# HG changeset patch # User Luca Greco Bug 1214658 - test content script APIs are not injected in arbitrary web pages r=kmag --- ...injection.js => file_ext_test_api_injection.js} | 0 .../extensions/test/mochitest/mochitest.ini | 3 +- .../test_ext_background_api_injection.html | 2 +- .../test_ext_contentscript_api_injection.html | 88 ++++++++++++++++++++++ 4 files changed, 91 insertions(+), 2 deletions(-) rename toolkit/components/extensions/test/mochitest/{file_ext_background_api_injection.js => file_ext_test_api_injection.js} (100%) create mode 100644 toolkit/components/extensions/test/mochitest/test_ext_contentscript_api_injection.html diff --git a/toolkit/components/extensions/test/mochitest/file_ext_background_api_injection.js b/toolkit/components/extensions/test/mochitest/file_ext_test_api_injection.js similarity index 100% rename from toolkit/components/extensions/test/mochitest/file_ext_background_api_injection.js rename to toolkit/components/extensions/test/mochitest/file_ext_test_api_injection.js diff --git a/toolkit/components/extensions/test/mochitest/mochitest.ini b/toolkit/components/extensions/test/mochitest/mochitest.ini index 678e286..56c5284 100644 --- a/toolkit/components/extensions/test/mochitest/mochitest.ini +++ b/toolkit/components/extensions/test/mochitest/mochitest.ini @@ -15,25 +15,26 @@ support-files = file_style_redirect.css file_script_good.js file_script_bad.js file_script_redirect.js file_script_xhr.js file_sample.html redirection.sjs file_privilege_escalation.html - file_ext_background_api_injection.js + file_ext_test_api_injection.js file_permission_xhr.html file_ext_collect_security_errors.js [test_ext_simple.html] [test_ext_geturl.html] [test_ext_contentscript.html] skip-if = buildapp == 'b2g' # runat != document_idle is not supported. [test_ext_contentscript_create_iframe.html] +[test_ext_contentscript_api_injection.html] [test_ext_i18n_css.html] [test_ext_generate.html] [test_ext_localStorage.html] [test_ext_onmessage_removelistener.html] [test_ext_notifications.html] [test_ext_permission_xhr.html] skip-if = buildapp == 'b2g' # JavaScript error: jar:remoteopenfile:///data/local/tmp/generated-extension.xpi!/content.js, line 46: NS_ERROR_ILLEGAL_VALUE: [test_ext_runtime_connect.html] diff --git a/toolkit/components/extensions/test/mochitest/test_ext_background_api_injection.html b/toolkit/components/extensions/test/mochitest/test_ext_background_api_injection.html index b5f7602..45d2290 100644 --- a/toolkit/components/extensions/test/mochitest/test_ext_background_api_injection.html +++ b/toolkit/components/extensions/test/mochitest/test_ext_background_api_injection.html @@ -20,17 +20,17 @@ add_task(function* testBackgroundWindow() { browser.test.log("background script executed"); window.location = `${BASE}/file_privilege_escalation.html`; }, }); let awaitConsole = new Promise(resolve => { let chromeScript = SpecialPowers.loadChromeScript( - SimpleTest.getTestFileURL("file_ext_background_api_injection.js")); + SimpleTest.getTestFileURL("file_ext_test_api_injection.js")); chromeScript.addMessageListener("console-message", resolve); }); yield extension.startup(); let message = yield awaitConsole; diff --git a/toolkit/components/extensions/test/mochitest/test_ext_contentscript_api_injection.html b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_api_injection.html new file mode 100644 index 0000000..42ea425 --- /dev/null +++ b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_api_injection.html @@ -0,0 +1,88 @@ + + + + Test for privilege escalation into iframe with content script APIs + + + + + + + + + + + + + + +