The Tor Browser / file diff

diff: js/xpconnect/tests/unit/test_components.js

js/xpconnect/tests/unit/test_components.js

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/js/xpconnect/tests/unit/test_components.js	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,54 @@
     1.4 +const Cu = Components.utils;
     1.5 +
     1.6 +function run_test() {
     1.7 +  var sb1 = Cu.Sandbox("http://www.blah.com");
     1.8 +  var sb2 = Cu.Sandbox("http://www.blah.com");
     1.9 +  var sb3 = Cu.Sandbox(this);
    1.10 +  var sb4 = Cu.Sandbox("http://www.other.com");
    1.11 +  var rv;
    1.12 +
    1.13 +  // Components is normally hidden from content on the XBL scope chain, but we
    1.14 +  // expose it to content here to make sure that the security wrappers work
    1.15 +  // regardless.
    1.16 +  [sb1, sb2, sb4].forEach(function(x) { x.Components = Cu.getComponentsForScope(x); });
    1.17 +
    1.18 +  // non-chrome accessing chrome Components
    1.19 +  sb1.C = Components;
    1.20 +  checkThrows("C.utils", sb1);
    1.21 +  checkThrows("C.classes", sb1);
    1.22 +
    1.23 +  // non-chrome accessing own Components
    1.24 +  do_check_eq(Cu.evalInSandbox("typeof Components.interfaces", sb1), 'object');
    1.25 +  do_check_eq(Cu.evalInSandbox("typeof Components.utils", sb1), 'undefined');
    1.26 +  do_check_eq(Cu.evalInSandbox("typeof Components.classes", sb1), 'undefined');
    1.27 +
    1.28 +  // Make sure an unprivileged Components is benign.
    1.29 +  var C2 = Cu.evalInSandbox("Components", sb2);
    1.30 +  var whitelist = ['interfaces', 'interfacesByID', 'results', 'isSuccessCode', 'QueryInterface'];
    1.31 +  for (var prop in Components) {
    1.32 +    do_print("Checking " + prop);
    1.33 +    do_check_eq((prop in C2), whitelist.indexOf(prop) != -1);
    1.34 +  }
    1.35 +
    1.36 +  // non-chrome same origin
    1.37 +  sb1.C2 = C2;
    1.38 +  do_check_eq(Cu.evalInSandbox("typeof C2.interfaces", sb1), 'object');
    1.39 +  do_check_eq(Cu.evalInSandbox("typeof C2.utils", sb1), 'undefined');
    1.40 +  do_check_eq(Cu.evalInSandbox("typeof C2.classes", sb1), 'undefined');
    1.41 +
    1.42 +  // chrome accessing chrome
    1.43 +  sb3.C = Components;
    1.44 +  rv = Cu.evalInSandbox("C.utils", sb3);
    1.45 +  do_check_eq(rv, Cu);
    1.46 +
    1.47 +  // non-chrome cross origin
    1.48 +  sb4.C2 = C2;
    1.49 +  checkThrows("C2.interfaces", sb4);
    1.50 +  checkThrows("C2.utils", sb4);
    1.51 +  checkThrows("C2.classes", sb4);
    1.52 +}
    1.53 +
    1.54 +function checkThrows(expression, sb) {
    1.55 +  var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
    1.56 +  do_check_true(!!/denied/.exec(result));
    1.57 +}

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial