1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=292789
-->
<head>
<title>Test for Bug 292789</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=292789">Mozilla Bug 292789</a>
<p id="display"></p>
<div id="content" style="display: none">
<script src="chrome://global/content/treeUtils.js"></script>
<script type="application/javascript" src="chrome://mozapps/content/update/history.js"></script>
<script id="resjs" type="application/javascript"></script>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Bug 292789
*
* Selectively allow access to allowlisted chrome packages
* even for ALLOW_CHROME mechanisms (<script>, <img> etc)
*/
/* import-globals-from ../../../toolkit/content/treeUtils.js */
/* import-globals-from ../../../toolkit/mozapps/update/content/history.js */
SimpleTest.waitForExplicitFinish();
let ChromeUtils = {
import() { return {}; },
};
/** <script src=""> test */
function testScriptSrc(aCallback) {
is(typeof gTreeUtils.sort, "function",
"content can still load <script> from chrome://global");
/** Try to find an export from history.js. We will find it if it is
* improperly not blocked, otherwise it will be "undefined".
*/
is(typeof gUpdateHistory, "undefined",
"content should not be able to load <script> from chrome://mozapps");
/** make sure the last one didn't pass because someone
* moved history.js
*/
var resjs = document.getElementById("resjs");
resjs.onload = scriptOnload;
resjs.src = "resource://gre/chrome/toolkit/content/mozapps/update/history.js";
document.getElementById("content").appendChild(resjs);
function scriptOnload() {
is(typeof gUpdateHistory.onLoad, "function",
"history.js has not moved unexpectedly");
// trigger the callback
if (aCallback)
aCallback();
}
}
/** <img src=""> tests */
var img_global = "chrome://global/skin/media/error.png";
var img_mozapps = "chrome://mozapps/skin/extensions/extensionGeneric.svg";
var res_mozapps = "resource://gre/chrome/toolkit/skin/classic/mozapps/extensions/extensionGeneric.svg";
var imgTests = [[img_global, "success"],
[img_mozapps, "fail"],
[res_mozapps, "success"]];
var curImgTest = 0;
function runImgTest() {
var test = imgTests[curImgTest++];
var callback = curImgTest == imgTests.length ? finishTest : runImgTest;
loadImage(test[0], test[1], callback);
}
function finishTest() {
SimpleTest.finish();
}
function fail(event) {
is("fail", event.target.expected,
"content should not be allowed to load " + event.target.src);
if (event.target.callback)
event.target.callback();
}
function success(event) {
is("success", event.target.expected,
"content should be able to load " + event.target.src);
if (event.target.callback)
event.target.callback();
}
function loadImage(uri, expect, callback) {
var img = document.createElement("img");
img.onerror = fail;
img.onload = success;
img.expected = expect;
img.callback = callback;
img.src = uri;
// document.getElementById("content").appendChild(img);
}
// Start off the script src test, and have it start the img tests when complete.
// Temporarily allow content to access all resource:// URIs.
SpecialPowers.pushPrefEnv({
set: [
["security.all_resource_uri_content_accessible", true],
],
}, () => testScriptSrc(runImgTest));
</script>
</pre>
</body>
</html>
|
