Bug 1359204 - Test view-source can open link is not blocked by security policies. r=gijs a=gchang
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Wed, 10 May 2017 18:43:22 +0200
changeset 393984 a2a06bf22eaddd2d59da7c8a61e328f9587ca3cd
parent 393983 1c5f3f6b6dc2e1eba5abbfae2c2d083618c6adb7
child 393985 029eee8618cf6abc8ba9506f91fece92d070e5ea
push id7321
push usercbook@mozilla.com
push dateThu, 18 May 2017 06:45:08 +0000
treeherdermozilla-beta@0884adb687d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgijs, gchang
bugs1359204
milestone54.0
Bug 1359204 - Test view-source can open link is not blocked by security policies. r=gijs a=gchang
docshell/test/browser/browser.ini
docshell/test/browser/browser_click_link_within_view_source.js
docshell/test/browser/file_click_link_within_view_source.html
--- a/docshell/test/browser/browser.ini
+++ b/docshell/test/browser/browser.ini
@@ -41,16 +41,17 @@ support-files =
   test-form_sjis.html
   timelineMarkers-04.html
   browser_timelineMarkers-frame-02.js
   browser_timelineMarkers-frame-03.js
   browser_timelineMarkers-frame-04.js
   browser_timelineMarkers-frame-05.js
   head.js
   frame-head.js
+  file_click_link_within_view_source.html
 
 [browser_bug1206879.js]
 [browser_bug1309900_crossProcessHistoryNavigation.js]
 [browser_bug134911.js]
 [browser_bug234628-1.js]
 [browser_bug234628-10.js]
 [browser_bug234628-11.js]
 [browser_bug234628-2.js]
@@ -94,8 +95,9 @@ skip-if = true # Bug 1220415
 [browser_ua_emulation.js]
 [browser_grouped_shistory_dead_navigate.js]
 skip-if = !e10s
 [browser_grouped_shistory_crossproc.js]
 skip-if = !e10s
 [browser_grouped_shistory_bfcache_cleaning.js]
 skip-if = !e10s
 [browser_history_triggeringprincipal_viewsource.js]
+[browser_click_link_within_view_source.js]
new file mode 100644
--- /dev/null
+++ b/docshell/test/browser/browser_click_link_within_view_source.js
@@ -0,0 +1,60 @@
+"use strict";
+
+/**
+ * Test for Bug 1359204
+ *
+ * Loading a local file, then view-source on that file. Make sure that
+ * clicking a link within that view-source page is not blocked by security checks.
+ */
+
+add_task(function* test_click_link_within_view_source() {
+  let TEST_FILE = "file_click_link_within_view_source.html";
+  let TEST_FILE_URI = getChromeDir(getResolvedURI(gTestPath));
+  TEST_FILE_URI.append(TEST_FILE);
+  TEST_FILE_URI = Services.io.newFileURI(TEST_FILE_URI).spec;
+
+  let DUMMY_FILE = "dummy_page.html";
+  let DUMMY_FILE_URI = getChromeDir(getResolvedURI(gTestPath));
+  DUMMY_FILE_URI.append(DUMMY_FILE);
+  DUMMY_FILE_URI = Services.io.newFileURI(DUMMY_FILE_URI).spec;
+
+  yield BrowserTestUtils.withNewTab(TEST_FILE_URI, function*(aBrowser) {
+    let tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+    info("loading: " + tabSpec);
+    ok(tabSpec.startsWith("file://") && tabSpec.endsWith(TEST_FILE),
+       "sanity check to make sure html loaded");
+
+    info("click view-source of html");
+    let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser);
+    document.getElementById("View:PageSource").doCommand();
+
+    let tab = yield tabPromise;
+    tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+    info("loading: " + tabSpec);
+    ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(TEST_FILE),
+       "loading view-source of html succeeded");
+
+    info("click testlink within view-source page");
+    let loadPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser, false, url => url.endsWith("dummy_page.html"));
+    yield ContentTask.spawn(gBrowser.selectedBrowser, {}, function*() {
+      if (content.document.readyState != "complete") {
+        yield ContentTaskUtils.waitForEvent(content.document, "readystatechange", false, () =>
+          content.document.readyState == "complete");
+      }
+      // document.getElementById() does not work on a view-source page, hence we use document.links
+      let linksOnPage = content.document.links;
+      is (linksOnPage.length, 1, "sanity check: make sure only one link is present on page");
+      let myLink = content.document.links[0];
+      myLink.click();
+    });
+
+    yield loadPromise;
+
+    tabSpec = gBrowser.selectedBrowser.currentURI.spec;
+    info("loading: " + tabSpec);
+    ok(tabSpec.startsWith("view-source:file://") && tabSpec.endsWith(DUMMY_FILE),
+       "loading view-source of html succeeded");
+
+    yield BrowserTestUtils.removeTab(tab);
+  });
+});
new file mode 100644
--- /dev/null
+++ b/docshell/test/browser/file_click_link_within_view_source.html
@@ -0,0 +1,6 @@
+<html>
+<head> <meta charset="utf-8"> </head>
+  <body>
+  <a id="testlink" href="dummy_page.html">clickme</a>
+  </body>
+</html>