diff -r 5762daf9bc10 docshell/test/Makefile.in
--- a/docshell/test/Makefile.in	Mon Aug 16 09:46:35 2010 -0700
+++ b/docshell/test/Makefile.in	Tue Aug 17 16:35:39 2010 -0700
@@ -63,6 +63,12 @@
 		test_bug123696.html \
 		bug123696-subframe.html \
 		test_bug344861.html \
+		test_bug354493_1.html \
+		file_bug354493_1.sjs \
+		file_bug354493_1_main.html \
+		file_bug354493_1_main.js \
+		test_bug354493_2.html \
+		file_bug354493_2_main.html \
 		test_bug369814.html \
 		bug369814.zip \
 		bug369814.jar \
diff -r 5762daf9bc10 docshell/test/file_bug354493_1.sjs
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_1.sjs	Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,48 @@
+// SJS file for mochitests of bug 354493 (test_bug354493_1.html).
+
+function handleRequest(request, response)
+{
+  var query = {};
+  request.queryString.split('&').forEach(function (val) {
+    var [name, value] = val.split('=');
+    query[name] = unescape(value);
+  });
+
+  //avoid confusing cache behaviors
+  response.setHeader("Cache-Control", "no-cache", false);
+
+  var isPreflight = request.method == "OPTIONS";
+  if (isPreflight) {
+    // Allow cross-site XHR
+    response.setHeader("Access-Control-Allow-Origin", "*");
+    response.setHeader("Access-Control-Allow-Methods", "*");
+  }
+
+  if ("type" in query) {
+    response.setHeader("Content-Type", unescape(query['type']), false);
+  } else {
+    response.setHeader("Content-Type", "text/html", false);
+  }
+
+  if ("redirect" in query) {
+    response.setStatusLine("1.1", 302, "Found");
+    response.setHeader("Location", unescape(query["redirect"]), false);
+
+  } else if ("refresh" in query) {
+    response.setHeader("Refresh", "0; url=" + unescape(query["refresh"]), false);
+    response.write("");
+
+  } else if ("content" in query) {
+    response.write(unescape(query['content']));
+
+  } else if ("testid" in query) {
+    response.write("");
+
+  } else if ("getState" in query) {
+    response.write(received);
+
+  } else if ("resetState" in query) {
+    response.setHeader("Content-Type", "text/html", false);
+    response.write("done");
+  }
+}
diff -r 5762daf9bc10 docshell/test/file_bug354493_1_main.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_1_main.html	Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,82 @@
+<html>
+  <head>
+    <link rel='stylesheet' type='text/css'
+          href='http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=style_private&type=text/css' />
+    <link rel='stylesheet' type='text/css'
+          href='file_bug354493_1.sjs?testid=style_same&type=text/css' />
+
+    <!--
+    Favicon test disabled for now. See comments in test_bug354493_1.html.
+    <link rel="icon" href="http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=favicon_private&type=image/x-icon"/>
+    -->
+
+    <style>
+      /* CSS font embedding tests */
+      @font-face {
+        font-family: "arbitrary_private";
+        src: url('http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=font_private&type=application/octet-stream');
+      }
+      @font-face {
+        font-family: "arbitrary_same";
+        src: url('file_bug354493_1.sjs?testid=font_same&type=application/octet-stream');
+      }
+      .div_arbitrary_private { font-family: "arbitrary_private"; }
+      .div_arbitrary_same { font-family: "arbitrary_same"; }
+    </style>
+    <script src='file_bug354493_1_main.js'></script>
+  </head>
+  <body>
+    <!-- Requests to private addresses. These will be blocked if this page was
+         loaded from a public address. -->
+    <img src="http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=img_private&type=img/png" />
+    <iframe src='http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=frame_private&content=FAIL'></iframe>
+    <audio src="http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=media_private&type=audio/vorbis"></audio>
+    <object width="10" height="10">
+      <param name="movie" value="http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=object_param_private&type=application/x-shockwave-flash">
+      <embed src="http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=object_private&type=application/x-shockwave-flash"></embed>
+    </object>
+    <script src='http://172.16.0.0/tests/docshell/test/file_bug354493_1.sjs?testid=script_private&type=text/javascript'></script>
+
+    <!-- Requests to the same host as this page was loaded from. These should
+         always be allowed. -->
+    <img src="file_bug354493_1.sjs?testid=img_same&type=img/png" />
+    <script src='file_bug354493_1.sjs?testid=script_same&type=text/javascript'></script>
+    <iframe src='file_bug354493_1.sjs?testid=frame_same&content=PASS'></iframe>
+    <audio src="file_bug354493_1.sjs?testid=media_same&type=audio/vorbis"></audio>
+    <object width="10" height="10">
+      <!-- Use of <param> is for IE, included here just for grins. No request is made. -->
+      <param name="movie" value="file_bug354493_1.sjs?testid=object_param_same&type=application/x-shockwave-flash">
+      <!--  TODO(jsamuel): The invalid/empty value returned from the server
+            can cause the following error in the error console:
+            Error: Permission denied for <http://192.0.2.0> to get property
+            Location.toString from <http://mochi.test:8888>.  -->
+      <embed src="file_bug354493_1.sjs?testid=object_same&type=application/x-shockwave-flash"></embed>
+    </object>
+
+    <!-- Support elements for the @font-face test -->
+    <div class="div_arbitrary_private">arbitrary_private</div>
+    <div class="div_arbitrary_same">arbitrary_same</div>
+
+    <iframe id="testframe" name="testframe1"></iframe>
+    <iframe id="testframe" name="testframe2"></iframe>
+
+	<form method="post" target="testframe1">
+	  <input type="text" name="q" value="foobar" />
+	</form>
+    <form method="post" target="testframe2">
+      <input type="text" name="q" value="foobar" />
+    </form>
+
+    <!-- Location header redirection tests -->
+    <img src="file_bug354493_1.sjs?redirect=http%3A//172.16.0.0/tests/docshell/test/file_bug354493_1.sjs%3Ftestid%3Dimg_redir_private%26type%3Dimg/png" />
+    <img src="file_bug354493_1.sjs?redirect=/tests/docshell/test/file_bug354493_1.sjs%3Ftestid%3Dimg_redir_same%26type%3Dimg/png" />
+
+    <!-- Refresh header redirection tests -->
+    <iframe src="file_bug354493_1.sjs?refresh=http%3A//172.16.0.0/tests/docshell/test/file_bug354493_1.sjs%3Ftestid%3Drefresh_header_private%26content%3Dprivate"></iframe>
+    <iframe src="file_bug354493_1.sjs?refresh=/tests/docshell/test/file_bug354493_1.sjs%3Ftestid%3Drefresh_header_same%26content%3Dsame"></iframe>
+
+    <!-- Meta refresh tests -->
+    <iframe src="file_bug354493_1.sjs?refresh=http%3A//172.16.0.0/tests/docshell/test/file_bug354493_1.sjs%3Ftestid%3Drefresh_header_private%26content%3Dprivate"></iframe>
+    <iframe src="file_bug354493_1.sjs?refresh=/tests/docshell/test/file_bug354493_1.sjs%3Ftestid%3Drefresh_header_same%26content%3Dsame"></iframe>
+  </body>
+</html>
diff -r 5762daf9bc10 docshell/test/file_bug354493_1_main.js
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_1_main.js	Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,144 @@
+/*
+ * This script is included by file_bug354493_main.html. Various requests are
+ * initiated which test_bug354493.html watches to ensure they are correctly
+ * allowed or blocked.
+ */
+
+function createIframe() {
+  var iframe = window.document.createElement('iframe');
+  window.document.body.appendChild(iframe);
+  return iframe;
+}
+
+function doOnload() {
+
+  var privatePrefix = "http://172.16.0.0/tests/docshell/test/";
+  var samePrefix = window.location.protocol + "//" + window.location.host +
+    "/tests/docshell/test/";
+
+  // Frame src
+  var frame;
+  frame = createIframe();
+  frame.src = privatePrefix + "file_bug354493_1.sjs?testid=frame_src_private";
+  frame = createIframe();
+  frame.src = samePrefix + "file_bug354493_1.sjs?testid=frame_src_same";
+
+  // XHR (file_bug354493_1.sjs allows cross-site XHR)
+  try {
+    var xhr_private = new XMLHttpRequest();
+    var xhr_private_uri = privatePrefix + "file_bug354493_1.sjs?testid=xhr_private";
+    xhr_private.open("GET", xhr_private_uri, false);
+    xhr_private.send(null);
+  } catch(e) {}
+  try {
+    var xhr_same = new XMLHttpRequest();
+    var xhr_same_uri = samePrefix + "file_bug354493_1.sjs?testid=xhr_same";
+    xhr_same.open("GET", xhr_same_uri, false);
+    xhr_same.send(null);
+  } catch(e) {}
+
+  // Form submissions
+  var form = window.document.forms[0];
+  form.action = privatePrefix + "file_bug354493_1.sjs?testid=form_post_private";
+  form.submit();
+  form = window.document.forms[1];
+  form.action = samePrefix + "file_bug354493_1.sjs?testid=form_post_same";
+  form.submit();
+
+  // Frame content sets its own location.href
+  var privateContent = "<html><head><script>location.href='" + privatePrefix +
+    "file_bug354493_1.sjs?testid=location_href_private'</script></head></html>";
+  var mochiContent = "<html><head><script>location.href='" + samePrefix +
+    "file_bug354493_1.sjs?testid=location_href_same'</script></head></html>";
+  frame = createIframe();
+  frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(privateContent);
+  frame = createIframe();
+  frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(mochiContent);
+
+  // Meta refresh
+  var privateContent = "<html><head><meta http-equiv='Refresh' content='0; url=" +
+    privatePrefix + "file_bug354493_1.sjs?testid=meta_refresh_private' /></head></html>";
+  var mochiContent = "<html><head><meta http-equiv='Refresh' content='0; url=" +
+    samePrefix + "file_bug354493_1.sjs?testid=meta_refresh_same' /></head></html>";
+  frame = createIframe();
+  frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(privateContent);
+  frame = createIframe();
+  frame.src = samePrefix + "file_bug354493_1.sjs?content=" + escape(mochiContent);
+
+  // The opener will close all of the windows we put in |childWindows|.
