The Tor Browser / file revision

js/xpconnect/tests/chrome/test_bug812415.xul@129ffea94266

js/xpconnect/tests/chrome/test_bug812415.xul

Sat, 03 Jan 2015 20:18:00 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Sat, 03 Jan 2015 20:18:00 +0100
branch
TOR_BUG_3246
changeset 7
129ffea94266
permissions
-rw-r--r--

Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.

     1 <?xml version="1.0"?>

     2 <?xml-stylesheet type="text/css" href="chrome://global/skin"?>

     3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>

     4 <!--

     5 https://bugzilla.mozilla.org/show_bug.cgi?id=812415

     6 -->

     7 <window title="Mozilla Bug 812415"

     8         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">

     9   <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>

    10 

    11   <!-- test results are displayed in the html:body -->

    12   <body xmlns="http://www.w3.org/1999/xhtml">

    13   <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=812415"

    14      target="_blank">Mozilla Bug 812415</a>

    15   </body>

    16 

    17   <!-- test code goes here -->

    18   <script type="application/javascript">

    19   <![CDATA[

    20   /** Test for Bug 812415 and Bug 823348 **/

    21 

    22   const Cu = Components.utils;

    23   SimpleTest.waitForExplicitFinish();

    24 

    25   function testWaiving(iwin, sb) {

    26     sb.win = iwin;

    27     is(Cu.evalInSandbox('win', sb), iwin, "Basic identity works");

    28     is(Cu.evalInSandbox('win.wrappedJSObject', sb), iwin.wrappedJSObject, "Waivers work via .wrappedJSObject");

    29     is(Cu.evalInSandbox('XPCNativeWrapper.unwrap(win)', sb), iwin.wrappedJSObject, "Waivers work via XPCNativeWrapper.unwrap");

    30     is(Cu.evalInSandbox('win.wrappedJSObject.document', sb), iwin.document.wrappedJSObject, "Waivers are deep");

    31   }

    32 

    33   function checkThrows(expression, sb, msg) {

    34     var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);

    35     ok(!!/denied/.exec(result), msg);

    36   }

    37 

    38   function testAsymmetric(regular, expanded) {

    39 

    40     // Set up objects.

    41     expanded.regFun = Cu.evalInSandbox('function reg() { return 42; }; reg', regular);

    42     expanded.regObj = Cu.evalInSandbox('new Object({foo: 2})', regular);

    43     regular.expFun = Cu.evalInSandbox('function exp() { return 41; }; exp', expanded);

    44     regular.expObj = Cu.evalInSandbox('new Object({bar: 3})', expanded);

    45 

    46     // Check objects.

    47     is(Cu.evalInSandbox('regObj.foo', expanded), 2, "Expanded can see regular object prop");

    48     checkThrows('expObj.bar', regular, "Regular shouldn't read properties");

    49     Cu.evalInSandbox('regObj.foo = 20', expanded);

    50     is(expanded.regObj.foo, 20, "Expanded can set properties");

    51     checkThrows('expFun.bar = 0', regular, "Regular shouldn't write properties");

    52 

    53     // Check functions.

    54     is(Cu.evalInSandbox('regFun()', expanded), 42, "Expanded can call regular function");

    55     checkThrows('expFun()', regular, "Regular cannot call expanded function");

    56     is(Cu.evalInSandbox('regFun.name', expanded), 'reg', "Expanded can see regular function's name");

    57     checkThrows('expFun.name', regular, "Regular can't see expanded function's name");

    58     Cu.evalInSandbox('regFun.expando = 30', expanded);

    59     is(expanded.regFun.expando, 30, "Expanded can set expandos");

    60     checkThrows('expFun.expando = 29', regular, "Regular can't set expandos");

    61 

    62     // Check __proto__ stuff.

    63     is(Cu.evalInSandbox('regFun.__proto__', expanded), regular.Function.prototype, "expanded can get __proto__");

    64     checkThrows('expFun.__proto__', regular, "regular can't use __proto__");

    65     checkThrows('expFun.__proto__ = {}', regular, "regular can't mutate __proto__");

    66   }

    67 

    68   function go() {

    69     var iwin = document.getElementById('ifr').contentWindow;

    70 

    71     // Make our sandboxes. We pass wantXrays=false for the nsEP to ensure that

    72     // the Xrays we get are the result of being an nsEP, not from the wantXrays

    73     // flag.

    74     var regular = new Components.utils.Sandbox(iwin);

    75     var expanded = new Components.utils.Sandbox([iwin], {wantXrays: false});

    76 

    77     // Because of the crazy secret life of wantXrays, passing wantXrays=false

    78     // has the side effect of waiving Xrays on the returned sandbox. Undo that.

    79     expanded = XPCNativeWrapper(expanded);

    80 

    81     testWaiving(iwin, regular);

    82     testWaiving(iwin, expanded);

    83     testAsymmetric(regular, expanded);

    84     SimpleTest.finish();

    85   }

    86 

    87   ]]>

    88   </script>

    89   <iframe id="ifr" onload="go();" src="http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html" />

    90 </window>

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial