Bug 1211470 - r=zer0
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Wed, 14 Oct 2015 13:52:09 +0100
changeset 303863 f5d4d72d777215106e7ed8c8ddf326e9dc159734
parent 303862 681e438f6fccc1cd917499d0b64d5a5b45c04cf2
child 303864 b491da27641b5c0d7357b1e5584bf156ead8a107
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerszer0
bugs1211470
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1211470 - r=zer0
addon-sdk/source/test/test-panel.js
--- a/addon-sdk/source/test/test-panel.js
+++ b/addon-sdk/source/test/test-panel.js
@@ -1363,16 +1363,53 @@ exports["test Panel links"] = function*(
   let tab = yield wait(tabs, 'ready');
 
   assert.equal(tab.url, linkURL + '#',
       'link URL loaded in a new tab after click + accel');
 
   loader.unload();
 }
 
+exports["test Panel script allow property"] = function*(assert) {
+  const loader = Loader(module);
+  const { Panel } = loader.require('sdk/panel');
+  const { getActiveView } = loader.require('sdk/view/core');
+
+  const contentURL = 'data:text/html;charset=utf-8,' +
+    encodeURIComponent(`<body onclick='postMessage("got script click", "*")'>
+        <script>
+        document.body.appendChild(document.createElement('unwanted'))
+        </script>
+        </body>`);
+  let panel = Panel({
+    contentURL,
+    allow: {script: false},
+  });
+
+  panel.show();
+
+  yield wait(panel, 'show');
+
+  let { contentWindow } = getActiveView(panel).querySelector('iframe');
+
+  assert.equal(contentWindow.document.body.lastElementChild.localName, "script",
+               "Script should not have executed");
+
+  panel.allow.script = true;
+
+  let p = wait(contentWindow, "message");
+  let event = new contentWindow.MouseEvent('click', {});
+  contentWindow.document.body.dispatchEvent(event);
+
+  let msg = yield p;
+  assert.equal(msg.data, "got script click", "Should have seen script click");
+
+  loader.unload();
+};
+
 after(exports, function*(name, assert) {
   yield cleanUI();
   assert.pass("ui was cleaned.");
 });
 
 if (isTravisCI) {
   module.exports = {
     "test skip on jpm": (assert) => assert.pass("skipping this file with jpm")