+  window.childWindows = [];
+  var win;
+
+  // Use of window.open()
+  win = window.open(privatePrefix + "file_bug354493_1.sjs?testid=window_open_private");
+  window.childWindows.push(win);
+  win = window.open(samePrefix + "file_bug354493_1.sjs?testid=window_open_same");
+  window.childWindows.push(win);
+
+  // Write to window opened as "about:blank".
+  win = window.open("about:blank");
+  window.childWindows.push(win);
+  var html = "<html><body>";
+  html += "<img src='" + privatePrefix +
+    "file_bug354493_1.sjs?testid=window_write_img_private' />";
+  html += "<img src='" + samePrefix +
+    "file_bug354493_1.sjs?testid=window_write_img_same' />";
+  html += "</body></html>";
+  win.document.write(html);
+
+  // Write to blank window opened with an empty location ("").
+  // This does actually turn out to be different/trickier than the
+  // window_write_img test above which opens the window with "about:blank".
+  win = window.open("");
+  window.childWindows.push(win);
+  var html = "<html><head>";
+  html += "<script src='" + privatePrefix +
+    "file_bug354493_1.sjs?testid=window_write_script_private'></script>";
+  html += "<script src='" + samePrefix +
+    "file_bug354493_1.sjs?testid=window_write_script_same'></script>";
+  html += "</head><body></body></html>";
+  win.document.write(html);
+  win.document.close();
+
+  // Iframe with 'data:' URI opens window to 'data:' URI that requests content
+  html = "<html><body>";
+  html += "<img src='" + privatePrefix +
+    "file_bug354493_1.sjs?testid=data_window_private' />";
+  html += "<img src='" + samePrefix +
+    "file_bug354493_1.sjs?testid=data_window_same' />";
+  html += "</body></html>";
+  // Use a specific window name so it's easier to close the window.
+  var windowName = "dataURIWindow";
+  var openedWindowData = "data:text/html;charset=utf-8," + escape(html);
+  var iframeHtml = "<html><body><script>window.open('" + openedWindowData +
+    "', '" + windowName + "')</script></body></html>";
+  var iframeData = "data:text/html;charset=utf-8," + escape(iframeHtml);
+  frame = createIframe();
+  frame.src = iframeData;
+
+  // Iframes with 'javascript:' URIs that set their location
+  var uri = "javascript:location.href='" + privatePrefix +
+    "file_bug354493_1.sjs?testid=javascript_uri_private'";
+  frame = createIframe();
+  frame.src = uri;
+  var uri = "javascript:location.href='" + samePrefix +
+    "file_bug354493_1.sjs?testid=javascript_uri_same'";
+  frame = createIframe();
+  frame.src = uri;
+
+  // Flash can be tested by creating a swf using something like the following:
+  // ---- file_bug354493.as ----
+  // class RequestTest {
+  //   function RequestTest() {
+  //   }
+  //   static function main(mc) {
+  //     getURL("http://172.16.0.0/tests/docshell/test/" +
+  //            "file_bug354493_1.sjs?testid=flash_private");
+  //   }
+  // }
+  // ---------------------------
+  // The above actionscript file can be compiled with mtasc:
+  // $ mtasc -swf file_bug354493.swf -main -header 800:600:20 file_bug354493.as
+}
+
+window.addEventListener('load', doOnload, false);
diff -r 5762daf9bc10 docshell/test/file_bug354493_2_main.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/file_bug354493_2_main.html	Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,12 @@
+<html>
+  <head>
+    <title>file_bug354493_2_main.html</title>
+  </head>
+  <body onload="window.opener.postMessage('loaded', '*');">
+    This page posts a message back to its opener.<br />
+    <a href="http://192.0.2.0/tests/docshell/test/file_bug354493_2_main.html?link"
+      id="public_link">public address link</a><br />
+    <a href="http://172.16.0.0/tests/docshell/test/file_bug354493_2_main.html?link"
+      id="private_link">private address link</a>
+  </body>
+</html>
diff -r 5762daf9bc10 docshell/test/test_bug354493_1.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/test_bug354493_1.html	Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,298 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<title>Test 1 for bug 354493</title>
+<script type="text/javascript" src="/MochiKit/packed.js"></script>
+<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content" style="display: none"></div>
+
+<script class="testbody" type="text/javascript">
+
+// It would be nice to add tests where the source/dest are https. This would
+// need to take into account the restriction on IP addresses for common names
+// that is being added by bug 553754.
+
+const PATH = "/tests/docshell/test/";
+
+/*
+ * Each of these will be two requests, one with testid X_private and the other
+ * with testid X_same. "private" means the host is 172.16.0.0, "same" means
+ * the host is the same as where file_bug354493_1_main.html is loaded.
+ */
+const REQUESTS = ["img", "style", "frame", "script", "media", "font", "object",
+                  "frame_src", "xhr", "form_post", "location_href",
+                  "window_open", "img_redir", "refresh_header", "meta_refresh",
+                  "window_write_img", "window_write_script", "data_window",
+                  "javascript_uri"];
+
+/*
+ * Each of these will be a single requests with testid X_private.
