1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=667388
-->
<window title="Mozilla Bug 667388"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
<!-- test code goes here -->
<script type="application/javascript">
<![CDATA[
// Setup.
SimpleTest.waitForExplicitFinish();
window.testObject = { myNumber: 42,
myDomain: window.location.domain };
// Wait for both frames to load before proceeding.
var framesLoaded = [null, false, false, false];
function onFrameLoaded(id) {
// Mark this frame as loaded.
framesLoaded[id] = true;
// Allow it to call various helpers.
window.frames[id].wrappedJSObject.is = is;
window.frames[id].wrappedJSObject.ok = ok;
window.frames[id].wrappedJSObject.info = info;
// If all the frames are loaded, start the test.
if (framesLoaded[1] && framesLoaded[2] && framesLoaded[3])
startTest();
}
function reject(e) {
ok(false, "Rejected Promise: " + e);
SimpleTest.finish();
}
function startTest() {
runChromeContentTest(window.frames[1]).then(
runContentContentTest.bind(null, window.frames[1], window.frames[2],
true, "Should be able to clone same-origin"), reject).then(
runContentContentTest.bind(null, window.frames[2], window.frames[3],
false, "Should not be able to clone cross-origin"), reject).then(function() {
// Colaborate with document.domain, then try again.
frames[2].document.domain = 'example.org';
frames[3].document.domain = 'example.org';
return runContentContentTest(window.frames[2], window.frames[3],
false, "Should be able to clone cross-origin with document.domain, but can't because of cached CCWs")
}, reject).then(SimpleTest.finish.bind(SimpleTest), reject);
}
// Tests cloning between chrome and content.
function runChromeContentTest(contentWin) {
// We should be able to clone a content object.
tryToClone(contentWin.wrappedJSObject.testObject,
true,
"Chrome should be able to clone content object");
return Promise.resolve();
}
// Test cloning between content and content.
//
// Note - the way we do this is kind of sketchy. Because we're grabbing the
// test object from win1 by waiving Xray (via .wrappedJSObject), the object
// we're passing from win1 to win2 is actually the waived object (which has
// a distinct identity in the compartment of win2). So this means that we're
// actually giving win2 Xray waivers to win1! This doesn't affect things as
// long as the security wrappers check documentDomainMakesSameOrigin directly
// for the puncture case rather than checking IsTransparent(), but it still
// gives rise to a situation that wouldn't really happen in practice.
function runContentContentTest(win1, win2, shouldSucceed, msg) {
var p = win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.testObject,
shouldSucceed, msg);
if (!shouldSucceed)
return Promise.resolve();
return new Promise(function(resolve) {
p.then(function(cloneResult) {
is(JSON.stringify(Cu.waiveXrays(cloneResult)),
JSON.stringify(win2.wrappedJSObject.testObject),
"Clone should create an identical object");
resolve();
});
});
}
function tryToClone(obj, shouldSucceed, message) {
var success = false;
var sink = window.frames[0];
try { sink.postMessage(obj, '*'); success = true; }
catch (e) { message = message + ' (threw: ' + e.message + ')'; }
is(success, shouldSucceed, message);
}
]]>
</script>
<!-- test results are displayed in the html:body -->
<body xmlns="http://www.w3.org/1999/xhtml">
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=667388"
target="_blank">Mozilla Bug 667388</a>
<iframe id="sink" />
<!-- The first two are same-origin, the third is not. -->
<iframe id="frame1" onload="onFrameLoaded(1);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
<iframe id="frame2" onload="onFrameLoaded(2);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
<iframe id="frame3" onload="onFrameLoaded(3);" src="http://test2.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
</body>
</window>
|