The Tor Browser / file revision

content/base/test/csp/file_CSP_evalscript_main.js@6474c204b198

content/base/test/csp/file_CSP_evalscript_main.js

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 // some javascript for the CSP eval() tests

     2 

     3 function logResult(str, passed) {

     4   var elt = document.createElement('div');

     5   var color = passed ? "#cfc;" : "#fcc";

     6   elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');

     7   elt.innerHTML = str;

     8   document.body.appendChild(elt);

     9 }

    10 

    11 window._testResults = {};

    12 

    13 // callback for when stuff is allowed by CSP

    14 var onevalexecuted = (function(window) {

    15     return function(shouldrun, what, data) {

    16       window._testResults[what] = "ran";

    17       window.parent.scriptRan(shouldrun, what, data);

    18       logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);

    19     };})(window);

    20 

    21 // callback for when stuff is blocked

    22 var onevalblocked = (function(window) {

    23     return function(shouldrun, what, data) {

    24       window._testResults[what] = "blocked";

    25       window.parent.scriptBlocked(shouldrun, what, data);

    26       logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);

    27     };})(window);

    28 

    29 

    30 // Defer until document is loaded so that we can write the pretty result boxes

    31 // out.

    32 addEventListener('load', function() {

    33   // setTimeout(String) test -- mutate something in the window._testResults

    34   // obj, then check it.

    35   {

    36     var str_setTimeoutWithStringRan = 'onevalexecuted(false, "setTimeout(String)", "setTimeout with a string was enabled.");';

    37     function fcn_setTimeoutWithStringCheck() {

    38       if (this._testResults["setTimeout(String)"] !== "ran") {

    39         onevalblocked(false, "setTimeout(String)",

    40                       "setTimeout with a string was blocked");

    41       }

    42     }

    43     setTimeout(fcn_setTimeoutWithStringCheck.bind(window), 10);

    44     setTimeout(str_setTimeoutWithStringRan, 10);

    45   }

    46 

    47   // setTimeout(function) test -- mutate something in the window._testResults

    48   // obj, then check it.

    49   {

    50     function fcn_setTimeoutWithFunctionRan() {

    51       onevalexecuted(true, "setTimeout(function)",

    52                     "setTimeout with a function was enabled.")

    53     }

    54     function fcn_setTimeoutWithFunctionCheck() {

    55       if (this._testResults["setTimeout(function)"] !== "ran") {

    56         onevalblocked(true, "setTimeout(function)",

    57                       "setTimeout with a function was blocked");

    58       }

    59     }

    60     setTimeout(fcn_setTimeoutWithFunctionRan.bind(window), 10);

    61     setTimeout(fcn_setTimeoutWithFunctionCheck.bind(window), 10);

    62   }

    63 

    64   // eval() test -- should throw exception as per spec

    65   try {

    66     eval('onevalexecuted(false, "eval(String)", "eval() was enabled.");');

    67   } catch (e) {

    68     onevalblocked(false, "eval(String)",

    69                   "eval() was blocked");

    70   }

    71 

    72   // eval(foo,bar) test -- should throw exception as per spec

    73   try {

    74     eval('onevalexecuted(false, "eval(String,scope)", "eval() was enabled.");',1);

    75   } catch (e) {

    76     onevalblocked(false, "eval(String,object)",

    77                   "eval() with scope was blocked");

    78   }

    79 

    80   // [foo,bar].sort(eval) test -- should throw exception as per spec

    81   try {

    82     ['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval);

    83   } catch (e) {

    84     onevalblocked(false, "[String, obj].sort(eval)",

    85                   "eval() with scope via sort was blocked");

    86   }

    87 

    88   // [].sort.call([foo,bar], eval) test -- should throw exception as per spec

    89   try {

    90     [].sort.call(['onevalexecuted(false, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval);

    91   } catch (e) {

    92     onevalblocked(false, "[].sort.call([String, obj], eval)",

    93                   "eval() with scope via sort/call was blocked");

    94   }

    95 

    96   // new Function() test -- should throw exception as per spec

    97   try {

    98     var fcn = new Function('onevalexecuted(false, "new Function(String)", "new Function(String) was enabled.");');

    99     fcn();

   100   } catch (e) {

   101     onevalblocked(false, "new Function(String)",

   102                   "new Function(String) was blocked.");

   103   }

   104 

   105   // setTimeout(eval, 0, str)

   106   {

   107     // error is not catchable here, instead, we're going to side-effect

   108     // 'worked'.

   109     var worked = false;

   110 

   111     setTimeout(eval, 0, 'worked = true');

   112     setTimeout(function(worked) {

   113                   if (worked) {

   114                     onevalexecuted(false, "setTimeout(eval, 0, str)",

   115                                     "setTimeout(eval, 0, string) was enabled.");

   116                   } else {

   117                     onevalblocked(false, "setTimeout(eval, 0, str)",

   118                                         "setTimeout(eval, 0, str) was blocked.");

   119                   }

   120                 }, 0, worked);

   121   }

   122 

   123 }, false);

   124 

   125 

   126

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial