<?xml version="1.0"?> <?xml-stylesheet type="text/css" href="chrome://global/skin"?> <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?> <!-- https://bugzilla.mozilla.org/show_bug.cgi?id=996069 --> <window title="Mozilla Bug 996069" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/> <!-- test results are displayed in the html:body --> <body xmlns="http://www.w3.org/1999/xhtml"> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=996069" target="_blank">Mozilla Bug 996069</a> </body> <!-- test code goes here --> <script type="application/javascript"> <![CDATA[ /** Test for Bug 996069 **/ SimpleTest.waitForExplicitFinish(); function loaded() { var ifr = document.getElementById("ifr").contentWindow; var sb = new Cu.Sandbox([ifr], { sandboxPrototype: ifr }); ifr.wrappedJSObject.finishTest = function() { // If we got here we did not hit the NS_ReleaseAssert... ok(true, "ExpandedPrincipal should not be inherited by content windows"); // But let's be sure that the new window does not have nsEP newWin.wrappedJSObject.obj = Cu.evalInSandbox("var obj = { foo: 'bar' }; obj", sb); try { newWin.eval("obj.foo"); ok(false, "newWin should not have access to object from a scope with ExpandedPrincipal"); } catch (e) { ok(/Permission denied/.exec(e.message), "newWin should not have access to object from a scope with ExpandedPrincipal"); } newWin.close(); SimpleTest.finish(); }; var newWin = Cu.evalInSandbox( "window.open('https://example.org/chrome/js/xpconnect/tests/chrome/file_bug996069.html');", sb); } ]]> </script> <iframe id="ifr" onload="loaded();" type="content" src="https://example.org/chrome/js/xpconnect/tests/chrome/file_bug996069.html" /> </window>