+ */
+//const PRIVATE_ADDR_REQUESTS = ["favicon"];
+// The "favicon" test has been removed because it will incorrectly cause tests
+// to fail. Manual testing shows <link rel="icon"> to be correctly restricted.
+const PRIVATE_ADDR_REQUESTS = [];
+
+// Windows by these names need to be closed after each test.
+var NAMED_CHILD_WINDOWS = ["dataURIWindow"];
+
+// Remove an item from an array. Return true if the item was removed, false
+// if the item wasn't in the array.
+function RequestSet ()
+{
+}
+RequestSet.prototype.record = function(item)
+{
+  if (item in this) {
+    // Don't check that it's false; repeated requests are ok.
+    this[item] = true;
+    return true;
+  } else {
+    return false;
+  }
+}
+RequestSet.prototype.remaining = function(item)
+{
+  var temp = [];
+  for (var item in this) {
+    if (!this[item]) {
+      temp.push(item);
+    }
+  }
+  return temp;
+}
+RequestSet.prototype.isComplete = function(item)
+{
+  return this.remaining(item).length == 0;
+}
+
+function TestGroup(requests, privateRequests, isPrivateRestricted, startFunc,
+    endFunc)
+{
+  this.attempted = new RequestSet();
+  this.allowed = new RequestSet();
+  this.blocked = new RequestSet();
+  this.startFunc = startFunc;
+  this.endFunc = endFunc;
+  for (var i = 0; i < requests.length; i++) {
+    item = requests[i];
+    // All requests are initiated.
+    this.attempted[item + "_same"] = false;
+    this.attempted[item + "_private"] = false;
+    // Same IP address group requests are always allowed.
+    this.allowed[item + "_same"] = false;
+    // Private IP address requests may be blocked depending on the test. That
+    // is, when the request originates from an http proxied page or a private
+    // address page, it is allowed. When the request originates from a public
+    // address page, the request is blocked.
+    var allowedOrBlocked = isPrivateRestricted ? this.blocked : this.allowed;
+    allowedOrBlocked[item + "_private"] = false;
+  }
+  for (var i = 0; i < privateRequests; i++) {
+    // These are requests where only the X_private request is made for this
+    // testid.
+    item = privateRequests[i];
+    this.attempted[item + "_private"] = false;
+    var allowedOrBlocked = isPrivateRestricted ? this.blocked : this.allowed;
+    allowedOrBlocked[item + "_private"] = false;
+  }
+}
+TestGroup.prototype = {
+  recordAttempted : function(testid)
+  {
+    //dump("attempted: " + testid + "\n");
+    ok(this.attempted.record(testid), "No such attempted testid: " + testid);
+  },
+  recordAllowed : function(testid)
+  {
+    //dump("allowed: " + testid + "\n");
+    ok(this.allowed.record(testid), "Request not blocked: " + testid);
+    // If a request was improperly allowed, the test will hang if it thinks
+    // it's still waiting for it to be blocked.
+    if (!this.allowed.record(testid)) {
+      this.blocked.record(testid)
+    }
+  },
+  recordBlocked : function(testid)
+  {
+    //dump("blocked: " + testid + "\n");
+    ok(this.blocked.record(testid), "Request not allowed: " + testid);
+    // If a request was improperly blocked, the test will hang if it thinks
+    // it's still waiting for it to be allowed.
+    if (!this.blocked.record(testid)) {
+      this.allowed.record(testid)
+    }
+  },
+  isFinished : function()
+  {
+    //dump("~~~~~~~~~~ checking isFinished...\n");
+    //dump("Remaining attempted: " + this.attempted.remaining() + "\n");
+    //dump("Remaining allowed: " + this.allowed.remaining() + "\n");
+    //dump("Remaining blocked: " + this.blocked.remaining() + "\n");
+    return this.attempted.isComplete() && this.allowed.isComplete() &&
+        this.blocked.isComplete();
+  }
+}
+
+
+window.testGroups = [];
+
+window.currentWinOrFrame = null;
+
+
+// Test 1 opens a window at a public address that makes requests to both
+// public and private addresses. Requests to private addresses should be
+// blocked.
+function startFunc1()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var publicUrl = "http://192.0.2.0" + PATH + 'file_bug354493_1_main.html';
+  window.currentWinOrFrame = window.open(publicUrl);
+}
+function endFunc()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var win = window.currentWinOrFrame;
+  var ww = Components.classes["@mozilla.org/embedcomp/window-watcher;1"].
+    getService(Components.interfaces.nsIWindowWatcher);
+  NAMED_CHILD_WINDOWS.forEach(function(name) {
+        ww.getWindowByName(name, win).close();
+      });
+  win.childWindows.forEach(function(wind) { wind.close(); });
+  win.close();
+}
+// For now, we only use PRIVATE_ADDR_REQUESTS in this test. See the comments
+// where PRIVATE_ADDR_REQUESTS is defined.
+window.testGroups.push(new TestGroup(REQUESTS, PRIVATE_ADDR_REQUESTS, true,
+    startFunc1, endFunc));
+
+// Test 2 opens a window at a private address that makes requests to both
+// public and private addresses. Nothing should be blocked.
