The Tor Browser: dom/tests/mochitest/bugs/test_bug541530.html@97036ab72558 (annotated)

dom/tests/mochitest/bugs/test_bug541530.html@97036ab72558 (annotated)

dom/tests/mochitest/bugs/test_bug541530.html

Tue, 06 Jan 2015 21:39:09 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Tue, 06 Jan 2015 21:39:09 +0100
branch: TOR_BUG_9701
changeset 8: 97036ab72558
permissions: -rw-r--r--

Conditionally force memory storage according to privacy.thirdparty.isolate;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.

 <!DOCTYPE html>
 <html>
 <!--
 https://bugzilla.mozilla.org/show_bug.cgi?id=541530
 -->
 <head>
   <title>Test for Bug 411103</title>
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=541530">Mozilla Bug 541530</a>
 <p id="display"></p>
 <div id="content" style="display: none"></div>
 <pre id="test">
 <script class="testbody" type="text/javascript">
 var orig = window;
 window = {};
 var origLocation = location;
 ok(window === orig, "can't override window");
 ok(window.location === location, "properties are properly aliased");
 ok(document.location === location, "properties are properly aliased");
 var canDefine = false;
 try {
     var foo;
     this.__defineGetter__.call(foo, 'bar', function() {});
     this.__defineSetter__.call(foo, 'bar', function() {});
     canDefine = true;
 } catch (e) {}
 ok(canDefine, "Should have access to __defineGetter__ and __defineSetter__");
 try {
     this.__defineGetter__('window', function() {});
     ok(false, "should not be able to defineGetter(window)");
 } catch (e) {
 }
 try {
     this.__defineGetter__.call(window, 'location', function(){});
     ok(false, "should not be able to defineGetter(window.location)");
 } catch (e) {
 }
 try {
     this.__defineGetter__.call(window.location, 'href', function(){});
     ok(false, "shouldn't be able to override location.href");
 } catch (e) {
     ok(/shadow/.exec(e.message), "Should be caught by the anti-shadow mechanism.");
 }
 // Try deleting the property.
 delete window.location.href;
 ok(typeof window.location.href !== 'undefined',
    "shouldn't be able to delete the inherited property");
 delete Object.getPrototypeOf(window.location).href;
 ok(typeof window.location.href !== 'undefined',
    "shouldn't be able to delete the property off of the prototype");
 try {
     this.__defineGetter__.call(Object.getPrototypeOf(window.location), 'href', function(){});
     ok(false, "shouldn't be able to use the prototype");
 } catch (e) {
 }
 try {
     this.__defineSetter__.call(window.location, 'href', function(){});
     ok(false, "overrode a setter for location.href?");
 } catch (e) {
     ok(/shadow/.exec(e.message), "Should be caught by the anti-shadow mechanism.");
 }
 try {
     this.__defineGetter__.call(document, 'location', function(){});
     ok(false, "shouldn't be able to override document.location");
 } catch (e) {
 }
 ok(window === orig, "can't override window");
 ok(window.location === origLocation, "properties are properly aliased");
 ok(document.location === origLocation, "properties are properly aliased");
 location.href = 'javascript:ok(true, "was able to set location.href through a watchpoint")';
 </script>
 </pre>
 </body>
 </html>

The Tor Browser / annotate

dom/tests/mochitest/bugs/test_bug541530.html@97036ab72558 (annotated)

dom/tests/mochitest/bugs/test_bug541530.html