summaryrefslogtreecommitdiffstats
path: root/dom/tests/browser/browser_xhr_sandbox.js
blob: 02d0c1c203f8e32b21d90e124884fdc845e3cc38 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
// This code is evaluated in a sandbox courtesy of toSource();
var sandboxCode =
  function() {
    let req = new XMLHttpRequest();
    req.open("GET", "http://mochi.test:8888/browser/dom/tests/browser/", true);
    req.onreadystatechange = function() {
      if (req.readyState === 4) {
        // If we get past the problem above, we end up with a req.status of zero
        // (ie, blocked due to CORS) even though we are fetching from the same
        // origin as the window itself.
        let result;
        if (req.status != 200) {
          result = "ERROR: got request status of " + req.status;
        } else if (req.responseText.length == 0) {
          result = "ERROR: got zero byte response text";
        } else {
          result = "ok";
        }
        postMessage({ result }, "*");
      }
    };
    req.send(null);
  }.toSource() + "();";

add_task(async function test() {
  await SpecialPowers.pushPrefEnv({
    set: [["security.allow_unsafe_parent_loads", true]],
  });

  let newWin = await BrowserTestUtils.openNewBrowserWindow();

  let frame = newWin.document.createXULElement("iframe");
  frame.setAttribute("type", "content");
  frame.setAttribute(
    "src",
    "http://mochi.test:8888/browser/dom/tests/browser/browser_xhr_sandbox.js"
  );

  newWin.document.documentElement.appendChild(frame);
  await BrowserTestUtils.waitForEvent(frame, "load", true);

  let contentWindow = frame.contentWindow;
  let sandbox = new Cu.Sandbox(contentWindow);

  // inject some functions from the window into the sandbox.
  // postMessage so the async code in the sandbox can report a result.
  sandbox.importFunction(
    contentWindow.postMessage.bind(contentWindow),
    "postMessage"
  );
  sandbox.importFunction(contentWindow.XMLHttpRequest, "XMLHttpRequest");
  Cu.evalInSandbox(sandboxCode, sandbox, "1.8");

  let sandboxReply = await BrowserTestUtils.waitForEvent(
    contentWindow,
    "message",
    true
  );
  is(sandboxReply.data.result, "ok", "check the sandbox code was felipe");

  await BrowserTestUtils.closeWindow(newWin);
});