The Tor Browser / annotate

content/base/test/csp/file_CSP_evalscript_main_allowed.js@b8a032363ba2 (annotated)

content/base/test/csp/file_CSP_evalscript_main_allowed.js

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 // some javascript for the CSP eval() tests
michael@0 2 // all of these evals should succeed, as the document loading this script
michael@0 3 // has script-src 'self' 'unsafe-eval'
michael@0 4
michael@0 5 function logResult(str, passed) {
michael@0 6 var elt = document.createElement('div');
michael@0 7 var color = passed ? "#cfc;" : "#fcc";
michael@0 8 elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
michael@0 9 elt.innerHTML = str;
michael@0 10 document.body.appendChild(elt);
michael@0 11 }
michael@0 12
michael@0 13 // callback for when stuff is allowed by CSP
michael@0 14 var onevalexecuted = (function(window) {
michael@0 15 return function(shouldrun, what, data) {
michael@0 16 window.parent.scriptRan(shouldrun, what, data);
michael@0 17 logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
michael@0 18 };})(window);
michael@0 19
michael@0 20 // callback for when stuff is blocked
michael@0 21 var onevalblocked = (function(window) {
michael@0 22 return function(shouldrun, what, data) {
michael@0 23 window.parent.scriptBlocked(shouldrun, what, data);
michael@0 24 logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
michael@0 25 };})(window);
michael@0 26
michael@0 27
michael@0 28 // Defer until document is loaded so that we can write the pretty result boxes
michael@0 29 // out.
michael@0 30 addEventListener('load', function() {
michael@0 31 // setTimeout(String) test -- should pass
michael@0 32 try {
michael@0 33 setTimeout('onevalexecuted(true, "setTimeout(String)", "setTimeout with a string was enabled.");', 10);
michael@0 34 } catch (e) {
michael@0 35 onevalblocked(true, "setTimeout(String)",
michael@0 36 "setTimeout with a string was blocked");
michael@0 37 }
michael@0 38
michael@0 39 // setTimeout(function) test -- should pass
michael@0 40 try {
michael@0 41 setTimeout(function() {
michael@0 42 onevalexecuted(true, "setTimeout(function)",
michael@0 43 "setTimeout with a function was enabled.")
michael@0 44 }, 10);
michael@0 45 } catch (e) {
michael@0 46 onevalblocked(true, "setTimeout(function)",
michael@0 47 "setTimeout with a function was blocked");
michael@0 48 }
michael@0 49
michael@0 50 // eval() test
michael@0 51 try {
michael@0 52 eval('onevalexecuted(true, "eval(String)", "eval() was enabled.");');
michael@0 53 } catch (e) {
michael@0 54 onevalblocked(true, "eval(String)",
michael@0 55 "eval() was blocked");
michael@0 56 }
michael@0 57
michael@0 58 // eval(foo,bar) test
michael@0 59 try {
michael@0 60 eval('onevalexecuted(true, "eval(String,scope)", "eval() was enabled.");',1);
michael@0 61 } catch (e) {
michael@0 62 onevalblocked(true, "eval(String,object)",
michael@0 63 "eval() with scope was blocked");
michael@0 64 }
michael@0 65
michael@0 66 // [foo,bar].sort(eval) test
michael@0 67 try {
michael@0 68 ['onevalexecuted(true, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval);
michael@0 69 } catch (e) {
michael@0 70 onevalblocked(true, "[String, obj].sort(eval)",
michael@0 71 "eval() with scope via sort was blocked");
michael@0 72 }
michael@0 73
michael@0 74 // [].sort.call([foo,bar], eval) test
michael@0 75 try {
michael@0 76 [].sort.call(['onevalexecuted(true, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval);
michael@0 77 } catch (e) {
michael@0 78 onevalblocked(true, "[].sort.call([String, obj], eval)",
michael@0 79 "eval() with scope via sort/call was blocked");
michael@0 80 }
michael@0 81
michael@0 82 // new Function() test
michael@0 83 try {
michael@0 84 var fcn = new Function('onevalexecuted(true, "new Function(String)", "new Function(String) was enabled.");');
michael@0 85 fcn();
michael@0 86 } catch (e) {
michael@0 87 onevalblocked(true, "new Function(String)",
michael@0 88 "new Function(String) was blocked.");
michael@0 89 }
michael@0 90
michael@0 91 function checkResult() {
michael@0 92 //alert(bar);
michael@0 93 if (bar) {
michael@0 94 onevalexecuted(true, "setTimeout(eval, 0, str)",
michael@0 95 "setTimeout(eval, 0, string) was enabled.");
michael@0 96 } else {
michael@0 97 onevalblocked(true, "setTimeout(eval, 0, str)",
michael@0 98 "setTimeout(eval, 0, str) was blocked.");
michael@0 99 }
michael@0 100 }
michael@0 101
michael@0 102 var bar = false;
michael@0 103
michael@0 104 function foo() {
michael@0 105 bar = true;
michael@0 106 }
michael@0 107
michael@0 108 window.foo = foo;
michael@0 109
michael@0 110 // setTimeout(eval, 0, str)
michael@0 111
michael@0 112 // error is not catchable here
michael@0 113
michael@0 114 setTimeout(eval, 0, 'window.foo();');
michael@0 115
michael@0 116 setTimeout(checkResult.bind(this), 0);
michael@0 117
michael@0 118 }, false);
michael@0 119
michael@0 120
michael@0 121

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial