summaryrefslogtreecommitdiffstats
path: root/js/xpconnect/tests/chrome/test_evalInSandbox.xhtml
diff options
context:
space:
mode:
Diffstat (limited to 'js/xpconnect/tests/chrome/test_evalInSandbox.xhtml')
-rw-r--r--js/xpconnect/tests/chrome/test_evalInSandbox.xhtml205
1 files changed, 205 insertions, 0 deletions
diff --git a/js/xpconnect/tests/chrome/test_evalInSandbox.xhtml b/js/xpconnect/tests/chrome/test_evalInSandbox.xhtml
new file mode 100644
index 0000000000..ac65151101
--- /dev/null
+++ b/js/xpconnect/tests/chrome/test_evalInSandbox.xhtml
@@ -0,0 +1,205 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
+<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css"
+ type="text/css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=533596
+-->
+<window title="Mozilla Bug 533596"
+ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+ <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+
+ <!-- test results are displayed in the html:body -->
+ <body xmlns="http://www.w3.org/1999/xhtml">
+
+ <iframe src="http://example.org/tests/js/xpconnect/tests/mochitest/file_evalInSandbox.html"
+ onload="checkCrossOrigin(this)">
+ </iframe>
+ <iframe src="chrome://mochitests/content/chrome/js/xpconnect/tests/chrome/file_evalInSandbox.html"
+ onload="checkSameOrigin(this)">
+ </iframe>
+ </body>
+
+ <!-- test code goes here -->
+ <script type="application/javascript"><![CDATA[
+ const utils = window.windowUtils;
+
+ function checkCrossOriginSandbox(sandbox)
+ {
+ is(utils.getClassName(sandbox),
+ "Proxy",
+ "sandbox was wrapped correctly");
+
+ is(utils.getClassName(Cu.evalInSandbox("this.document", sandbox)),
+ "Proxy",
+ "return value was rewrapped correctly");
+ }
+
+ function checkCrossOriginXrayedSandbox(sandbox)
+ {
+ ok(Cu.evalInSandbox("!('windowfoo' in window);", sandbox),
+ "the window itself Xray is an XrayWrapper");
+ ok(Cu.evalInSandbox("('wrappedJSObject' in this.document);", sandbox),
+ "wrappers inside eIS are Xrays");
+ ok(Cu.evalInSandbox("!('foo' in this.document);", sandbox),
+ "must not see expandos");
+ ok('wrappedJSObject' in Cu.evalInSandbox("this.document", sandbox),
+ "wrappers returned from the sandbox are Xrays");
+ ok(!("foo" in Cu.evalInSandbox("this.document", sandbox)),
+ "must not see expandos in wrappers returned from the sandbox");
+
+ ok('wrappedJSObject' in sandbox.document,
+ "values obtained from the sandbox are Xrays");
+ ok(!("foo" in sandbox.document),
+ "must not see expandos in wrappers obtained from the sandbox");
+
+ }
+
+ function checkCrossOrigin(ifr) {
+ var win = ifr.contentWindow;
+ var sandbox =
+ new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: true } );
+
+ checkCrossOriginSandbox(sandbox);
+ checkCrossOriginXrayedSandbox(sandbox);
+
+ sandbox =
+ new Cu.Sandbox(win, { sandboxPrototype: win } );
+
+ checkCrossOriginSandbox(sandbox);
+ checkCrossOriginXrayedSandbox(sandbox);
+
+ sandbox =
+ new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: false } );
+
+ checkCrossOriginSandbox(sandbox);
+
+ ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
+ "can see expandos");
+ ok(!("foo" in Cu.evalInSandbox("this.document", sandbox)),
+ "must not see expandos in wrappers returned from the sandbox");
+ ok(("foo" in Cu.waiveXrays(Cu.evalInSandbox("this.document", sandbox))),
+ "must see expandos in waived wrappers returned from the sandbox");
+
