DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (b6d82b1a6b02)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=423375
-->
<head>
  <title>Test for Bug 423375</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>        
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=423375">Mozilla Bug 423375</a>
<p id="display"></p>
<div id="content" style="display: none">
<iframe id="load-frame"></iframe>  
</div>
<pre id="test">
<script class="testbody" type="text/javascript">

/**
 ** Test for Bug 423375
 ** (content shouldn't be able to load chrome: or resource:)
 **/
function tryLoad(url) {
    try {
        window.frames[0].location = url;
        return "loaded";
    } catch (e) {
        if (/Access.*denied/.test(String(e))) {
          return "denied";
        }
        return "unexpected: " + e;
    }
}

is(tryLoad("chrome://global/content/mozilla.xhtml"), "denied",
   "content should have been prevented from loading chrome: URL");
is(tryLoad("resource://gre-resources/html.css"), "denied",
   "content should have been prevented from loading resource: URL");
</script>
</pre>
</body>
</html>