summaryrefslogtreecommitdiffstats
path: root/js/src/jit-test/tests/basic/script-filename-validation-1.js
blob: 72d20c22dcc74602d021b6111f1f1a817377d427 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
load(libdir + "asserts.js");

setTestFilenameValidationCallback();

// Filenames starting with "safe" are fine.
assertEq(evaluate("2", {fileName: "safe.js"}), 2);
assertEq(evaluate("eval(3)", {fileName: "safe.js"}), 3);
assertEq(evaluate("Function('return 4')()", {fileName: "safe.js"}), 4);

// Delazification is fine.
function foo(x) {
    function bar(x) { return x + 1; }
    return bar(x);
}
assertEq(foo(1), 2);

// These are all blocked.
assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: "unsafe.js"}), InternalError);
assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: "system.js"}), InternalError);
assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: ""}), InternalError);
assertThrowsInstanceOf(() => evaluate("throw 2"), InternalError);
assertThrowsInstanceOf(() => eval("throw 2"), InternalError);
assertThrowsInstanceOf(() => Function("return 1"), InternalError);
assertThrowsInstanceOf(() => parseModule("{ function x() {} }"), InternalError);

// The error message must contain the filename.
var ex = null;
try {
    evaluate("throw 2", {fileName: "file://foo.js"});
} catch (e) {
    ex = e;
}
assertEq(ex.toString(), "InternalError: unsafe filename: file://foo.js");

// Off-thread parse throws too, when finishing.
if (helperThreadCount() > 0) {
    offThreadCompileScript('throw 1');
    assertThrowsInstanceOf(() => runOffThreadScript(), InternalError);
}

// Unsafe filename is accepted if we opt-out.
assertEq(evaluate("2", {fileName: "unsafe.js", skipFileNameValidation: true}), 2);
assertEq(evaluate("3", {skipFileNameValidation: true}), 3);

// In system realms we also accept filenames starting with "system".
var systemRealm = newGlobal({newCompartment: true, systemPrincipal: true});
assertEq(systemRealm.evaluate("1 + 2", {fileName: "system.js"}), 3);
assertEq(systemRealm.evaluate("2 + 2", {fileName: "safe.js"}), 4);
assertThrowsInstanceOf(() => systemRealm.evaluate("1 + 2", {fileName: "unsafe.js"}),
                       systemRealm.InternalError);