The Tor Browser / file diff

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/caps/tests/mochitest/test_disallowInheritPrincipal.html	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,60 @@
     1.4 +<!DOCTYPE HTML>
     1.5 +<html>
     1.6 +<!--
     1.7 +https://bugzilla.mozilla.org/show_bug.cgi?id=732413
     1.8 +-->
     1.9 +<head>
    1.10 +  <title>Test for Bug 732413</title>
    1.11 +  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
    1.12 +  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
    1.13 +</head>
    1.14 +<body>
    1.15 +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=732413">Mozilla Bug 732413</a>
    1.16 +<p id="display"></p>
    1.17 +<div id="content" style="display: none">
    1.18 +
    1.19 +</div>
    1.20 +<pre id="test">
    1.21 +<script type="application/javascript">
    1.22 +
    1.23 +/** Test for Bug 732413
    1.24 +    Passing DISALLOW_INHERIT_PRINCIPAL flag should be effective even if
    1.25 +    aPrincipal is the system principal.
    1.26 + **/
    1.27 +
    1.28 +const nsIScriptSecurityManager = SpecialPowers.Ci.nsIScriptSecurityManager;
    1.29 +var secMan = SpecialPowers.Cc["@mozilla.org/scriptsecuritymanager;1"]
    1.30 +                       .getService(nsIScriptSecurityManager);
    1.31 +var sysPrincipal = secMan.getSystemPrincipal();
    1.32 +isnot(sysPrincipal, undefined, "Should have a principal");
    1.33 +isnot(sysPrincipal, null, "Should have a non-null principal");
    1.34 +is(secMan.isSystemPrincipal(sysPrincipal), true,
    1.35 +   "Should have system principal here");
    1.36 +
    1.37 +
    1.38 +var ioService = SpecialPowers.Cc["@mozilla.org/network/io-service;1"].
    1.39 +                getService(SpecialPowers.Ci.nsIIOService);
    1.40 +var inheritingURI = ioService.newURI("javascript:1+1", null, null);
    1.41 +
    1.42 +// First try a normal call to checkLoadURIWithPrincipal
    1.43 +try {
    1.44 +  secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI,
    1.45 +                                   nsIScriptSecurityManager.STANDARD);
    1.46 +  ok(true, "checkLoadURI allowed the load");
    1.47 +} catch (e) {
    1.48 +  ok(false, "checkLoadURI failed unexpectedly: " + e);
    1.49 +}
    1.50 +
    1.51 +// Now call checkLoadURIWithPrincipal with DISALLOW_INHERIT_PRINCIPAL
    1.52 +try {
    1.53 +  secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI,
    1.54 +                                   nsIScriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
    1.55 +  ok(false, "checkLoadURI allowed the load unexpectedly");
    1.56 +} catch (e) {
    1.57 +  ok(true, "checkLoadURI prevented load of principal-inheriting URI");
    1.58 +}
    1.59 +
    1.60 +</script>
    1.61 +</pre>
    1.62 +</body>
    1.63 +</html>