1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/js/xpconnect/tests/unit/test_bug813901.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,25 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/* See https://bugzilla.mozilla.org/show_bug.cgi?id=813901 */
1.9 +
1.10 +const Cu = Components.utils;
1.11 +
1.12 +// Make sure that we can't inject __exposedProps__ via the proto of a COW-ed object.
1.13 +
1.14 +function checkThrows(expression, sb, regexp) {
1.15 + var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
1.16 + dump('result: ' + result + '\n\n\n');
1.17 + do_check_true(!!regexp.exec(result));
1.18 +}
1.19 +
1.20 +function run_test() {
1.21 +
1.22 + var sb = new Cu.Sandbox('http://www.example.org');
1.23 + sb.obj = {foo: 2};
1.24 + checkThrows('obj.foo = 3;', sb, /denied/);
1.25 + Cu.evalInSandbox("var p = {__exposedProps__: {foo: 'rw'}};", sb);
1.26 + sb.obj.__proto__ = sb.p;
1.27 + checkThrows('obj.foo = 4;', sb, /__exposedProps__/);
1.28 +}