+ ok(!("foo" in sandbox.document),
+ "must not see expandos in wrappers obtained from the sandbox");
+ ok("foo" in Cu.waiveXrays(sandbox.document),
+ "must see expandos in wrappers obtained from the sandbox");
+
+ testDone();
+ }
+
+ function checkSameOrigin(ifr) {
+ var win = ifr.contentWindow;
+ var sandbox =
+ new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: true } );
+
+ ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
+ "must see expandos for a chrome sandbox");
+
+ sandbox =
+ new Cu.Sandbox(win, { sandboxPrototype: win } );
+
+ ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
+ "must see expandos for a chrome sandbox");
+
+ sandbox =
+ new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: false } );
+
+ ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
+ "can see expandos for a chrome sandbox");
+
+ testDone();
+ }
+
+ var testsRun = 0;
+ function testDone() {
+ if (++testsRun == 2)
+ SimpleTest.finish();
+ }
+
+ SimpleTest.waitForExplicitFinish();
+
+ try {
+ var sandbox1 = new Cu.Sandbox(this, { sandboxPrototype: undefined } );
+ ok(false, "undefined is not a valid prototype");
+ }
+ catch (e) {
+ ok(true, "undefined is not a valid prototype");
+ }
+
+ try {
+ var sandbox2 = new Cu.Sandbox(this, { wantXrays: undefined } );
+ ok(false, "undefined is not a valid value for wantXrays");
+ }
+ catch (e) {
+ ok(true, "undefined is not a valid value for wantXrays");
+ }
+
+ // Crash test for bug 601829.
+ try {
+ Cu.evalInSandbox('', null);
+ } catch (e) {
+ ok(true, "didn't crash on a null sandbox object");
+ }
+
+ try {
+ var sandbox3 = new Cu.Sandbox(this, { sameZoneAs: this } );
+ ok(true, "sameZoneAs works");
+ }
+ catch (e) {
+ ok(false, "sameZoneAs works");
+ }
+
+ // The 'let' keyword only appears with JS 1.7 and above. We use this fact
+ // to make sure that sandboxes get explict JS versions and don't inherit
+ // them from the most recent scripted frame.
+ function checkExplicitVersions() {
+ // eslint-disable-next-line no-undef
+ var sb = new Cu.Sandbox(sop);
+ Cu.evalInSandbox('let someVariable = 42', sb, '1.7');
+ ok(true, "Didn't throw with let");
+ try {
+ Cu.evalInSandbox('let someVariable = 42', sb);
+ ok(false, "Should have thrown with let");
+ } catch (e) {
+ ok(true, "Threw with let: " + e);
+ }
+ try {
+ Cu.evalInSandbox('let someVariable = 42', sb, '1.5');
+ ok(false, "Should have thrown with let");
+ } catch (e) {
+ ok(true, "Threw with let: " + e);
+ }
+ }
+ var outerSB = new Cu.Sandbox(this);
+ Cu.evalInSandbox(checkExplicitVersions.toSource(), outerSB, '1.7');
+ outerSB.ok = ok;
+ outerSB.sop = this;
+ Cu.evalInSandbox('checkExplicitVersions();', outerSB);
+
+ const {addDebuggerToGlobal} = ChromeUtils.importESModule("resource://gre/modules/jsdebugger.sys.mjs");
+ addDebuggerToGlobal(globalThis);
+
+ try {
+ let dbg = new Debugger();
+ let sandbox = new Cu.Sandbox(this, {
+ invisibleToDebugger: false,
+ freshCompartment: true,
+ });
+ dbg.addDebuggee(sandbox);
+ ok(true, "debugger added visible value");
+ } catch(e) {
+ ok(false, "debugger could not add visible value");
+ }
+
+ try {
+ let dbg = new Debugger();
+ let sandbox = new Cu.Sandbox(this, { invisibleToDebugger: true });
+ dbg.addDebuggee(sandbox);
+ ok(false, "debugger added invisible value");
+ } catch(e) {
+ ok(true, "debugger did not add invisible value");
+ }
+ ]]></script>
+</window>