1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/file_CSP_evalscript_main.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,126 @@
1.4 +// some javascript for the CSP eval() tests
1.5 +
1.6 +function logResult(str, passed) {
1.7 + var elt = document.createElement('div');
1.8 + var color = passed ? "#cfc;" : "#fcc";
1.9 + elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
1.10 + elt.innerHTML = str;
1.11 + document.body.appendChild(elt);
1.12 +}
1.13 +
1.14 +window._testResults = {};
1.15 +
1.16 +// callback for when stuff is allowed by CSP
1.17 +var onevalexecuted = (function(window) {
1.18 + return function(shouldrun, what, data) {
1.19 + window._testResults[what] = "ran";
1.20 + window.parent.scriptRan(shouldrun, what, data);
1.21 + logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
1.22 + };})(window);
1.23 +
1.24 +// callback for when stuff is blocked
1.25 +var onevalblocked = (function(window) {
1.26 + return function(shouldrun, what, data) {
1.27 + window._testResults[what] = "blocked";
1.28 + window.parent.scriptBlocked(shouldrun, what, data);
1.29 + logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
1.30 + };})(window);
1.31 +
1.32 +
1.33 +// Defer until document is loaded so that we can write the pretty result boxes
1.34 +// out.
1.35 +addEventListener('load', function() {
1.36 + // setTimeout(String) test -- mutate something in the window._testResults
1.37 + // obj, then check it.
1.38 + {
1.39 + var str_setTimeoutWithStringRan = 'onevalexecuted(false, "setTimeout(String)", "setTimeout with a string was enabled.");';
1.40 + function fcn_setTimeoutWithStringCheck() {
1.41 + if (this._testResults["setTimeout(String)"] !== "ran") {
1.42 + onevalblocked(false, "setTimeout(String)",
1.43 + "setTimeout with a string was blocked");
1.44 + }
1.45 + }
1.46 + setTimeout(fcn_setTimeoutWithStringCheck.bind(window), 10);
1.47 + setTimeout(str_setTimeoutWithStringRan, 10);
1.48 + }
1.49 +
1.50 + // setTimeout(function) test -- mutate something in the window._testResults
1.51 + // obj, then check it.
1.52 + {
1.53 + function fcn_setTimeoutWithFunctionRan() {
1.54 + onevalexecuted(true, "setTimeout(function)",
1.55 + "setTimeout with a function was enabled.")
1.56 + }
1.57 + function fcn_setTimeoutWithFunctionCheck() {
1.58 + if (this._testResults["setTimeout(function)"] !== "ran") {
1.59 + onevalblocked(true, "setTimeout(function)",
1.60 + "setTimeout with a function was blocked");
1.61 + }
1.62 + }
1.63 + setTimeout(fcn_setTimeoutWithFunctionRan.bind(window), 10);
1.64 + setTimeout(fcn_setTimeoutWithFunctionCheck.bind(window), 10);
1.65 + }
1.66 +
1.67 + // eval() test -- should throw exception as per spec
1.68 + try {
1.69 + eval('onevalexecuted(false, "eval(String)", "eval() was enabled.");');
1.70 + } catch (e) {
1.71 + onevalblocked(false, "eval(String)",
1.72 + "eval() was blocked");
1.73 + }
1.74 +
1.75 + // eval(foo,bar) test -- should throw exception as per spec
1.76 + try {
1.77 + eval('onevalexecuted(false, "eval(String,scope)", "eval() was enabled.");',1);
1.78 + } catch (e) {
1.79 + onevalblocked(false, "eval(String,object)",
1.80 + "eval() with scope was blocked");
1.81 + }
1.82 +
1.83 + // [foo,bar].sort(eval) test -- should throw exception as per spec
1.84 + try {
1.85 + ['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval);
1.86 + } catch (e) {
1.87 + onevalblocked(false, "[String, obj].sort(eval)",
1.88 + "eval() with scope via sort was blocked");
1.89 + }
1.90 +
1.91 + // [].sort.call([foo,bar], eval) test -- should throw exception as per spec
1.92 + try {
1.93 + [].sort.call(['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval);
1.94 + } catch (e) {
1.95 + onevalblocked(false, "[].sort.call([String, obj], eval)",
1.96 + "eval() with scope via sort/call was blocked");
1.97 + }
1.98 +
1.99 + // new Function() test -- should throw exception as per spec
1.100 + try {
1.101 + var fcn = new Function('onevalexecuted(false, "new Function(String)", "new Function(String) was enabled.");');
1.102 + fcn();
1.103 + } catch (e) {
1.104 + onevalblocked(false, "new Function(String)",
1.105 + "new Function(String) was blocked.");
1.106 + }
1.107 +
1.108 + // setTimeout(eval, 0, str)
1.109 + {
1.110 + // error is not catchable here, instead, we're going to side-effect
1.111 + // 'worked'.
1.112 + var worked = false;
1.113 +
1.114 + setTimeout(eval, 0, 'worked = true');
1.115 + setTimeout(function(worked) {
1.116 + if (worked) {
1.117 + onevalexecuted(false, "setTimeout(eval, 0, str)",
1.118 + "setTimeout(eval, 0, string) was enabled.");
1.119 + } else {
1.120 + onevalblocked(false, "setTimeout(eval, 0, str)",
1.121 + "setTimeout(eval, 0, str) was blocked.");
1.122 + }
1.123 + }, 0, worked);
1.124 + }
1.125 +
1.126 +}, false);
1.127 +
1.128 +
1.129 +
