The Tor Browser / file comparison
comparison: content/base/test/csp/file_CSP_evalscript_main.js
content/base/test/csp/file_CSP_evalscript_main.js
- branch
- TOR_BUG_9701
- changeset 11
- deefc01c0e14
equal
deleted
inserted
replaced
| -1:000000000000 | 0:95c17ed823e6 |
|---|---|
| 1 // some javascript for the CSP eval() tests | |
| 2 | |
| 3 function logResult(str, passed) { | |
| 4 var elt = document.createElement('div'); | |
| 5 var color = passed ? "#cfc;" : "#fcc"; | |
| 6 elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;'); | |
| 7 elt.innerHTML = str; | |
| 8 document.body.appendChild(elt); | |
| 9 } | |
| 10 | |
| 11 window._testResults = {}; | |
| 12 | |
| 13 // callback for when stuff is allowed by CSP | |
| 14 var onevalexecuted = (function(window) { | |
| 15 return function(shouldrun, what, data) { | |
| 16 window._testResults[what] = "ran"; | |
| 17 window.parent.scriptRan(shouldrun, what, data); | |
| 18 logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun); | |
| 19 };})(window); | |
| 20 | |
| 21 // callback for when stuff is blocked | |
| 22 var onevalblocked = (function(window) { | |
| 23 return function(shouldrun, what, data) { | |
| 24 window._testResults[what] = "blocked"; | |
| 25 window.parent.scriptBlocked(shouldrun, what, data); | |
| 26 logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun); | |
| 27 };})(window); | |
| 28 | |
| 29 | |
| 30 // Defer until document is loaded so that we can write the pretty result boxes | |
| 31 // out. | |
| 32 addEventListener('load', function() { | |
| 33 // setTimeout(String) test -- mutate something in the window._testResults | |
| 34 // obj, then check it. | |
| 35 { | |
| 36 var str_setTimeoutWithStringRan = 'onevalexecuted(false, "setTimeout(String)", "setTimeout with a string was enabled.");'; | |
| 37 function fcn_setTimeoutWithStringCheck() { | |
| 38 if (this._testResults["setTimeout(String)"] !== "ran") { | |
| 39 onevalblocked(false, "setTimeout(String)", | |
| 40 "setTimeout with a string was blocked"); | |
| 41 } | |
| 42 } | |
| 43 setTimeout(fcn_setTimeoutWithStringCheck.bind(window), 10); | |
| 44 setTimeout(str_setTimeoutWithStringRan, 10); | |
| 45 } | |
| 46 | |
| 47 // setTimeout(function) test -- mutate something in the window._testResults | |
| 48 // obj, then check it. | |
| 49 { | |
| 50 function fcn_setTimeoutWithFunctionRan() { | |
| 51 onevalexecuted(true, "setTimeout(function)", | |
| 52 "setTimeout with a function was enabled.") | |
| 53 } | |
| 54 function fcn_setTimeoutWithFunctionCheck() { | |
| 55 if (this._testResults["setTimeout(function)"] !== "ran") { | |
| 56 onevalblocked(true, "setTimeout(function)", | |
| 57 "setTimeout with a function was blocked"); | |
| 58 } | |
| 59 } | |
| 60 setTimeout(fcn_setTimeoutWithFunctionRan.bind(window), 10); | |
| 61 setTimeout(fcn_setTimeoutWithFunctionCheck.bind(window), 10); | |
| 62 } | |
| 63 | |
| 64 // eval() test -- should throw exception as per spec | |
| 65 try { | |
| 66 eval('onevalexecuted(false, "eval(String)", "eval() was enabled.");'); | |
| 67 } catch (e) { | |
| 68 onevalblocked(false, "eval(String)", | |
| 69 "eval() was blocked"); | |
| 70 } | |
| 71 | |
| 72 // eval(foo,bar) test -- should throw exception as per spec | |
| 73 try { | |
| 74 eval('onevalexecuted(false, "eval(String,scope)", "eval() was enabled.");',1); | |
| 75 } catch (e) { | |
| 76 onevalblocked(false, "eval(String,object)", | |
| 77 "eval() with scope was blocked"); | |
| 78 } | |
| 79 | |
| 80 // [foo,bar].sort(eval) test -- should throw exception as per spec | |
| 81 try { | |
| 82 ['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval); | |
| 83 } catch (e) { | |
| 84 onevalblocked(false, "[String, obj].sort(eval)", | |
| 85 "eval() with scope via sort was blocked"); | |
| 86 } | |
| 87 | |
| 88 // [].sort.call([foo,bar], eval) test -- should throw exception as per spec | |
| 89 try { | |
| 90 [].sort.call(['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval); | |
| 91 } catch (e) { | |
| 92 onevalblocked(false, "[].sort.call([String, obj], eval)", | |
| 93 "eval() with scope via sort/call was blocked"); | |
| 94 } | |
| 95 | |
| 96 // new Function() test -- should throw exception as per spec | |
| 97 try { | |
| 98 var fcn = new Function('onevalexecuted(false, "new Function(String)", "new Function(String) was enabled.");'); | |
| 99 fcn(); | |
| 100 } catch (e) { | |
| 101 onevalblocked(false, "new Function(String)", | |
| 102 "new Function(String) was blocked."); | |
| 103 } | |
| 104 | |
| 105 // setTimeout(eval, 0, str) | |
| 106 { | |
| 107 // error is not catchable here, instead, we're going to side-effect | |
| 108 // 'worked'. | |
| 109 var worked = false; | |
| 110 | |
| 111 setTimeout(eval, 0, 'worked = true'); | |
| 112 setTimeout(function(worked) { | |
| 113 if (worked) { | |
| 114 onevalexecuted(false, "setTimeout(eval, 0, str)", | |
| 115 "setTimeout(eval, 0, string) was enabled."); | |
| 116 } else { | |
| 117 onevalblocked(false, "setTimeout(eval, 0, str)", | |
| 118 "setTimeout(eval, 0, str) was blocked."); | |
| 119 } | |
| 120 }, 0, worked); | |
| 121 } | |
| 122 | |
| 123 }, false); | |
| 124 | |
| 125 | |
| 126 |
