gecko-dev/dom/browser-element/mochitest/browserElement_XFrameOptionsDeny.js

/* Any copyright is dedicated to the public domain.
   http://creativecommons.org/publicdomain/zero/1.0/ */

// Bug 770239 - Test that X-Frame-Options will correctly block a page inside a
// subframe of <iframe mozbrowser>.
"use strict";

SimpleTest.waitForExplicitFinish();
browserElementTestHelpers.setEnabledPref(true);
browserElementTestHelpers.addPermission();

var initialScreenshotArrayBuffer;

function arrayBuffersEqual(a, b) {
  var x = new Int8Array(a);
  var y = new Int8Array(b);
  if (x.length != y.length) {
    return false;
  }

  for (var i = 0; i < x.length; i++) {
    if (x[i] != y[i]) {
      return false;
    }
  }

  return true;
}

function runTest() {
  var iframe = document.createElement('iframe');
  iframe.setAttribute('mozbrowser', 'true');

  // Our child will create two iframes, so make sure this iframe is big enough
  // to show both of them without scrolling, so taking a screenshot gets both
  // frames.
  iframe.height = '1000px';

  var step1, stepfinish;
  iframe.addEventListener('mozbrowsershowmodalprompt', function(e) {
    switch (e.detail.message) {
    case 'step 1':
      step1 = SpecialPowers.snapshotWindow(iframe.contentWindow);
      break;
    case 'step 2':
      // The page has now attempted to load the X-Frame-Options page; take
      // another screenshot.
      stepfinish = SpecialPowers.snapshotWindow(iframe.contentWindow);
      ok(step1.toDataURL() == stepfinish.toDataURL(), "Screenshots should be identical");
      SimpleTest.finish();
      break;
    }
  });

  document.body.appendChild(iframe);

  // Load this page from a different origin than ourselves.  This page will, in
  // turn, load a child from mochi.test:8888, our origin, with X-Frame-Options:
  // SAMEORIGIN.  That load should be denied.
  iframe.src = 'http://example.com/tests/dom/browser-element/mochitest/file_browserElement_XFrameOptionsDeny.html';
}

addEventListener('testready', runTest);