The Tor Browser / file revision

js/xpconnect/tests/unit/test_components.js@6474c204b198

js/xpconnect/tests/unit/test_components.js

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 const Cu = Components.utils;

     2 

     3 function run_test() {

     4   var sb1 = Cu.Sandbox("http://www.blah.com");

     5   var sb2 = Cu.Sandbox("http://www.blah.com");

     6   var sb3 = Cu.Sandbox(this);

     7   var sb4 = Cu.Sandbox("http://www.other.com");

     8   var rv;

     9 

    10   // Components is normally hidden from content on the XBL scope chain, but we

    11   // expose it to content here to make sure that the security wrappers work

    12   // regardless.

    13   [sb1, sb2, sb4].forEach(function(x) { x.Components = Cu.getComponentsForScope(x); });

    14 

    15   // non-chrome accessing chrome Components

    16   sb1.C = Components;

    17   checkThrows("C.utils", sb1);

    18   checkThrows("C.classes", sb1);

    19 

    20   // non-chrome accessing own Components

    21   do_check_eq(Cu.evalInSandbox("typeof Components.interfaces", sb1), 'object');

    22   do_check_eq(Cu.evalInSandbox("typeof Components.utils", sb1), 'undefined');

    23   do_check_eq(Cu.evalInSandbox("typeof Components.classes", sb1), 'undefined');

    24 

    25   // Make sure an unprivileged Components is benign.

    26   var C2 = Cu.evalInSandbox("Components", sb2);

    27   var whitelist = ['interfaces', 'interfacesByID', 'results', 'isSuccessCode', 'QueryInterface'];

    28   for (var prop in Components) {

    29     do_print("Checking " + prop);

    30     do_check_eq((prop in C2), whitelist.indexOf(prop) != -1);

    31   }

    32 

    33   // non-chrome same origin

    34   sb1.C2 = C2;

    35   do_check_eq(Cu.evalInSandbox("typeof C2.interfaces", sb1), 'object');

    36   do_check_eq(Cu.evalInSandbox("typeof C2.utils", sb1), 'undefined');

    37   do_check_eq(Cu.evalInSandbox("typeof C2.classes", sb1), 'undefined');

    38 

    39   // chrome accessing chrome

    40   sb3.C = Components;

    41   rv = Cu.evalInSandbox("C.utils", sb3);

    42   do_check_eq(rv, Cu);

    43 

    44   // non-chrome cross origin

    45   sb4.C2 = C2;

    46   checkThrows("C2.interfaces", sb4);

    47   checkThrows("C2.utils", sb4);

    48   checkThrows("C2.classes", sb4);

    49 }

    50 

    51 function checkThrows(expression, sb) {

    52   var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);

    53   do_check_true(!!/denied/.exec(result));

    54 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial