From dad17dabe374c3dfdad098850ec95cc2c54e989b Mon Sep 17 00:00:00 2001
From: Thomas Espach <tespach@duckduckgo.com>
Date: Tue, 31 Oct 2023 16:32:26 +0000
Subject: [PATCH] Add integration test for address bar spoofing vulnerability
 into NavigationProtectionIntegrationTests.

Dependent on this PR: https://github.com/duckduckgo/privacy-test-pages/pull/169
---
 .../NavigationProtectionIntegrationTests.swift      | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/IntegrationTests/NavigationProtection/NavigationProtectionIntegrationTests.swift b/IntegrationTests/NavigationProtection/NavigationProtectionIntegrationTests.swift
index ebec258e66..5818e23f6f 100644
--- a/IntegrationTests/NavigationProtection/NavigationProtectionIntegrationTests.swift
+++ b/IntegrationTests/NavigationProtection/NavigationProtectionIntegrationTests.swift
@@ -274,6 +274,19 @@ class NavigationProtectionIntegrationTests: XCTestCase {
         }
     }
 
+    @MainActor
+    func testUrlBarSpoofingWithLongLoadingNavigations() async throws {
+        let tab = Tab(content: .none)
+        window = WindowsManager.openNewWindow(with: tab)!
+        let tabViewModel = (window.contentViewController as! MainViewController).browserTabViewController.tabViewModel!
+        let url = URL(string: "https://privacy-test-pages.site/security/spoof-js-page-rewrite-simple.html")!
+        _=try await tab.setUrl(url, userEntered: nil)?.result.get()
+        _=try await tab.webView.evaluateJavaScript("(function() { run(); return true; })()")
+        try await Task.sleep(nanoseconds: UInt64(0.5 * Double(NSEC_PER_SEC)))
+        // Address Bar should not be updated this early
+        XCTAssertNotEqual(tabViewModel.addressBarString, "https://duckduckgo.com:8443/")
+    }
+
 }
 
 private extension Tab {