summaryrefslogtreecommitdiffstats
path: root/js/xpconnect/tests/chrome/test_bug792280.xhtml
diff options
context:
space:
mode:
Diffstat (limited to 'js/xpconnect/tests/chrome/test_bug792280.xhtml')
-rw-r--r--js/xpconnect/tests/chrome/test_bug792280.xhtml43
1 files changed, 43 insertions, 0 deletions
diff --git a/js/xpconnect/tests/chrome/test_bug792280.xhtml b/js/xpconnect/tests/chrome/test_bug792280.xhtml
new file mode 100644
index 0000000000..1e1a197e57
--- /dev/null
+++ b/js/xpconnect/tests/chrome/test_bug792280.xhtml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
+<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=792280
+-->
+<window title="Mozilla Bug 792280"
+ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+ <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+ <!-- test results are displayed in the html:body -->
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=792280"
+ target="_blank">Mozilla Bug 792280</a>
+ </body>
+
+ <!-- test code goes here -->
+ <script type="application/javascript">
+ <![CDATA[
+ /** Test for Bug 792280 **/
+ function checkSb(sb, expect) {
+ var target = new Cu.Sandbox("https://www.example.com");
+ Cu.evalInSandbox('function fun() { return arguments.callee.caller; };', target);
+ sb.fun = target.fun;
+ let allowed = false;
+ try {
+ allowed = Cu.evalInSandbox('function doTest() { return fun() == doTest; }; doTest()', sb);
+ isnot(expect, "throw", "Should have thrown");
+ } catch (e) {
+ is(expect, "throw", "Should expect exception");
+ ok(/denied|insecure/.test(e), "Should be a security exception: " + e);
+ }
+ is(allowed, expect == "allow", "should censor appropriately");
+ }
+
+ // Note that COWs are callable, but XOWs are not.
+ checkSb(new Cu.Sandbox("https://www.example.com"), "allow");
+ checkSb(new Cu.Sandbox("https://www.example.org"), "throw");
+ checkSb(new Cu.Sandbox(window), "censor");
+
+ ]]>
+ </script>
+</window>