js/xpconnect/tests/unit/test_components.js@129ffea94266 (annotated)
js/xpconnect/tests/unit/test_components.js
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
| michael@0 | 1 | const Cu = Components.utils; |
| michael@0 | 2 | |
| michael@0 | 3 | function run_test() { |
| michael@0 | 4 | var sb1 = Cu.Sandbox("http://www.blah.com"); |
| michael@0 | 5 | var sb2 = Cu.Sandbox("http://www.blah.com"); |
| michael@0 | 6 | var sb3 = Cu.Sandbox(this); |
| michael@0 | 7 | var sb4 = Cu.Sandbox("http://www.other.com"); |
| michael@0 | 8 | var rv; |
| michael@0 | 9 | |
| michael@0 | 10 | // Components is normally hidden from content on the XBL scope chain, but we |
| michael@0 | 11 | // expose it to content here to make sure that the security wrappers work |
| michael@0 | 12 | // regardless. |
| michael@0 | 13 | [sb1, sb2, sb4].forEach(function(x) { x.Components = Cu.getComponentsForScope(x); }); |
| michael@0 | 14 | |
| michael@0 | 15 | // non-chrome accessing chrome Components |
| michael@0 | 16 | sb1.C = Components; |
| michael@0 | 17 | checkThrows("C.utils", sb1); |
| michael@0 | 18 | checkThrows("C.classes", sb1); |
| michael@0 | 19 | |
| michael@0 | 20 | // non-chrome accessing own Components |
| michael@0 | 21 | do_check_eq(Cu.evalInSandbox("typeof Components.interfaces", sb1), 'object'); |
| michael@0 | 22 | do_check_eq(Cu.evalInSandbox("typeof Components.utils", sb1), 'undefined'); |
| michael@0 | 23 | do_check_eq(Cu.evalInSandbox("typeof Components.classes", sb1), 'undefined'); |
| michael@0 | 24 | |
| michael@0 | 25 | // Make sure an unprivileged Components is benign. |
| michael@0 | 26 | var C2 = Cu.evalInSandbox("Components", sb2); |
| michael@0 | 27 | var whitelist = ['interfaces', 'interfacesByID', 'results', 'isSuccessCode', 'QueryInterface']; |
| michael@0 | 28 | for (var prop in Components) { |
| michael@0 | 29 | do_print("Checking " + prop); |
| michael@0 | 30 | do_check_eq((prop in C2), whitelist.indexOf(prop) != -1); |
| michael@0 | 31 | } |
| michael@0 | 32 | |
| michael@0 | 33 | // non-chrome same origin |
| michael@0 | 34 | sb1.C2 = C2; |
| michael@0 | 35 | do_check_eq(Cu.evalInSandbox("typeof C2.interfaces", sb1), 'object'); |
| michael@0 | 36 | do_check_eq(Cu.evalInSandbox("typeof C2.utils", sb1), 'undefined'); |
| michael@0 | 37 | do_check_eq(Cu.evalInSandbox("typeof C2.classes", sb1), 'undefined'); |
| michael@0 | 38 | |
| michael@0 | 39 | // chrome accessing chrome |
| michael@0 | 40 | sb3.C = Components; |
| michael@0 | 41 | rv = Cu.evalInSandbox("C.utils", sb3); |
| michael@0 | 42 | do_check_eq(rv, Cu); |
| michael@0 | 43 | |
| michael@0 | 44 | // non-chrome cross origin |
| michael@0 | 45 | sb4.C2 = C2; |
| michael@0 | 46 | checkThrows("C2.interfaces", sb4); |
| michael@0 | 47 | checkThrows("C2.utils", sb4); |
| michael@0 | 48 | checkThrows("C2.classes", sb4); |
| michael@0 | 49 | } |
| michael@0 | 50 | |
| michael@0 | 51 | function checkThrows(expression, sb) { |
| michael@0 | 52 | var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb); |
| michael@0 | 53 | do_check_true(!!/denied/.exec(result)); |
| michael@0 | 54 | } |