+function startFunc2()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var publicUrl = "http://172.16.0.0" + PATH + 'file_bug354493_1_main.html';
+  window.currentWinOrFrame = window.open(publicUrl);
+}
+window.testGroups.push(new TestGroup(REQUESTS, [], false, startFunc2,
+    endFunc));
+
+// The following tests are disabled to decrease total mochitest running time.
+// Test 4 in particular doesn't feel essential because if requests from pages
+// loaded through HTTP proxies were blocked, then we wouldn't be able to open
+// the initial window to run tests 1 and 2 above.
+
+/*
+// Test 3 loads an iframe at a public address that makes requests to both
+// public and private addresses. Requests to private addresses should be
+// blocked.
+function startFunc3()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var publicUrl = "http://192.0.2.0" + PATH + 'file_bug354493_1_main.html';
+  var frame = document.createElement("iframe");
+  document.body.appendChild(frame);
+  frame.src = publicUrl;
+  window.currentWinOrFrame = frame;
+}
+function endFuncFrame()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var frame = window.currentWinOrFrame;
+  var ww = Components.classes["@mozilla.org/embedcomp/window-watcher;1"].
+    getService(Components.interfaces.nsIWindowWatcher);
+  NAMED_CHILD_WINDOWS.forEach(function(name) {
+        ww.getWindowByName(name, window).close();
+      });
+  frame.contentWindow.childWindows.forEach(function(wind) { wind.close(); });
+  document.body.removeChild(frame);
+}
+window.testGroups.push(new TestGroup(REQUESTS, PRIVATE_ADDR_REQUESTS, true,
+    startFunc3, endFuncFrame));
+
+
+// Test 4 opens a window at an http proxied address that makes requests to both
+// public and private addresses. Nothing should be blocked.
+function startFunc4()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var publicUrl = "http://mochi.test:8888" + PATH + 'file_bug354493_1_main.html';
+  window.currentWinOrFrame = window.open(publicUrl);
+}
+window.testGroups.push(new TestGroup(REQUESTS, [], false, startFunc4, endFunc));
+*/
+
+function examiner()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var obsvc = Components.classes['@mozilla.org/observer-service;1']
+                     .getService(Components.interfaces.nsIObserverService);
+  obsvc.addObserver(this, "address-restriction-on-violation", false);
+  obsvc.addObserver(this, "http-on-modify-request", false);
+  obsvc.addObserver(this, "http-on-examine-response", false);
+}
+examiner.prototype = {
+  observe: function(subject, topic, data)
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+
+    if(!subject.QueryInterface)
+      return;
+
+    var testpat = new RegExp("testid=([a-z0-9_]+)");
+    var uri = subject.QueryInterface(Components.interfaces.nsIHttpChannel).URI;
+    if (!testpat.test(uri.asciiSpec))
+      return;
+    var testid = testpat.exec(uri.asciiSpec)[1];
+
+    if (topic === "http-on-modify-request") {
+      // All requests, including address-restricted ones, pass through here.
+      window.curTestGroup.recordAttempted(testid);
+    } else if(topic === "http-on-examine-response") {
+      // These were allowed.
+      window.curTestGroup.recordAllowed(testid);
+    } else if(topic === "address-restriction-on-violation") {
+      // These were blocked.
+      window.curTestGroup.recordBlocked(testid);
+    }
+
+    if(window.curTestGroup.isFinished()) {
+      window.curTestGroup.endFunc();
+      window.curTestGroup = window.testGroups.pop();
+      if (window.curTestGroup) {
+        setTimeout(window.curTestGroup.startFunc, 0);
+      } else {
+        // All tests are completed.
+        this.unregister();
+        SimpleTest.finish();
+      }
+    }
+  },
+
+  // Must remove the observers or mochitests might get borked.
+  unregister: function()
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+    var obsvc = Components.classes['@mozilla.org/observer-service;1']
+                         .getService(Components.interfaces.nsIObserverService);
+    obsvc.removeObserver(this, "address-restriction-on-violation");
+    obsvc.removeObserver(this, "http-on-modify-request");
+    obsvc.removeObserver(this, "http-on-examine-response");
+  }
+}
+
+window.examiner = new examiner();
+
+// Start the tests.
+window.curTestGroup = window.testGroups.pop();
+window.curTestGroup.startFunc();
+
+SimpleTest.waitForExplicitFinish();
+
+</script>
+</body>
+</html>
diff -r 5762daf9bc10 docshell/test/test_bug354493_2.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docshell/test/test_bug354493_2.html	Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,352 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<title>Test 2 for bug 354493</title>
+<script type="text/javascript" src="/MochiKit/packed.js"></script>
+<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+<script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content" style="display: none"></div>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * This file opens a new window and performs the following individual tests:
+ *
+ * 1) loads a public address page with loadURI(), checks the effective referrer
+ *    address reported by the docshell,
+ * 2) loads a private address page in the same window with loadURI(), checks
+ *    the effective referrer address,
+ * 3) navigates the window back in the history one entry (to the public address
+ *    page) and again checks the effective referrer address reported by the
+ *    docshell, and finally
+ * 4) loads the private address page again (not going forward in history to do
+ *    it), ensures it was loaded only from cache, and checks the effective
+ *    referrer address reported by the docshell.
