diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /js/xpconnect/tests/chrome/test_documentdomain.xhtml | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | js/xpconnect/tests/chrome/test_documentdomain.xhtml | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/js/xpconnect/tests/chrome/test_documentdomain.xhtml b/js/xpconnect/tests/chrome/test_documentdomain.xhtml new file mode 100644 index 0000000000..8cffdc8e46 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_documentdomain.xhtml @@ -0,0 +1,100 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/css" href="chrome://global/skin"?> +<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=601277 +--> +<window title="Mozilla Bug 601277" + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> + <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/> + + <!-- test results are displayed in the html:body --> + <body xmlns="http://www.w3.org/1999/xhtml"> + <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=601277" + target="_blank">Mozilla Bug 601277</a> + </body> + + <!-- test code goes here --> + <script type="application/javascript"> + <![CDATA[ + /** Tests for document.domain. **/ + + SimpleTest.waitForExplicitFinish(); + + // Wait for the frames to load. + var gFramesLoaded = 0; + function frameLoaded() { + gFramesLoaded++; + if (gFramesLoaded == document.getElementsByTagName('iframe').length) + startTest(); + } + + function startTest() { + + // Grab all the content windows and waive Xray. Xray waivers only apply to + // chrome, so we can pass these references directly to content. + var win1A = document.getElementById('test1A').contentWindow.wrappedJSObject; + var win1B = document.getElementById('test1B').contentWindow.wrappedJSObject; + var win2 = document.getElementById('test2').contentWindow.wrappedJSObject; + var winBase = document.getElementById('base').contentWindow.wrappedJSObject; + + // Check the basics. + ok(win1A.tryToAccess(win1B), + "Same-origin windows should grant access"); + ok(!win1A.tryToAccess(win2), + "Cross-origin windows should not grant access"); + ok(!win1A.tryToAccess(winBase), + "Subdomain windows should not receive access"); + + // Store references now, while test1A and test1B are same-origin. + win1A.storeReference(win1B); + win1B.storeReference(win1A); + ok(win1A.tryToAccessStored(), "Stored references work when same-origin"); + win1A.evalFromB = Cu.unwaiveXrays(win1B.eval); // Crashtest for bug 1040181. + win1B.functionFromA = Cu.unwaiveXrays(win1A.Function); // Crashtest for bug 1040181. + ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "Should allow before document.domain"); + ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "Should allow before document.domain"); + + // Set document.domain on test1A. This should grant no access, since nobody + // else set it. + win1A.setDomain('example.org'); + ok(!win1A.tryToAccess(winBase), "base must collaborate too"); + ok(!winBase.tryToAccess(win1A), "base must collaborate too"); + ok(!win1A.tryToAccess(win1B), "No longer same-origin"); + ok(win1A.tryToAccessStored(), "We don't revoke access except through Window and Location"); + ok(!win1B.tryToAccess(win1A), "No longer same-origin"); + ok(win1B.tryToAccessStored(), "We don't revoke access except through Window and Location"); + ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "We don't revoke access except through Window and Location"); + ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "We don't revoke access except through Window and Location"); + + // Set document.domain on test1B. Now we're cooking with gas. + win1B.setDomain('example.org'); + ok(!win1B.tryToAccess(winBase), "base must collaborate too"); + ok(!winBase.tryToAccess(win1B), "base must collaborate too"); + ok(win1A.tryToAccess(win1B), "same-origin"); + ok(win1A.tryToAccessStored(), "same-origin"); + ok(win1B.tryToAccess(win1A), "same-origin"); + ok(win1B.tryToAccessStored(), "same-origin"); + + // Explicitly collaborate with base. + winBase.setDomain('example.org'); + ok(winBase.tryToAccess(win1A), "base collaborates"); + ok(win1A.tryToAccess(winBase), "base collaborates"); + + // All done. + SimpleTest.finish(); + } + + + ]]> + </script> + + <iframe id="test1A" onload="frameLoaded();" type="content" + src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" /> + <iframe id="test1B" onload="frameLoaded();" type="content" + src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" /> + <iframe id="test2" onload="frameLoaded();" type="content" + src="http://test2.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" /> + <iframe id="base" onload="frameLoaded();" type="content" + src="http://example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" /> +</window> |