Skip to content

Commit

Permalink
Add integration test for address bar spoofing vulnerability into Navi…
Browse files Browse the repository at this point in the history 
…gationProtectionIntegrationTests.

Dependent on this PR: duckduckgo/privacy-test-pages#169
  • Loading branch information
@not-a-rootkit
not-a-rootkit committed Oct 31, 2023
1 parent f6b6876 commit dad17da
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions IntegrationTests/NavigationProtection/NavigationProtectionIntegrationTests.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,19 @@ class NavigationProtectionIntegrationTests: XCTestCase {
}
}

@MainActor
func testUrlBarSpoofingWithLongLoadingNavigations() async throws {
let tab = Tab(content: .none)
window = WindowsManager.openNewWindow(with: tab)!
let tabViewModel = (window.contentViewController as! MainViewController).browserTabViewController.tabViewModel!
let url = URL(string: "https://privacy-test-pages.site/security/spoof-js-page-rewrite-simple.html")!
_=try await tab.setUrl(url, userEntered: nil)?.result.get()
_=try await tab.webView.evaluateJavaScript("(function() { run(); return true; })()")
try await Task.sleep(nanoseconds: UInt64(0.5 * Double(NSEC_PER_SEC)))
// Address Bar should not be updated this early
XCTAssertNotEqual(tabViewModel.addressBarString, "https://duckduckgo.com:8443/")
}

}

private extension Tab {
Expand Down

0 comments on commit dad17da

Please sign in to comment.