The Tor Browser / file comparison
comparison: js/xpconnect/tests/unit/test_components.js
js/xpconnect/tests/unit/test_components.js
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
equal
deleted
inserted
replaced
| -1:000000000000 | 0:66eab5db798a |
|---|---|
| 1 const Cu = Components.utils; | |
| 2 | |
| 3 function run_test() { | |
| 4 var sb1 = Cu.Sandbox("http://www.blah.com"); | |
| 5 var sb2 = Cu.Sandbox("http://www.blah.com"); | |
| 6 var sb3 = Cu.Sandbox(this); | |
| 7 var sb4 = Cu.Sandbox("http://www.other.com"); | |
| 8 var rv; | |
| 9 | |
| 10 // Components is normally hidden from content on the XBL scope chain, but we | |
| 11 // expose it to content here to make sure that the security wrappers work | |
| 12 // regardless. | |
| 13 [sb1, sb2, sb4].forEach(function(x) { x.Components = Cu.getComponentsForScope(x); }); | |
| 14 | |
| 15 // non-chrome accessing chrome Components | |
| 16 sb1.C = Components; | |
| 17 checkThrows("C.utils", sb1); | |
| 18 checkThrows("C.classes", sb1); | |
| 19 | |
| 20 // non-chrome accessing own Components | |
| 21 do_check_eq(Cu.evalInSandbox("typeof Components.interfaces", sb1), 'object'); | |
| 22 do_check_eq(Cu.evalInSandbox("typeof Components.utils", sb1), 'undefined'); | |
| 23 do_check_eq(Cu.evalInSandbox("typeof Components.classes", sb1), 'undefined'); | |
| 24 | |
| 25 // Make sure an unprivileged Components is benign. | |
| 26 var C2 = Cu.evalInSandbox("Components", sb2); | |
| 27 var whitelist = ['interfaces', 'interfacesByID', 'results', 'isSuccessCode', 'QueryInterface']; | |
| 28 for (var prop in Components) { | |
| 29 do_print("Checking " + prop); | |
| 30 do_check_eq((prop in C2), whitelist.indexOf(prop) != -1); | |
| 31 } | |
| 32 | |
| 33 // non-chrome same origin | |
| 34 sb1.C2 = C2; | |
| 35 do_check_eq(Cu.evalInSandbox("typeof C2.interfaces", sb1), 'object'); | |
| 36 do_check_eq(Cu.evalInSandbox("typeof C2.utils", sb1), 'undefined'); | |
| 37 do_check_eq(Cu.evalInSandbox("typeof C2.classes", sb1), 'undefined'); | |
| 38 | |
| 39 // chrome accessing chrome | |
| 40 sb3.C = Components; | |
| 41 rv = Cu.evalInSandbox("C.utils", sb3); | |
| 42 do_check_eq(rv, Cu); | |
| 43 | |
| 44 // non-chrome cross origin | |
| 45 sb4.C2 = C2; | |
| 46 checkThrows("C2.interfaces", sb4); | |
| 47 checkThrows("C2.utils", sb4); | |
| 48 checkThrows("C2.classes", sb4); | |
| 49 } | |
| 50 | |
| 51 function checkThrows(expression, sb) { | |
| 52 var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb); | |
| 53 do_check_true(!!/denied/.exec(result)); | |
| 54 } |