+ * 5) loads a private address page and then clicks a link in that page. The
+ *    link is to a public address and is allowed.
+ * 6) clicks a link from a public address page to a private address page. The
+ *    request is blocked.
+ */
+
+const PATH = "/tests/docshell/test/";
+const FILE = "file_bug354493_2_main.html";
+
+var gWin;
+var tests = [];
+var currentTest = null;
+
+/**
+ * Creates a channel that we don't intend to actually open.
+ */
+function makeHttpChannel()
+{
+  netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+  var ios = Components.classes["@mozilla.org/network/io-service;1"]
+                      .getService(Components.interfaces.nsIIOService);
+  return ios.newChannel("http://mochi.test:8888", null, null)
+                .QueryInterface(Components.interfaces.nsIHttpChannel);
+}
+
+/**
+ * Each test has a "startTest" function and an "endTest" function. Tests will
+ * ensure that handleEvent is called when the test is ready to have its
+ * "endTest" function called.
+ */
+function handleEvent(e)
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  var startTest, endTest;
+  [startTest, endTest] = currentTest;
+  if (endTest) {
+    endTest();
+  }
+  startNextTest();
+}
+
+/**
+ * Initial setup performed before any tests run.
+ */
+function setup()
+{
+  window.addEventListener("message", handleEvent, false);
+  gWin = window.open('about:blank');
+}
+
+/**
+ * Cleanup code run when all tests are complete.
+ */
+function cleanup()
+{
+  gWin.close();
+}
+
+function getWebNav()
+{
+  return gWin.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
+             .getInterface(Components.interfaces.nsIWebNavigation);
+}
+
+function getDocShell()
+{
+  return getWebNav().QueryInterface(Components.interfaces.nsIDocShell)
+}
+
+function loadInWin(uri)
+{
+  getWebNav().loadURI(uri, null, null, null, null);
+}
+
+function startNextTest()
+{
+  netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+  if (!currentTest) {
+    setup();
+  }
+  currentTest = tests.shift();
+  if (currentTest) {
+    var startTest, endTest;
+    [startTest, endTest] = currentTest;
+    startTest();
+  } else {
+    cleanup();
+    SimpleTest.finish();
+  }
+}
+
+function generateDocShellTester(address, allowNoDocChannel)
+{
+  return function()
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+    var docShell = getDocShell();
+
+    // Check what the docshell says should be considered to be the referring
+    // address for requests initiated by the loaded document.
+    var chan = makeHttpChannel();
+    var refAddr = docShell.getEffectiveReferrerAddress(chan);
+    is(refAddr, address, "Wrong effective referrer address");
+
+    // We should get the same answer if we pass null as the channel.
+    refAddr = docShell.getEffectiveReferrerAddress(null);
+    is(refAddr, address, "Wrong effective referrer address");
+
+    // Ensure that if we ask for the effective referrer address of the current
+    // document's channel, it doesn't tell us the channel's own address. In this
+    // case, we should get an empty string (no referrer address) because the
+    // opener (this file) is from http://mochi.test:8888 which is obtained
+    // through an HTTP proxy.
+    chan = docShell.currentDocumentChannel;
+    // It seems that when the history change occurs, currentDocumentChannel is
+    // null. It seems safe to skip these test in that situation.
+    if (chan) {
+      var expectedUri = "http://" + address + PATH + FILE;
+      var specWithoutQueryString = chan.URI.spec.split('?')[0];
+      is(specWithoutQueryString, expectedUri, "Wrong URI spec");
+
+      refAddr = docShell.getEffectiveReferrerAddress(chan);
+      is(refAddr, "", "Wrong effective referrer address");
+    } else {
+      ok(allowNoDocChannel, "We expected there to be a document channel.");
+    }
+  }
+}
+
+
+// Test 1: Load a public address.
+function test1start()
+{
+  var uri = "http://192.0.2.0" + PATH + FILE;
+  loadInWin(uri);
+}
+tests.push([test1start, generateDocShellTester("192.0.2.0")]);
+
+
+// Test 2: Load a private address.
+function test2start()
+{
+  // For Test 3, we need to know when the public page that is currently loaded
+  // is navigated back to through history.
+  gWin.addEventListener("pageshow", handleEvent, false);
+
+  var uri = "http://172.16.0.0" + PATH + FILE;
+  loadInWin(uri);
+}
+tests.push([test2start, generateDocShellTester("172.16.0.0")]);
+
+
+// Test 3: Navigate back through history to the public address page.
+function test3start()
+{
+  ok(getWebNav().canGoBack, "Expected to be able to go back.")
+  getWebNav().goBack();
+}
+function test3end()
+{
+  gWin.removeEventListener("pageshow", handleEvent, false);
+
+  generateDocShellTester("192.0.2.0", true);
+}
+tests.push([test3start, test3end]);
+
+
+// Test 4: Load the private address page again. This load should happen from
+// cache. That's what we're trying to test here: that cache-loads have their
+// original IP address available. Even though history navigation can use the
+// cache, the way in which the IP address is made available is different. That
+// is, though both the history entry and the cache entry store an IP address,
+// the history tests above were testing the accessibility of the address stored
+// in the history entry only.
