1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=804630
-->
<window title="Mozilla Bug 804630"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
<!-- test results are displayed in the html:body -->
<body xmlns="http://www.w3.org/1999/xhtml">
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=804630"
target="_blank">Mozilla Bug 804630</a>
</body>
<!-- test code goes here -->
<script type="application/javascript">
<![CDATA[
/** Test to make sure that COWed objects can't expose properties from their prototypes. **/
// Set up the sandbox.
var sb = new Cu.Sandbox("https://www.example.com");
sb.ok = ok;
sb.is = is;
// Make a chrome object that tries to expose objects off its prototype.
sb.proto = { read: 42, readWrite: 32 };
sb.obj = {};
sb.obj.__proto__ = sb.proto;
// Make sure we can't access any of the properties on the prototype directly.
Cu.evalInSandbox('is(proto.read, undefined, "proto.read inaccessible");', sb);
Cu.evalInSandbox('var wrote = false; ' +
'try { proto.readWrite = 12; wrote = true; } catch(e) {} ' +
' ok(!wrote, "Should not write proto property");', sb);
// Make sure we can't access the exposed properties via the derived object.
Cu.evalInSandbox('is(obj.read, undefined, "obj.read inaccessible");', sb);
Cu.evalInSandbox('is(obj.readWrite, undefined, "obj.readWrite is not readable");', sb);
Cu.evalInSandbox('try { obj.readWrite = 8; ok(false, "obj.readWrite is not writable"); } catch (e) {};',
sb);
]]>
</script>
</window>
|
