1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=758415
-->
<window title="Mozilla Bug 758415"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
<!-- test results are displayed in the html:body -->
<body xmlns="http://www.w3.org/1999/xhtml">
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=758415"
target="_blank">Mozilla Bug 758415</a>
</body>
<!-- test code goes here -->
<script type="application/javascript">
<![CDATA[
/** Test for Cross-Origin Xray Expando Sharing. **/
SimpleTest.waitForExplicitFinish();
// Import our test JSM. We first strip the filename off
// the chrome url, then append the jsm filename.
var base = /.*\//.exec(window.location.href)[0];
const {checkFromJSM} = ChromeUtils.import(base + "file_expandosharing.jsm");
// Wait for all child frames to load.
var gLoadCount = 0;
function frameLoaded() {
if (++gLoadCount == window.frames.length)
go();
}
function go() {
// Empower the content windows with some functions.
var wins = document.getElementsByTagName('iframe');
for (var i = 0; i < wins.length; ++i) {
var win = wins[i].contentWindow.wrappedJSObject;
win.ok = ok;
win.is = is;
}
// Grab references to the content windows. We abbreviate the origins as follows:
// A: test1.example.org
// B: test2.example.org
// C: sub1.test1.example.org
window.gWinA1 = document.getElementById('frameA1').contentWindow;
window.gWinA2 = document.getElementById('frameA2').contentWindow;
window.gWinA3 = document.getElementById('frameA3').contentWindow;
window.gWinB = document.getElementById('frameB').contentWindow;
window.gWinC = document.getElementById('frameC').contentWindow;
/* globals gWinA1, gWinA2, gWinA3, gWinB, gWinC */
// Test expando sharing with a JSM for different types of Xrays.
testJSM(Cu.unwaiveXrays(gWinC.wrappedJSObject.targetWN));
testJSM(Cu.unwaiveXrays(gWinC.wrappedJSObject.targetDOM));
testJSM(Cu.unwaiveXrays(gWinC.wrappedJSObject.targetJS));
// Make sure sandboxes never share expandos with anyone else.
testSandbox(Cu.unwaiveXrays(gWinB.wrappedJSObject.targetWN));
testSandbox(Cu.unwaiveXrays(gWinB.wrappedJSObject.targetDOM));
testSandbox(Cu.unwaiveXrays(gWinB.wrappedJSObject.targetJS));
// Test Content Xrays.
testContentXrays();
SimpleTest.finish();
}
// Make sure that expandos are shared between us and a JSM.
function testJSM(target) {
target.numProp = 42;
target.strProp = "foo";
target.objProp = { bar: "baz" };
checkFromJSM(target, is);
}
function testSandbox(target) {
// This gets both run in this scope and the sandbox scope.
var name = "harness";
function placeExpando() {
target.prop = name;
}
// Set up the sandboxes. Use an expanded principal to get xrays with
// exclusive expandos.
let sb1 = Cu.Sandbox(["https://test1.example.org", "https://test2.example.org"]);
let sb2 = Cu.Sandbox(["https://test1.example.org", "https://test2.example.org"]);
sb1.target = target;
sb2.target = target;
sb1.name = "sandbox1";
sb2.name = "sandbox2";
placeExpando();
Cu.evalInSandbox(placeExpando.toSource() + "placeExpando();", sb1);
Cu.evalInSandbox(placeExpando.toSource() + "placeExpando();", sb2);
// Make sure everyone sees a different value.
is(target.prop, "harness", "Harness sees its own value");
is(Cu.evalInSandbox("target.prop", sb1), "sandbox1", "Sandbox 1 sees its own value");
is(Cu.evalInSandbox("target.prop", sb2), "sandbox2", "Sandbox 2 sees its own value");
}
// Make sure that the origin tagging machinery works correctly and that we don't
// mix up chrome and content expandos.
function testContentXrays() {
// Give A1 and A3 xrays to (same-origin) A2.
Cu.setWantXrays(gWinA1);
Cu.setWantXrays(gWinA3);
gWinA1.wrappedJSObject.placeExpando('A1_expando', 11, gWinA2.document);
gWinA3.wrappedJSObject.placeExpando('A3_expando', 33, gWinA2.document);
gWinA2.document.Chrome_expando = 33;
is(gWinA2.document.Chrome_expando, 33, "Read chrome expando properly");
is(typeof gWinA2.document.A1_expando, 'undefined', "Chrome doesn't see content expandos");
is(typeof gWinA2.document.A3_expando, 'undefined', "Chrome doesn't see content expandos");
gWinA1.wrappedJSObject.checkExpando('A1_expando', 11, gWinA2.document, "Content sees proper expandos");
gWinA3.wrappedJSObject.checkExpando('A1_expando', 11, gWinA2.document, "Content sees proper expandos");
gWinA1.wrappedJSObject.checkExpando('A3_expando', 33, gWinA2.document, "Content sees proper expandos");
gWinA3.wrappedJSObject.checkExpando('A3_expando', 33, gWinA2.document, "Content sees proper expandos");
gWinA1.wrappedJSObject.checkExpando('Chrome_expando', null, gWinA2.document, "Content doesn't see chrome expandos");
gWinA3.wrappedJSObject.checkExpando('Chrome_expando', null, gWinA2.document, "Content doesn't see chrome expandos");
// We very explicitly do not support expando sharing via document.domain.
// A comment in the implementation explains why.
gWinA1.document.domain = 'test1.example.org';
gWinA2.document.domain = 'test1.example.org';
gWinA3.document.domain = 'test1.example.org';
gWinC.document.domain = 'test1.example.org';
gWinC.wrappedJSObject.checkExpando('A1_expando', null, gWinA2.document, "document.domain should have no effect here");
gWinC.wrappedJSObject.checkExpando('A3_expando', null, gWinA2.document, "document.domain should have no effect here");
}
]]>
</script>
<iframe id="frameA1" onload="frameLoaded();" type="content" src="https://test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
<iframe id="frameA2" onload="frameLoaded();" type="content" src="https://test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
<iframe id="frameA3" onload="frameLoaded();" type="content" src="https://test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
<iframe id="frameB" onload="frameLoaded();" type="content" src="https://test2.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
<iframe id="frameC" onload="frameLoaded();" type="content" src="https://sub1.test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
</window>
|