+var cacheRead = false;
+var responseObserver = {
+  observe : function(subject, topic, data)
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+    var uri = subject.QueryInterface(Components.interfaces.nsIHttpChannel).URI;
+    if (uri.spec == "http://172.16.0.0" + PATH + FILE) {
+      cacheRead = true;
+    }
+  }
+};
+function test4start()
+{
+  // Add an observer to ensure that the request really is read from cache.
+  var obs = Components.classes['@mozilla.org/observer-service;1']
+                      .getService(Components.interfaces.nsIObserverService);
+  obs.addObserver(responseObserver, "http-on-examine-cached-response", false);
+
+  var uri = "http://172.16.0.0" + PATH + FILE;
+  loadInWin(uri);
+}
+function test4end()
+{
+  var obs = Components.classes['@mozilla.org/observer-service;1']
+                      .getService(Components.interfaces.nsIObserverService);
+  obs.removeObserver(responseObserver, "http-on-examine-cached-response");
+
+  ok(cacheRead, "Test 4's request was not read from cache.");
+  generateDocShellTester("172.16.0.0")();
+}
+tests.push([test4start, test4end]);
+
+
+// Test 5A: Load a private address page.
+function test5Astart()
+{
+  var uri = "http://192.0.2.0" + PATH + FILE;
+  loadInWin(uri);
+}
+tests.push([test5Astart, null]);
+
+// Test 5B: Click a link to a public address page.
+function test5Bstart()
+{
+  sendMouseEvent({type: "click"}, "public_link", gWin);
+}
+tests.push([test5Bstart, generateDocShellTester("192.0.2.0")]);
+
+
+// Test 6: Click a link to a private address page. We expect this to be blocked
+// as the current page is from a public address.
+var blockObserver6 = {
+  observe : function(subject, topic, data)
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+    var uri = subject.QueryInterface(Components.interfaces.nsIHttpChannel).URI;
+    var expectedSpec = "http://172.16.0.0" + PATH + FILE + "?link";
+    is(uri.spec, expectedSpec, "Incorrect request was blocked");
+    handleEvent();
+  }
+};
+var allowObserver6 = {
+  observe : function(subject, topic, data)
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+    var uri = subject.QueryInterface(Components.interfaces.nsIHttpChannel).URI;
+    var expectedSpec = "http://172.16.0.0" + PATH + FILE + "?link";
+    if (uri.spec == expectedSpec) {
+      ok(false, "Private address link click was not blocked");
+      handleEvent();
+    }
+  }
+};
+function test6start()
+{
+  var obsvc = Components.classes['@mozilla.org/observer-service;1']
+    .getService(Components.interfaces.nsIObserverService);
+  obsvc.addObserver(blockObserver6, "address-restriction-on-violation", false);
+  obsvc.addObserver(allowObserver6, "http-on-examine-response", false);
+
+  sendMouseEvent({type: "click"}, "private_link", gWin);
+}
+function test6end()
+{
+  var obsvc = Components.classes['@mozilla.org/observer-service;1']
+    .getService(Components.interfaces.nsIObserverService);
+  obsvc.removeObserver(blockObserver6, "address-restriction-on-violation");
+  obsvc.removeObserver(allowObserver6, "http-on-examine-response");
+}
+tests.push([test6start, test6end]);
+
+
+// Test 7: Test the address restrictions "enable" pref. Set the pref to "false"
+// and try the blocked request from test 6 again.
+var blockObserver7 = {
+  observe : function(subject, topic, data)
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+    var uri = subject.QueryInterface(Components.interfaces.nsIHttpChannel).URI;
+    var expectedSpec = "http://172.16.0.0" + PATH + FILE + "?link";
+    ok(false, "Private address link click was blocked when pref is disabled");
+    handleEvent();
+  }
+};
+var allowObserver7 = {
+  observe : function(subject, topic, data)
+  {
+    netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+    var uri = subject.QueryInterface(Components.interfaces.nsIHttpChannel).URI;
+    var expectedSpec = "http://172.16.0.0" + PATH + FILE + "?link";
+    if (uri.spec == expectedSpec) {
+      ok(true, "Private address link click was not blocked");
+      handleEvent();
+    }
+  }
+};
+function test7start()
+{
+  var prefs = Components.classes["@mozilla.org/preferences-service;1"].
+    getService(Components.interfaces.nsIPrefBranch);
+  prefs.setBoolPref("security.address-restrictions.enable", false);
+
+  var obsvc = Components.classes['@mozilla.org/observer-service;1']
+    .getService(Components.interfaces.nsIObserverService);
+  obsvc.addObserver(blockObserver7, "address-restriction-on-violation", false);
+  obsvc.addObserver(allowObserver7, "http-on-examine-response", false);
+
+  sendMouseEvent({type: "click"}, "private_link", gWin);
+}
+function test7end()
+{
+  var prefs = Components.classes["@mozilla.org/preferences-service;1"].
+    getService(Components.interfaces.nsIPrefBranch);
+  prefs.setBoolPref("security.address-restrictions.enable", true);
+
+  var obsvc = Components.classes['@mozilla.org/observer-service;1']
+    .getService(Components.interfaces.nsIObserverService);
+  obsvc.removeObserver(blockObserver7, "address-restriction-on-violation");
+  obsvc.removeObserver(allowObserver7, "http-on-examine-response");
+}
+tests.push([test7start, test7end]);
+
+
+// Start the tests.
