caps/tests/mochitest/test_bug423375.html
author Mozilla Releng Treescript <release+treescript@mozilla.org>
Sun, 28 Feb 2021 23:52:32 +0000
changeset 635405 a7aa120e47fffaa66b8fc171d1c5e20f58e38a1b
parent 627677 65394ac48dd4109dfa728d726646e9adda540fe5
permissions -rw-r--r--
No bug - Tagging c850f93582ef95f2ca5dd2a1f37e3d475fa05cd7 with DEVEDITION_87_0b4_RELEASE a=release CLOSED TREE DONTBUILD

<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=423375
-->
<head>
  <title>Test for Bug 423375</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=423375">Mozilla Bug 423375</a>
<p id="display"></p>
<div id="content" style="display: none">
<iframe id="load-frame"></iframe>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">

/**
 ** Test for Bug 423375
 ** (content shouldn't be able to load chrome: or resource:)
 **/
function tryLoad(url) {
    try {
        window.frames[0].location = url;
        return "loaded";
    } catch (e) {
        if (/Access.*denied/.test(String(e))) {
          return "denied";
        }
        return "unexpected: " + e;
    }
}

is(tryLoad("chrome://global/content/mozilla.html"), "denied",
   "content should have been prevented from loading chrome: URL");
is(tryLoad("resource://gre-resources/html.css"), "denied",
   "content should have been prevented from loading resource: URL");
</script>
</pre>
</body>
</html>