The Tor Browser: comparison js/xpconnect/tests/chrome/test

--1:000000000000
+:72f01c001cad
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
+<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=792280
+-->
+<window title="Mozilla Bug 792280"
+xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+<!-- test results are displayed in the html:body -->
+<body xmlns="http://www.w3.org/1999/xhtml">
+<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=792280"
+target="_blank">Mozilla Bug 792280</a>
+</body>
+<!-- test code goes here -->
+<script type="application/javascript">
+<![CDATA[
+/** Test for Bug 792280 **/
+const Cu = Components.utils;
+function checkSb(sb, expect) {
+var target = new Cu.Sandbox('http://www.example.com');
+Cu.evalInSandbox('function fun() { return arguments.callee.caller; };', target);
+sb.fun = target.fun;
+let allowed = false;
+try {
+allowed = Cu.evalInSandbox('function doTest() { return fun() == doTest; }; doTest()', sb);
+isnot(expect, "throw", "Should have thrown");
+} catch (e) {
+is(expect, "throw", "Should expect exception");
+ok(/denied|insecure/.test(e), "Should be a security exception: " + e);
+}
+is(allowed, expect == "allow", "should censor appropriately");
+}
+// Note that COWs are callable, but XOWs are not.
+checkSb(new Cu.Sandbox('http://www.example.com'), "allow");
+checkSb(new Cu.Sandbox('http://www.example.org'), "throw");
+checkSb(new Cu.Sandbox(window), "censor");
+]]>
+</script>
+</window>

The Tor Browser / file comparison

comparison: js/xpconnect/tests/chrome/test_bug792280.xul

js/xpconnect/tests/chrome/test_bug792280.xul