+SimpleTest.waitForExplicitFinish();
+startNextTest();
+
+</script>
+</body>
+</html>
diff -r 5762daf9bc10 netwerk/test/unit/test_addressrestrictionservice.js
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/netwerk/test/unit/test_addressrestrictionservice.js	Tue Aug 17 16:35:39 2010 -0700
@@ -0,0 +1,113 @@
+/* -*- Mode: JavaScript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+
+/* Tests for the Address Service */
+
+var addrs = Components
+    .classes["@mozilla.org/network/address-restriction-service;1"]
+    .getService(Components.interfaces.nsIAddressRestrictionService);
+
+function run_test() {
+
+  var i;
+
+  if (addrs.ADDRESS_GROUP_UNKNOWN >= addrs.ADDRESS_GROUP_LOCAL) {
+    do_throw("Address group numeric ordering incorrect.");
+  } else if (addrs.ADDRESS_GROUP_LOCAL >= addrs.ADDRESS_GROUP_PRIVATE) {
+    do_throw("Address group numeric ordering incorrect.");
+  } else if (addrs.ADDRESS_GROUP_PRIVATE >= addrs.ADDRESS_GROUP_PUBLIC) {
+    do_throw("Address group numeric ordering incorrect.");
+  }
+
+  // Note that integer strings such as "0" and "123456" get treated like
+  // ipv4 addresses by the underlying PR_StringToNetAddr call. It also
+  // accepts addresses with less than four octets such as:
+  // "1.2" gets interpreted as 1.0.0.2
+  // "1.2.3" gets interpreted as 1.2.0.3
+  var invalidAddresses = [ "1.2.3.256", "::-1", "::z", "[::1]" ];
+
+  for (i = 0; i < invalidAddresses.length; i++) {
+    try {
+      addrs.determineIPAddressGroup(invalidAddresses[i]);
+      do_throw("Bad address didn't throw an exception: " + invalidAddresses[i]);
+    } catch (e) {
+    }
+  }
+
+  // 127.0.0.0/8
+  // 0.0.0.0/8
+  // 169.254.0.0/16
+  // 255.255.255.255/32
+  var v4local = [ "127.0.0.0", "127.0.0.1", "127.255.255.255", "0.0.0.0",
+      "0.255.255.255", "169.254.0.0", "169.254.255.255", "255.255.255.255" ];
+
+  for (i = 0; i < v4local.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_LOCAL, addrs
+        .determineIPAddressGroup(v4local[i]));
+  }
+
+  // 10.0.0.0/8
+  // 172.16.0.0/12
+  // 192.168.0.0/16
+  var v4private = [ "10.0.0.0", "10.255.255.255", "172.16.0.0",
+      "172.31.255.255", "192.168.0.0", "192.168.255.255" ];
+
+  for (i = 0; i < v4private.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_PRIVATE, addrs
+        .determineIPAddressGroup(v4private[i]));
+  }
+
+  // Includes boundary addresses close to local and private addresses.
+  // 192.0.2.0 is a public address that is part of a block set aside for
+  // documentation and examples. We use it as a public address in mochitests.
+  var v4public = [ "126.255.255.255", "128.0.0.0", "1.0.0.0", "169.255.0.0",
+      "169.253.255.255", "192.0.2.0", "255.255.255.254" ];
+
+  for (i = 0; i < v4public.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_PUBLIC, addrs
+        .determineIPAddressGroup(v4public[i]));
+  }
+
+  // ::1/128 -- host-local
+  // fe80::/10 -- link-local
+  var v6local = [ "::1", "0:0:0:0:0:0:0:1", "fe80::",
+      "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff" ];
+
+  for (i = 0; i < v6local.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_LOCAL, addrs
+        .determineIPAddressGroup(v6local[i]));
+  }
+
+  // fc00::/7 -- local comm
+  var v6private = [ "fc00::", "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" ];
+
+  for (i = 0; i < v6private.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_PRIVATE, addrs
+        .determineIPAddressGroup(v6private[i]));
+  }
+
+  // "::0" is public because we don't consider it private or local.
+  var v6public = [ "::0", "::2", "fe4f:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+      "fec0::", "faff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", "fe00::" ];
+
+  for (i = 0; i < v6public.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_PUBLIC, addrs
+        .determineIPAddressGroup(v6public[i]));
+  }
+
+  // Check the v4-mapped ipv6 addresses.
+  // These can legally be written as "::ffff:127.0.0.1".
+  for (i = 0; i < v4local.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_LOCAL, addrs
+        .determineIPAddressGroup("::ffff:" + v4local[i]));
+  }
+  for (i = 0; i < v4private.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_PRIVATE, addrs
+        .determineIPAddressGroup("::ffff:" + v4private[i]));
+  }
+  for (i = 0; i < v4public.length; i++) {
+    do_check_eq(addrs.ADDRESS_GROUP_PUBLIC, addrs
+        .determineIPAddressGroup("::ffff:" + v4public[i]));
+  }
+
+}