Bug 1589102 - Part 9: Add a crashtest for navigating remote page to about:blank, r=mattwoodrow

Differential Revision: https://phabricator.services.mozilla.com/D49427
2020-08-05 16:55:05 +00:00 · 2020-08-05 16:55:05 +00:00 · 38439c4928
--- a/docshell/test/navigation/file_tell_opener.html
+++ b/docshell/test/navigation/file_tell_opener.html
@ -0,0 +1,8 @@
+<html>
+  <body onload="bodyLoaded()">Frame 1</body>
+  <script>
+  function bodyLoaded() {
+    opener.postMessage("body-loaded", "*");
+  }
+  </script>
+</html>
--- a/docshell/test/navigation/mochitest.ini
+++ b/docshell/test/navigation/mochitest.ini
@ -32,6 +32,7 @@ support-files =
  navigate.html
  open.html
  parent.html
+  file_tell_opener.html
  file_triggeringprincipal_frame_1.html
  file_triggeringprincipal_frame_2.html
  file_triggeringprincipal_subframe.html
@ -60,6 +61,7 @@ support-files =
  test_bug145971.html
  file_bug1609475.html

+[test_aboutblank_change_process.html]
 [test_bug13871.html]
 [test_bug270414.html]
 [test_bug278916.html]
--- a/docshell/test/navigation/test_aboutblank_change_process.html
+++ b/docshell/test/navigation/test_aboutblank_change_process.html
@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<head>
+  <meta charset="utf-8">
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" href="/tests/SimpleTest/test.css" />
+</head>
+<script>
+// Open a window and navigate it from http://example.net to about:blank
+// With fission, we should switch processes and about:blank should load in
+// the same process as this test page.
+// This is a crash test.
+add_task(async function test_aboutblank_change_process() {
+  let exampleLoaded = new Promise(resolve => {
+    function onMessage(event) {
+      if (event.data == "body-loaded") {
+        window.removeEventListener("message", onMessage);
+        resolve();
+      }
+    }
+    window.addEventListener("message", onMessage);
+  });
+  let win = window.open();
+  win.location = "http://example.net/tests/docshell/test/navigation/file_tell_opener.html";
+  await exampleLoaded;
+
+  win.location = "about:blank";
+
+  // A crash happens somewhere here when about:blank does not go via
+  // DocumentChannel with fission enabled
+
+  // Wait for about:blank to load in this process
+  await SimpleTest.promiseWaitForCondition(() => {
+    try {
+      return win.location.href == "about:blank";
+    } catch (e) {
+      // While the `win` still has example.net page loaded, `win.location` will
+      // be a cross origin object and querying win.location.href will throw a
+      // SecurityError. Return false as long as this is the case.
+      return false;
+    }
+  })
+
+  ok(true, "We did not crash");
+  win.close();
+});
+</script>