1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/js/xpconnect/tests/chrome/test_evalInSandbox.xul Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,175 @@
1.4 +<?xml version="1.0"?>
1.5 +<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
1.6 +<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css"
1.7 + type="text/css"?>
1.8 +<!--
1.9 +https://bugzilla.mozilla.org/show_bug.cgi?id=533596
1.10 +-->
1.11 +<window title="Mozilla Bug 533596"
1.12 + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
1.13 + <script type="application/javascript"
1.14 + src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
1.15 +
1.16 + <!-- test results are displayed in the html:body -->
1.17 + <body xmlns="http://www.w3.org/1999/xhtml">
1.18 +
1.19 + <iframe src="http://example.org/tests/js/xpconnect/tests/mochitest/file_evalInSandbox.html"
1.20 + onload="checkCrossOrigin(this)">
1.21 + </iframe>
1.22 + <iframe src="chrome://mochitests/content/chrome/js/xpconnect/tests/chrome/file_evalInSandbox.html"
1.23 + onload="checkSameOrigin(this)">
1.24 + </iframe>
1.25 + </body>
1.26 +
1.27 + <!-- test code goes here -->
1.28 + <script type="application/javascript"><![CDATA[
1.29 + const Cu = Components.utils;
1.30 + const Ci = Components.interfaces;
1.31 + const utils = window.QueryInterface(Ci.nsIInterfaceRequestor)
1.32 + .getInterface(Ci.nsIDOMWindowUtils);
1.33 +
1.34 + function checkCrossOriginSandbox(sandbox)
1.35 + {
1.36 + is(utils.getClassName(sandbox),
1.37 + "Proxy",
1.38 + "sandbox was wrapped correctly");
1.39 +
1.40 + is(utils.getClassName(Cu.evalInSandbox("this.document", sandbox)),
1.41 + "Proxy",
1.42 + "return value was rewrapped correctly");
1.43 + }
1.44 +
1.45 + function checkCrossOriginXrayedSandbox(sandbox)
1.46 + {
1.47 + ok(Cu.evalInSandbox("!('windowfoo' in window);", sandbox),
1.48 + "the window itself Xray is an XrayWrapper");
1.49 + ok(Cu.evalInSandbox("('wrappedJSObject' in this.document);", sandbox),
1.50 + "wrappers inside eIS are Xrays");
1.51 + ok(Cu.evalInSandbox("!('foo' in this.document);", sandbox),
1.52 + "must not see expandos");
1.53 + ok('wrappedJSObject' in Cu.evalInSandbox("this.document", sandbox),
1.54 + "wrappers returned from the sandbox are Xrays");
1.55 + ok(!("foo" in Cu.evalInSandbox("this.document", sandbox)),
1.56 + "must not see expandos in wrappers returned from the sandbox");
1.57 +
1.58 + ok('wrappedJSObject' in sandbox.document,
1.59 + "values obtained from the sandbox are Xrays");
1.60 + ok(!("foo" in sandbox.document),
1.61 + "must not see expandos in wrappers obtained from the sandbox");
1.62 +
1.63 + }
1.64 +
1.65 + function checkCrossOrigin(ifr) {
1.66 + var win = ifr.contentWindow;
1.67 + var sandbox =
1.68 + new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: true } );
1.69 +
1.70 + checkCrossOriginSandbox(sandbox);
1.71 + checkCrossOriginXrayedSandbox(sandbox);
1.72 +
1.73 + sandbox =
1.74 + new Cu.Sandbox(win, { sandboxPrototype: win } );
1.75 +
1.76 + checkCrossOriginSandbox(sandbox);
1.77 + checkCrossOriginXrayedSandbox(sandbox);
1.78 +
1.79 + sandbox =
1.80 + new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: false } );
1.81 +
1.82 + checkCrossOriginSandbox(sandbox);
1.83 +
1.84 + ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
1.85 + "can see expandos");
1.86 + ok(("foo" in Cu.evalInSandbox("this.document", sandbox)),
1.87 + "must see expandos in wrappers returned from the sandbox");
1.88 +
1.89 + ok(("foo" in sandbox.document),
1.90 + "must see expandos in wrappers obtained from the sandbox");
1.91 +
1.92 + testDone();
1.93 + }
1.94 +
1.95 + function checkSameOrigin(ifr) {
1.96 + var win = ifr.contentWindow;
1.97 + var sandbox =
1.98 + new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: true } );
1.99 +
1.100 + ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
1.101 + "must see expandos for a chrome sandbox");
1.102 +
1.103 + sandbox =
1.104 + new Cu.Sandbox(win, { sandboxPrototype: win } );
1.105 +
1.106 + ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
1.107 + "must see expandos for a chrome sandbox");
1.108 +
1.109 + sandbox =
1.110 + new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: false } );
1.111 +
1.112 + ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
1.113 + "can see expandos for a chrome sandbox");
1.114 +
1.115 + testDone();
1.116 + }
1.117 +
1.118 + var testsRun = 0;
1.119 + function testDone() {
1.120 + if (++testsRun == 2)
1.121 + SimpleTest.finish();
1.122 + }
1.123 +
1.124 + SimpleTest.waitForExplicitFinish();
1.125 +
1.126 + try {
1.127 + var sandbox = new Cu.Sandbox(this, { sandboxPrototype: undefined } );
1.128 + ok(false, "undefined is not a valid prototype");
1.129 + }
1.130 + catch (e) {
1.131 + ok(true, "undefined is not a valid prototype");
1.132 + }
1.133 +
1.134 + try {
1.135 + var sandbox = new Cu.Sandbox(this, { wantXrays: undefined } );
1.136 + ok(false, "undefined is not a valid value for wantXrays");
1.137 + }
1.138 + catch (e) {
1.139 + ok(true, "undefined is not a valid value for wantXrays");
1.140 + }
1.141 +
1.142 + // Crash test for bug 601829.
1.143 + try {
1.144 + Components.utils.evalInSandbox('', null);
1.145 + } catch (e) {
1.146 + ok(true, "didn't crash on a null sandbox object");
1.147 + }
1.148 +
1.149 + try {
1.150 + var sandbox = new Cu.Sandbox(this, { sameZoneAs: this } );
1.151 + ok(true, "sameZoneAs works");
1.152 + }
1.153 + catch (e) {
1.154 + ok(false, "sameZoneAs works");
1.155 + }
1.156 +
1.157 + Cu.import("resource://gre/modules/jsdebugger.jsm");
1.158 + addDebuggerToGlobal(this);
1.159 +
1.160 + try {
1.161 + let dbg = new Debugger();
1.162 + let sandbox = new Cu.Sandbox(this, { invisibleToDebugger: false });
1.163 + dbg.addDebuggee(sandbox);
1.164 + ok(true, "debugger added visible value");
1.165 + } catch(e) {
1.166 + ok(false, "debugger could not add visible value");
1.167 + }
1.168 +
1.169 + try {
1.170 + let dbg = new Debugger();
1.171 + let sandbox = new Cu.Sandbox(this, { invisibleToDebugger: true });
1.172 + dbg.addDebuggee(sandbox);
1.173 + ok(false, "debugger added invisible value");
1.174 + } catch(e) {
1.175 + ok(true, "debugger did not add invisible value");
1.176 + }
1.177 + ]]></script>
1.178 +</window>
