diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
| commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
| tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /js/src/jit-test/tests/basic/script-filename-validation-1.js | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip | |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'js/src/jit-test/tests/basic/script-filename-validation-1.js')
| -rw-r--r-- | js/src/jit-test/tests/basic/script-filename-validation-1.js | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/js/src/jit-test/tests/basic/script-filename-validation-1.js b/js/src/jit-test/tests/basic/script-filename-validation-1.js new file mode 100644 index 0000000000..fa440dd6d4 --- /dev/null +++ b/js/src/jit-test/tests/basic/script-filename-validation-1.js @@ -0,0 +1,51 @@ +load(libdir + "asserts.js"); + +setTestFilenameValidationCallback(); + +// Filenames starting with "safe" are fine. +assertEq(evaluate("2", {fileName: "safe.js"}), 2); +assertEq(evaluate("eval(3)", {fileName: "safe.js"}), 3); +assertEq(evaluate("Function('return 4')()", {fileName: "safe.js"}), 4); + +// Delazification is fine. +function foo(x) { + function bar(x) { return x + 1; } + return bar(x); +} +assertEq(foo(1), 2); + +// These are all blocked. +assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: "unsafe.js"}), InternalError); +assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: "system.js"}), InternalError); +assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: ""}), InternalError); +assertThrowsInstanceOf(() => evaluate("throw 2"), InternalError); +assertThrowsInstanceOf(() => eval("throw 2"), InternalError); +assertThrowsInstanceOf(() => Function("return 1"), InternalError); +assertThrowsInstanceOf(() => parseModule("{ function x() {} }"), InternalError); + +// The error message must contain the filename. +var ex = null; +try { + evaluate("throw 2", {fileName: "file://foo.js"}); +} catch (e) { + ex = e; +} +assertEq(ex.toString(), "InternalError: unsafe filename: file://foo.js"); + +// Off-thread parse throws too, when finishing. +if (helperThreadCount() > 0) { + offThreadCompileToStencil('throw 1'); + var stencil = finishOffThreadStencil(); + assertThrowsInstanceOf(() => evalStencil(stencil), InternalError); +} + +// Unsafe filename is accepted if we opt-out. +assertEq(evaluate("2", {fileName: "unsafe.js", skipFileNameValidation: true}), 2); +assertEq(evaluate("3", {skipFileNameValidation: true}), 3); + +// In system realms we also accept filenames starting with "system". +var systemRealm = newGlobal({newCompartment: true, systemPrincipal: true}); +assertEq(systemRealm.evaluate("1 + 2", {fileName: "system.js"}), 3); +assertEq(systemRealm.evaluate("2 + 2", {fileName: "safe.js"}), 4); +assertThrowsInstanceOf(() => systemRealm.evaluate("1 + 2", {fileName: "unsafe.js"}), + systemRealm.InternalError); |