From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 dom/tests/browser/browser_xhr_sandbox.js | 62 ++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 dom/tests/browser/browser_xhr_sandbox.js

(limited to 'dom/tests/browser/browser_xhr_sandbox.js')

diff --git a/dom/tests/browser/browser_xhr_sandbox.js b/dom/tests/browser/browser_xhr_sandbox.js
new file mode 100644
index 0000000000..cca69b916b
--- /dev/null
+++ b/dom/tests/browser/browser_xhr_sandbox.js
@@ -0,0 +1,62 @@
+// This code is evaluated in a sandbox courtesy of toSource();
+var sandboxCode =
+  function () {
+    let req = new XMLHttpRequest();
+    req.open("GET", "http://mochi.test:8888/browser/dom/tests/browser/", true);
+    req.onreadystatechange = function () {
+      if (req.readyState === 4) {
+        // If we get past the problem above, we end up with a req.status of zero
+        // (ie, blocked due to CORS) even though we are fetching from the same
+        // origin as the window itself.
+        let result;
+        if (req.status != 200) {
+          result = "ERROR: got request status of " + req.status;
+        } else if (!req.responseText.length) {
+          result = "ERROR: got zero byte response text";
+        } else {
+          result = "ok";
+        }
+        postMessage({ result }, "*");
+      }
+    };
+    req.send(null);
+  }.toSource() + "();";
+
+add_task(async function test() {
+  await SpecialPowers.pushPrefEnv({
+    set: [["security.allow_unsafe_parent_loads", true]],
+  });
+
+  let newWin = await BrowserTestUtils.openNewBrowserWindow();
+
+  let frame = newWin.document.createXULElement("iframe");
+  frame.setAttribute("type", "content");
+  frame.setAttribute(
+    "src",
+    "http://mochi.test:8888/browser/dom/tests/browser/browser_xhr_sandbox.js"
+  );
+
+  newWin.document.documentElement.appendChild(frame);
+  await BrowserTestUtils.waitForEvent(frame, "load", true);
+
+  let contentWindow = frame.contentWindow;
+  let sandbox = new Cu.Sandbox(contentWindow);
+
+  // inject some functions from the window into the sandbox.
+  // postMessage so the async code in the sandbox can report a result.
+  sandbox.importFunction(
+    contentWindow.postMessage.bind(contentWindow),
+    "postMessage"
+  );
+  sandbox.importFunction(contentWindow.XMLHttpRequest, "XMLHttpRequest");
+  Cu.evalInSandbox(sandboxCode, sandbox, "1.8");
+
+  let sandboxReply = await BrowserTestUtils.waitForEvent(
+    contentWindow,
+    "message",
+    true
+  );
+  is(sandboxReply.data.result, "ok", "check the sandbox code was felipe");
+
+  await BrowserTestUtils.closeWindow(newWin);
+});
-- 
cgit v1.2.3