Bug 1267720 - Ensure that .open() on web content called with chrome privileges results in a new window with the appropriate principal. r?anybody draft
authorMike Conley <mconley@mozilla.com>
Mon, 02 May 2016 17:36:12 -0400
changeset 363501 e0881decc28e595b2da113815eb02648fa512ef6
parent 363500 327e8462a2d11e6f287cd570ef2bccbee2f80dbd
child 363502 44a8f6c23e25c1c49249408af61e4bd2bd88074e
push id17222
push usermconley@mozilla.com
push dateWed, 04 May 2016 21:02:55 +0000
reviewersanybody
bugs1267720
milestone49.0a1
Bug 1267720 - Ensure that .open() on web content called with chrome privileges results in a new window with the appropriate principal. r?anybody MozReview-Commit-ID: IG9ioQLTI78
embedding/components/windowwatcher/test/browser.ini
embedding/components/windowwatcher/test/browser_new_content_window_from_chrome_principal.js
--- a/embedding/components/windowwatcher/test/browser.ini
+++ b/embedding/components/windowwatcher/test/browser.ini
@@ -1,9 +1,10 @@
 [DEFAULT]
 support-files =
   head.js
 tags = openwindow
 
 [browser_new_content_window_chromeflags.js]
 [browser_new_remote_window_flags.js]
 run-if = e10s
+[browser_new_content_window_from_chrome_principal.js]
 [browser_new_sized_window.js]
new file mode 100644
--- /dev/null
+++ b/embedding/components/windowwatcher/test/browser_new_content_window_from_chrome_principal.js
@@ -0,0 +1,39 @@
+"use strict";
+
+// This magic value of 2 means that by default, when content tries
+// to open a new window, it'll actually open in a new window instead
+// of a new tab.
+Services.prefs.setIntPref("browser.link.open_newwindow", 2);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("browser.link.open_newwindow");
+});
+
+/**
+ * Tests that if chrome-privileged code calls .open() on an
+ * unprivileged window, that the principal in the newly
+ * opened window is appropriately set.
+ */
+add_task(function* test_chrome_opens_window() {
+  let newWinPromise = BrowserTestUtils.waitForNewWindow();
+
+  yield ContentTask.spawn(gBrowser.selectedBrowser, null, function*() {
+    content.open("http://example.com", "_blank");
+  });
+
+  let win = yield newWinPromise;
+  let browser = win.gBrowser.selectedBrowser;
+  yield BrowserTestUtils.browserLoaded(browser);
+
+  yield ContentTask.spawn(browser, null, function*() {
+    Assert.equal(content.document.nodePrincipal.origin,
+                 "http://example.com",
+                 "Should have the example.com principal");
+    Assert.ok(docShell instanceof Ci.nsIDocShellLoadInfo,
+              "The docShell should give us a load info");
+    Assert.equal(docShell.owner.origin,
+                 "http://example.com",
+                 "The owner should be the same as the document principal");
+  });
+
+  yield BrowserTestUtils.closeWindow(win);
+});
\ No newline at end of file