1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/js/xpconnect/tests/chrome/test_bug792280.xul Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,45 @@
1.4 +<?xml version="1.0"?>
1.5 +<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
1.6 +<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
1.7 +<!--
1.8 +https://bugzilla.mozilla.org/show_bug.cgi?id=792280
1.9 +-->
1.10 +<window title="Mozilla Bug 792280"
1.11 + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
1.12 + <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
1.13 +
1.14 + <!-- test results are displayed in the html:body -->
1.15 + <body xmlns="http://www.w3.org/1999/xhtml">
1.16 + <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=792280"
1.17 + target="_blank">Mozilla Bug 792280</a>
1.18 + </body>
1.19 +
1.20 + <!-- test code goes here -->
1.21 + <script type="application/javascript">
1.22 + <![CDATA[
1.23 + /** Test for Bug 792280 **/
1.24 + const Cu = Components.utils;
1.25 +
1.26 + function checkSb(sb, expect) {
1.27 + var target = new Cu.Sandbox('http://www.example.com');
1.28 + Cu.evalInSandbox('function fun() { return arguments.callee.caller; };', target);
1.29 + sb.fun = target.fun;
1.30 + let allowed = false;
1.31 + try {
1.32 + allowed = Cu.evalInSandbox('function doTest() { return fun() == doTest; }; doTest()', sb);
1.33 + isnot(expect, "throw", "Should have thrown");
1.34 + } catch (e) {
1.35 + is(expect, "throw", "Should expect exception");
1.36 + ok(/denied|insecure/.test(e), "Should be a security exception: " + e);
1.37 + }
1.38 + is(allowed, expect == "allow", "should censor appropriately");
1.39 + }
1.40 +
1.41 + // Note that COWs are callable, but XOWs are not.
1.42 + checkSb(new Cu.Sandbox('http://www.example.com'), "allow");
1.43 + checkSb(new Cu.Sandbox('http://www.example.org'), "throw");
1.44 + checkSb(new Cu.Sandbox(window), "censor");
1.45 +
1.46 + ]]>
1.47 + </script>
1.48 +</window>
