Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 152 insertions, 0 deletions

diff --git a/js/xpconnect/tests/unit/test_exportFunction.js b/js/xpconnect/tests/unit/test_exportFunction.js
new file mode 100644
index 0000000000..a7b2ca8056
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_exportFunction.js
@@ -0,0 +1,152 @@
+function run_test() {
+  var epsb = new Cu.Sandbox(["http://example.com", "http://example.org"], { wantExportHelpers: true });
+  var subsb = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });
+  var subsb2 = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });
+  var xorigsb = new Cu.Sandbox("http://test.com", { wantGlobalProperties: ["XMLHttpRequest"] });
+
+  epsb.subsb = subsb;
+  epsb.xorigsb = xorigsb;
+  epsb.ok = ok;
+  epsb.equal = equal;
+  subsb.ok = ok;
+  subsb.equal = equal;
+
+  // Exporting should work if prinicipal of the source sandbox
+  // subsumes the principal of the target sandbox.
+  Cu.evalInSandbox("(" + function() {
+    var wasCalled = false;
+    this.funToExport = function(expectedThis, a, obj, native, mixed, callback) {
+      equal(arguments.callee.length, 6);
+      equal(a, 42);
+      equal(obj, subsb.tobecloned);
+      equal(obj.cloned, "cloned");
+      equal(native, subsb.native);
+      equal(expectedThis, this);
+      equal(mixed.xrayed, subsb.xrayed);
+      equal(mixed.xrayed2, subsb.xrayed2);
+      if (typeof callback == 'function') {
+        equal(typeof subsb.callback, 'function');
+        equal(callback, subsb.callback);
+        callback();
+      }
+      wasCalled = true;
+    };
+    this.checkIfCalled = function() {
+      ok(wasCalled);
+      wasCalled = false;
+    }
+    exportFunction(funToExport, subsb, { defineAs: "imported", allowCallbacks: true });
+    exportFunction((x) => x, subsb, { defineAs: "echoAllowXO", allowCallbacks: true, allowCrossOriginArguments: true });
+  }.toSource() + ")()", epsb);
+
+  subsb.xrayed = Cu.evalInSandbox("(" + function () {
+      return new XMLHttpRequest();
+  }.toSource() + ")()", subsb2);
+
+  // Exported function should be able to be call from the
+  // target sandbox. Native arguments should be just wrapped
+  // every other argument should be cloned.
+  Cu.evalInSandbox("(" + function () {
+    native = new XMLHttpRequest();
+    xrayed2 = XPCNativeWrapper(new XMLHttpRequest());
+    mixed = { xrayed: xrayed, xrayed2: xrayed2 };
+    tobecloned = { cloned: "cloned" };
+    invokedCallback = false;
+    callback = function() { invokedCallback = true; };
+    imported(this, 42, tobecloned, native, mixed, callback);
+    equal(imported.length, 6);
+    ok(invokedCallback);
+  }.toSource() + ")()", subsb);
+
+  // Invoking an exported function with cross-origin arguments should throw.
+  subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);
+  try {
+    Cu.evalInSandbox('imported(this, xoNative)', subsb);
+    Assert.ok(false);
+  } catch (e) {
+    Assert.ok(/denied|insecure/.test(e));
+  }
+
+  // Callers can opt-out of the above.
+  subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);
+  try {
+    Assert.equal(Cu.evalInSandbox('echoAllowXO(xoNative)', subsb), subsb.xoNative);
+    Assert.ok(true);
+  } catch (e) {
+    Assert.ok(false);
+  }
+
+  // Apply should work and |this| should carry over appropriately.
+  Cu.evalInSandbox("(" + function() {
+    var someThis = {};
+    imported.apply(someThis, [someThis, 42, tobecloned, native, mixed]);
+  }.toSource() + ")()", subsb);
+
+  Cu.evalInSandbox("(" + function() {
+    checkIfCalled();
+  }.toSource() + ")()", epsb);
+
+  // Exporting should throw if principal of the source sandbox does
+  // not subsume the principal of the target.
+  Cu.evalInSandbox("(" + function() {
+    try{
+      exportFunction(function() {}, this.xorigsb, { defineAs: "denied" });
+      ok(false);
+    } catch (e) {
+      ok(e.toString().indexOf('Permission denied') > -1);
+    }
+  }.toSource() + ")()", epsb);
+
+  // Exporting should throw if the principal of the source sandbox does
+  // not subsume the principal of the function.
+  epsb.xo_function = new xorigsb.Function();
+  Cu.evalInSandbox("(" + function() {
+    try{
+      exportFunction(xo_function, this.subsb, { defineAs: "denied" });
+      ok(false);
+    } catch (e) {
+      dump('Exception: ' + e);
+      ok(e.toString().indexOf('Permission denied') > -1);
+    }
+  }.toSource() + ")()", epsb);
+
+  // Let's create an object in the target scope and add privileged
+  // function to it as a property.
+  Cu.evalInSandbox("(" + function() {
+    var newContentObject = createObjectIn(subsb, { defineAs: "importedObject" });
+    exportFunction(funToExport, newContentObject, { defineAs: "privMethod" });
+  }.toSource() + ")()", epsb);
+
+  Cu.evalInSandbox("(" + function () {
+    importedObject.privMethod(importedObject, 42, tobecloned, native, mixed);
+  }.toSource() + ")()", subsb);
+
+  Cu.evalInSandbox("(" + function() {
+    checkIfCalled();
+  }.toSource() + ")()", epsb);
+
+  // exportFunction and createObjectIn should be available from Cu too.
+  var newContentObject = Cu.createObjectIn(subsb, { defineAs: "importedObject2" });
+  var wasCalled = false;
+  Cu.exportFunction(function(arg) { wasCalled = arg.wasCalled; },
+                    newContentObject, { defineAs: "privMethod" });
+
+  Cu.evalInSandbox("(" + function () {
+    importedObject2.privMethod({wasCalled: true});
+  }.toSource() + ")()", subsb);
+
+  // 3rd argument of exportFunction should be optional.
+  Cu.evalInSandbox("(" + function() {
+    subsb.imported2 = exportFunction(funToExport, subsb);
+  }.toSource() + ")()", epsb);
+
+  Cu.evalInSandbox("(" + function () {
+    imported2(this, 42, tobecloned, native, mixed);
+  }.toSource() + ")()", subsb);
+
+  Cu.evalInSandbox("(" + function() {
+    checkIfCalled();
+  }.toSource() + ")()", epsb);
+
+  Assert.ok(wasCalled);
+}