Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test runs only with pattern: os != 'android'
- Manifest: browser/components/tests/unit/xpcshell.toml
/* Any copyright is dedicated to the Public Domain.
const TOPIC_BROWSERGLUE_TEST = "browser-glue-test";
const TOPICDATA_BROWSERGLUE_TEST = "force-ui-migration";
const UI_VERSION = 173;
const gBrowserGlue = Cc["@mozilla.org/browser/browserglue;1"].getService(
Ci.nsIObserver
);
function makePrincipal(origin) {
return Services.scriptSecurityManager.createContentPrincipalFromOrigin(
origin
);
}
// Test that ABA permissions (same-site origin and type suffix) are removed,
// while legitimate cross-site 3rdPartyFrameStorage permissions are preserved.
add_task(async function test_removeABAPerms() {
registerCleanupFunction(() => {
Services.prefs.clearUserPref("browser.migration.version");
Services.perms.removeAll();
});
Services.perms.removeAll();
Services.prefs.setIntPref("browser.migration.version", UI_VERSION);
let pm = Services.perms;
// ABA permission: origin site matches the type suffix site.
pm.addFromPrincipal(
pm.ALLOW_ACTION
);
// Another ABA permission for a different site.
pm.addFromPrincipal(
pm.ALLOW_ACTION
);
// Legitimate cross-site permission: origin site does NOT match type suffix.
pm.addFromPrincipal(
pm.ALLOW_ACTION
);
Assert.equal(
pm.getAllWithTypePrefix("3rdPartyFrameStorage^").length,
3,
"Three permissions added"
);
gBrowserGlue.observe(
null,
TOPIC_BROWSERGLUE_TEST,
TOPICDATA_BROWSERGLUE_TEST
);
let remaining = pm.getAllWithTypePrefix("3rdPartyFrameStorage^");
Assert.equal(remaining.length, 1, "Only the cross-site permission remains");
Assert.equal(
remaining[0].type,
"The surviving permission is the cross-site one"
);
});