1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
function run_test() {
var epsb = new Cu.Sandbox(["http://example.com", "http://example.org"], { wantExportHelpers: true });
var subsb = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });
var subsb2 = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });
var xorigsb = new Cu.Sandbox("http://test.com", { wantGlobalProperties: ["XMLHttpRequest"] });
epsb.subsb = subsb;
epsb.xorigsb = xorigsb;
epsb.ok = ok;
epsb.equal = equal;
subsb.ok = ok;
subsb.equal = equal;
// Exporting should work if prinicipal of the source sandbox
// subsumes the principal of the target sandbox.
Cu.evalInSandbox("(" + function() {
var wasCalled = false;
this.funToExport = function(expectedThis, a, obj, native, mixed, callback) {
equal(arguments.callee.length, 6);
equal(a, 42);
equal(obj, subsb.tobecloned);
equal(obj.cloned, "cloned");
equal(native, subsb.native);
equal(expectedThis, this);
equal(mixed.xrayed, subsb.xrayed);
equal(mixed.xrayed2, subsb.xrayed2);
if (typeof callback == 'function') {
equal(typeof subsb.callback, 'function');
equal(callback, subsb.callback);
callback();
}
wasCalled = true;
};
this.checkIfCalled = function() {
ok(wasCalled);
wasCalled = false;
}
exportFunction(funToExport, subsb, { defineAs: "imported", allowCallbacks: true });
exportFunction((x) => x, subsb, { defineAs: "echoAllowXO", allowCallbacks: true, allowCrossOriginArguments: true });
}.toSource() + ")()", epsb);
subsb.xrayed = Cu.evalInSandbox("(" + function () {
return new XMLHttpRequest();
}.toSource() + ")()", subsb2);
// Exported function should be able to be call from the
// target sandbox. Native arguments should be just wrapped
// every other argument should be cloned.
Cu.evalInSandbox("(" + function () {
native = new XMLHttpRequest();
xrayed2 = XPCNativeWrapper(new XMLHttpRequest());
mixed = { xrayed: xrayed, xrayed2: xrayed2 };
tobecloned = { cloned: "cloned" };
invokedCallback = false;
callback = function() { invokedCallback = true; };
imported(this, 42, tobecloned, native, mixed, callback);
equal(imported.length, 6);
ok(invokedCallback);
}.toSource() + ")()", subsb);
// Invoking an exported function with cross-origin arguments should throw.
subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);
try {
Cu.evalInSandbox('imported(this, xoNative)', subsb);
Assert.ok(false);
} catch (e) {
Assert.ok(/denied|insecure/.test(e));
}
// Callers can opt-out of the above.
subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);
try {
Assert.equal(Cu.evalInSandbox('echoAllowXO(xoNative)', subsb), subsb.xoNative);
Assert.ok(true);
} catch (e) {
Assert.ok(false);
}
// Apply should work and |this| should carry over appropriately.
Cu.evalInSandbox("(" + function() {
var someThis = {};
imported.apply(someThis, [someThis, 42, tobecloned, native, mixed]);
}.toSource() + ")()", subsb);
Cu.evalInSandbox("(" + function() {
checkIfCalled();
}.toSource() + ")()", epsb);
// Exporting should throw if principal of the source sandbox does
// not subsume the principal of the target.
Cu.evalInSandbox("(" + function() {
try{
exportFunction(function() {}, this.xorigsb, { defineAs: "denied" });
ok(false);
} catch (e) {
ok(e.toString().indexOf('Permission denied') > -1);
}
}.toSource() + ")()", epsb);
// Exporting should throw if the principal of the source sandbox does
// not subsume the principal of the function.
epsb.xo_function = new xorigsb.Function();
Cu.evalInSandbox("(" + function() {
try{
exportFunction(xo_function, this.subsb, { defineAs: "denied" });
ok(false);
} catch (e) {
dump('Exception: ' + e);
ok(e.toString().indexOf('Permission denied') > -1);
}
}.toSource() + ")()", epsb);
// Let's create an object in the target scope and add privileged
// function to it as a property.
Cu.evalInSandbox("(" + function() {
var newContentObject = createObjectIn(subsb, { defineAs: "importedObject" });
exportFunction(funToExport, newContentObject, { defineAs: "privMethod" });
}.toSource() + ")()", epsb);
Cu.evalInSandbox("(" + function () {
importedObject.privMethod(importedObject, 42, tobecloned, native, mixed);
}.toSource() + ")()", subsb);
Cu.evalInSandbox("(" + function() {
checkIfCalled();
}.toSource() + ")()", epsb);
// exportFunction and createObjectIn should be available from Cu too.
var newContentObject = Cu.createObjectIn(subsb, { defineAs: "importedObject2" });
var wasCalled = false;
Cu.exportFunction(function(arg) { wasCalled = arg.wasCalled; },
newContentObject, { defineAs: "privMethod" });
Cu.evalInSandbox("(" + function () {
importedObject2.privMethod({wasCalled: true});
}.toSource() + ")()", subsb);
// 3rd argument of exportFunction should be optional.
Cu.evalInSandbox("(" + function() {
subsb.imported2 = exportFunction(funToExport, subsb);
}.toSource() + ")()", epsb);
Cu.evalInSandbox("(" + function () {
imported2(this, 42, tobecloned, native, mixed);
}.toSource() + ")()", subsb);
Cu.evalInSandbox("(" + function() {
checkIfCalled();
}.toSource() + ")()", epsb);
Assert.ok(wasCalled);
}
|
