summaryrefslogtreecommitdiffstats
path: root/js/xpconnect/tests/chrome/test_documentdomain.xhtml
blob: 8cffdc8e468287377f1c35975e03db5f875d8e90 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=601277
-->
<window title="Mozilla Bug 601277"
        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>

  <!-- test results are displayed in the html:body -->
  <body xmlns="http://www.w3.org/1999/xhtml">
  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=601277"
     target="_blank">Mozilla Bug 601277</a>
  </body>

  <!-- test code goes here -->
  <script type="application/javascript">
  <![CDATA[
  /** Tests for document.domain. **/

  SimpleTest.waitForExplicitFinish();

  // Wait for the frames to load.
  var gFramesLoaded = 0;
  function frameLoaded() {
    gFramesLoaded++;
    if (gFramesLoaded == document.getElementsByTagName('iframe').length)
      startTest();
  }

  function startTest() {

    // Grab all the content windows and waive Xray. Xray waivers only apply to
    // chrome, so we can pass these references directly to content.
    var win1A = document.getElementById('test1A').contentWindow.wrappedJSObject;
    var win1B = document.getElementById('test1B').contentWindow.wrappedJSObject;
    var win2 = document.getElementById('test2').contentWindow.wrappedJSObject;
    var winBase = document.getElementById('base').contentWindow.wrappedJSObject;

    // Check the basics.
    ok(win1A.tryToAccess(win1B),
       "Same-origin windows should grant access");
    ok(!win1A.tryToAccess(win2),
       "Cross-origin windows should not grant access");
    ok(!win1A.tryToAccess(winBase),
       "Subdomain windows should not receive access");

    // Store references now, while test1A and test1B are same-origin.
    win1A.storeReference(win1B);
    win1B.storeReference(win1A);
    ok(win1A.tryToAccessStored(), "Stored references work when same-origin");
    win1A.evalFromB = Cu.unwaiveXrays(win1B.eval); // Crashtest for bug 1040181.
    win1B.functionFromA = Cu.unwaiveXrays(win1A.Function); // Crashtest for bug 1040181.
    ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "Should allow before document.domain");
    ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "Should allow before document.domain");

    // Set document.domain on test1A. This should grant no access, since nobody
    // else set it.
    win1A.setDomain('example.org');
    ok(!win1A.tryToAccess(winBase), "base must collaborate too");
    ok(!winBase.tryToAccess(win1A), "base must collaborate too");
    ok(!win1A.tryToAccess(win1B), "No longer same-origin");
    ok(win1A.tryToAccessStored(), "We don't revoke access except through Window and Location");
    ok(!win1B.tryToAccess(win1A), "No longer same-origin");
    ok(win1B.tryToAccessStored(), "We don't revoke access except through Window and Location");
    ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "We don't revoke access except through Window and Location");
    ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "We don't revoke access except through Window and Location");

    // Set document.domain on test1B. Now we're cooking with gas.
    win1B.setDomain('example.org');
    ok(!win1B.tryToAccess(winBase), "base must collaborate too");
    ok(!winBase.tryToAccess(win1B), "base must collaborate too");
    ok(win1A.tryToAccess(win1B), "same-origin");
    ok(win1A.tryToAccessStored(), "same-origin");
    ok(win1B.tryToAccess(win1A), "same-origin");
    ok(win1B.tryToAccessStored(), "same-origin");

    // Explicitly collaborate with base.
    winBase.setDomain('example.org');
    ok(winBase.tryToAccess(win1A), "base collaborates");
    ok(win1A.tryToAccess(winBase), "base collaborates");

    // All done.
    SimpleTest.finish();
  }


  ]]>
  </script>

  <iframe id="test1A" onload="frameLoaded();" type="content"
          src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
  <iframe id="test1B" onload="frameLoaded();" type="content"
          src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
  <iframe id="test2" onload="frameLoaded();" type="content"
          src="http://test2.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
  <iframe id="base" onload="frameLoaded();" type="content"
          src="http://example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
</window>