1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
// This code is evaluated in a sandbox courtesy of toSource();
var sandboxCode =
function () {
let req = new XMLHttpRequest();
req.open("GET", "http://mochi.test:8888/browser/dom/tests/browser/", true);
req.onreadystatechange = function () {
if (req.readyState === 4) {
// If we get past the problem above, we end up with a req.status of zero
// (ie, blocked due to CORS) even though we are fetching from the same
// origin as the window itself.
let result;
if (req.status != 200) {
result = "ERROR: got request status of " + req.status;
} else if (!req.responseText.length) {
result = "ERROR: got zero byte response text";
} else {
result = "ok";
}
postMessage({ result }, "*");
}
};
req.send(null);
}.toSource() + "();";
add_task(async function test() {
await SpecialPowers.pushPrefEnv({
set: [["security.allow_unsafe_parent_loads", true]],
});
let newWin = await BrowserTestUtils.openNewBrowserWindow();
let frame = newWin.document.createXULElement("iframe");
frame.setAttribute("type", "content");
frame.setAttribute(
"src",
"http://mochi.test:8888/browser/dom/tests/browser/browser_xhr_sandbox.js"
);
newWin.document.documentElement.appendChild(frame);
await BrowserTestUtils.waitForEvent(frame, "load", true);
let contentWindow = frame.contentWindow;
let sandbox = new Cu.Sandbox(contentWindow);
// inject some functions from the window into the sandbox.
// postMessage so the async code in the sandbox can report a result.
sandbox.importFunction(
contentWindow.postMessage.bind(contentWindow),
"postMessage"
);
sandbox.importFunction(contentWindow.XMLHttpRequest, "XMLHttpRequest");
Cu.evalInSandbox(sandboxCode, sandbox, "1.8");
let sandboxReply = await BrowserTestUtils.waitForEvent(
contentWindow,
"message",
true
);
is(sandboxReply.data.result, "ok", "check the sandbox code was felipe");
await BrowserTestUtils.closeWindow(newWin);
});
|
