The Tor Browser / file comparison

comparison: content/base/test/csp/file_CSP_evalscript_main_allowed.js

content/base/test/csp/file_CSP_evalscript_main_allowed.js

branch
TOR_BUG_9701
changeset 15
b8a032363ba2
equal deleted inserted replaced
-1:000000000000 0:80e3fb968e90
1 // some javascript for the CSP eval() tests
2 // all of these evals should succeed, as the document loading this script
3 // has script-src 'self' 'unsafe-eval'
4
5 function logResult(str, passed) {
6 var elt = document.createElement('div');
7 var color = passed ? "#cfc;" : "#fcc";
8 elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
9 elt.innerHTML = str;
10 document.body.appendChild(elt);
11 }
12
13 // callback for when stuff is allowed by CSP
14 var onevalexecuted = (function(window) {
15 return function(shouldrun, what, data) {
16 window.parent.scriptRan(shouldrun, what, data);
17 logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
18 };})(window);
19
20 // callback for when stuff is blocked
21 var onevalblocked = (function(window) {
22 return function(shouldrun, what, data) {
23 window.parent.scriptBlocked(shouldrun, what, data);
24 logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
25 };})(window);
26
27
28 // Defer until document is loaded so that we can write the pretty result boxes
29 // out.
30 addEventListener('load', function() {
31 // setTimeout(String) test -- should pass
32 try {
33 setTimeout('onevalexecuted(true, "setTimeout(String)", "setTimeout with a string was enabled.");', 10);
34 } catch (e) {
35 onevalblocked(true, "setTimeout(String)",
36 "setTimeout with a string was blocked");
37 }
38
39 // setTimeout(function) test -- should pass
40 try {
41 setTimeout(function() {
42 onevalexecuted(true, "setTimeout(function)",
43 "setTimeout with a function was enabled.")
44 }, 10);
45 } catch (e) {
46 onevalblocked(true, "setTimeout(function)",
47 "setTimeout with a function was blocked");
48 }
49
50 // eval() test
51 try {
52 eval('onevalexecuted(true, "eval(String)", "eval() was enabled.");');
53 } catch (e) {
54 onevalblocked(true, "eval(String)",
55 "eval() was blocked");
56 }
57
58 // eval(foo,bar) test
59 try {
60 eval('onevalexecuted(true, "eval(String,scope)", "eval() was enabled.");',1);
61 } catch (e) {
62 onevalblocked(true, "eval(String,object)",
63 "eval() with scope was blocked");
64 }
65
66 // [foo,bar].sort(eval) test
67 try {
68 ['onevalexecuted(true, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval);
69 } catch (e) {
70 onevalblocked(true, "[String, obj].sort(eval)",
71 "eval() with scope via sort was blocked");
72 }
73
74 // [].sort.call([foo,bar], eval) test
75 try {
76 [].sort.call(['onevalexecuted(true, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval);
77 } catch (e) {
78 onevalblocked(true, "[].sort.call([String, obj], eval)",
79 "eval() with scope via sort/call was blocked");
80 }
81
82 // new Function() test
83 try {
84 var fcn = new Function('onevalexecuted(true, "new Function(String)", "new Function(String) was enabled.");');
85 fcn();
86 } catch (e) {
87 onevalblocked(true, "new Function(String)",
88 "new Function(String) was blocked.");
89 }
90
91 function checkResult() {
92 //alert(bar);
93 if (bar) {
94 onevalexecuted(true, "setTimeout(eval, 0, str)",
95 "setTimeout(eval, 0, string) was enabled.");
96 } else {
97 onevalblocked(true, "setTimeout(eval, 0, str)",
98 "setTimeout(eval, 0, str) was blocked.");
99 }
100 }
101
102 var bar = false;
103
104 function foo() {
105 bar = true;
106 }
107
108 window.foo = foo;
109
110 // setTimeout(eval, 0, str)
111
112 // error is not catchable here
113
114 setTimeout(eval, 0, 'window.foo();');
115
116 setTimeout(checkResult.bind(this), 0);
117
118 }, false);
119
120
121

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial