yield ContentTask.spawn(gBrowser.selectedBrowser, null, function*() {
+    content.open("http://example.com", "_blank");
+  });
+
+  let win = yield newWinPromise;
+  let browser = win.gBrowser.selectedBrowser;
+  yield BrowserTestUtils.browserLoaded(browser);
+
+  yield ContentTask.spawn(browser, null, function*() {
+    Assert.equal(content.document.nodePrincipal.origin,
+                 "http://example.com",
+                 "Should have the example.com principal");
+  });
+
+  yield BrowserTestUtils.closeWindow(win);
+});
\ No newline at end of file