content/base/test/csp/file_CSP_evalscript_main_allowed.js@b8a032363ba2
content/base/test/csp/file_CSP_evalscript_main_allowed.js
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 // some javascript for the CSP eval() tests
2 // all of these evals should succeed, as the document loading this script
3 // has script-src 'self' 'unsafe-eval'
5 function logResult(str, passed) {
6 var elt = document.createElement('div');
7 var color = passed ? "#cfc;" : "#fcc";
8 elt.setAttribute('style', 'background-color:' + color + '; width:100%; border:1px solid black; padding:3px; margin:4px;');
9 elt.innerHTML = str;
10 document.body.appendChild(elt);
11 }
13 // callback for when stuff is allowed by CSP
14 var onevalexecuted = (function(window) {
15 return function(shouldrun, what, data) {
16 window.parent.scriptRan(shouldrun, what, data);
17 logResult((shouldrun ? "PASS: " : "FAIL: ") + what + " : " + data, shouldrun);
18 };})(window);
20 // callback for when stuff is blocked
21 var onevalblocked = (function(window) {
22 return function(shouldrun, what, data) {
23 window.parent.scriptBlocked(shouldrun, what, data);
24 logResult((shouldrun ? "FAIL: " : "PASS: ") + what + " : " + data, !shouldrun);
25 };})(window);
28 // Defer until document is loaded so that we can write the pretty result boxes
29 // out.
30 addEventListener('load', function() {
31 // setTimeout(String) test -- should pass
32 try {
33 setTimeout('onevalexecuted(true, "setTimeout(String)", "setTimeout with a string was enabled.");', 10);
34 } catch (e) {
35 onevalblocked(true, "setTimeout(String)",
36 "setTimeout with a string was blocked");
37 }
39 // setTimeout(function) test -- should pass
40 try {
41 setTimeout(function() {
42 onevalexecuted(true, "setTimeout(function)",
43 "setTimeout with a function was enabled.")
44 }, 10);
45 } catch (e) {
46 onevalblocked(true, "setTimeout(function)",
47 "setTimeout with a function was blocked");
48 }
50 // eval() test
51 try {
52 eval('onevalexecuted(true, "eval(String)", "eval() was enabled.");');
53 } catch (e) {
54 onevalblocked(true, "eval(String)",
55 "eval() was blocked");
56 }
58 // eval(foo,bar) test
59 try {
60 eval('onevalexecuted(true, "eval(String,scope)", "eval() was enabled.");',1);
61 } catch (e) {
62 onevalblocked(true, "eval(String,object)",
63 "eval() with scope was blocked");
64 }
66 // [foo,bar].sort(eval) test
67 try {
68 ['onevalexecuted(true, "[String, obj].sort(eval)", "eval() was enabled.");',1].sort(eval);
69 } catch (e) {
70 onevalblocked(true, "[String, obj].sort(eval)",
71 "eval() with scope via sort was blocked");
72 }
74 // [].sort.call([foo,bar], eval) test
75 try {
76 [].sort.call(['onevalexecuted(true, "[String, obj].sort(eval)", "eval() was enabled.");',1], eval);
77 } catch (e) {
78 onevalblocked(true, "[].sort.call([String, obj], eval)",
79 "eval() with scope via sort/call was blocked");
80 }
82 // new Function() test
83 try {
84 var fcn = new Function('onevalexecuted(true, "new Function(String)", "new Function(String) was enabled.");');
85 fcn();
86 } catch (e) {
87 onevalblocked(true, "new Function(String)",
88 "new Function(String) was blocked.");
89 }
91 function checkResult() {
92 //alert(bar);
93 if (bar) {
94 onevalexecuted(true, "setTimeout(eval, 0, str)",
95 "setTimeout(eval, 0, string) was enabled.");
96 } else {
97 onevalblocked(true, "setTimeout(eval, 0, str)",
98 "setTimeout(eval, 0, str) was blocked.");
99 }
100 }
102 var bar = false;
104 function foo() {
105 bar = true;
106 }
108 window.foo = foo;
110 // setTimeout(eval, 0, str)
112 // error is not catchable here
114 setTimeout(eval, 0, 'window.foo();');
116 setTimeout(checkResult.bind(this), 0);
118 }, false);
