mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
127 lines
5.4 KiB
Plaintext
127 lines
5.4 KiB
Plaintext
|
<?xml version="1.0"?>
|
||
|
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
|
||
|
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
|
||
|
<!--
|
||
|
https://bugzilla.mozilla.org/show_bug.cgi?id=667388
|
||
|
-->
|
||
|
<window title="Mozilla Bug 667388"
|
||
|
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
|
||
|
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
|
||
|
|
||
|
<!-- test code goes here -->
|
||
|
<script type="application/javascript">
|
||
|
<![CDATA[
|
||
|
|
||
|
// Setup.
|
||
|
SimpleTest.waitForExplicitFinish();
|
||
|
window.testObject = { myNumber: 42,
|
||
|
myDomain: window.location.domain };
|
||
|
|
||
|
|
||
|
// Wait for both frames to load before proceeding.
|
||
|
var framesLoaded = [null, false, false, false];
|
||
|
function onFrameLoaded(id) {
|
||
|
|
||
|
// Mark this frame as loaded.
|
||
|
framesLoaded[id] = true;
|
||
|
|
||
|
// Allow it to call |is|.
|
||
|
window.frames[id].wrappedJSObject.is = is;
|
||
|
|
||
|
// If all the frames are loaded, start the test.
|
||
|
if (framesLoaded[1] && framesLoaded[2] && framesLoaded[3])
|
||
|
startTest();
|
||
|
}
|
||
|
|
||
|
function startTest() {
|
||
|
|
||
|
// Test interaction between chrome and content.
|
||
|
runChromeContentTest(window.frames[1]);
|
||
|
|
||
|
// Try same origin.
|
||
|
runContentContentTest(window.frames[1], window.frames[2],
|
||
|
true, "Should be able to clone same-origin");
|
||
|
|
||
|
// Try cross-origin.
|
||
|
runContentContentTest(window.frames[2], window.frames[3],
|
||
|
false, "Should not be able to clone cross-origin");
|
||
|
|
||
|
// Colaborate with document.domain, then try again.
|
||
|
frames[2].document.domain = 'example.org';
|
||
|
frames[3].document.domain = 'example.org';
|
||
|
runContentContentTest(window.frames[2], window.frames[3],
|
||
|
true, "Should be able to clone cross-origin with document.domain")
|
||
|
|
||
|
SimpleTest.finish();
|
||
|
}
|
||
|
|
||
|
// Tests cloning between chrome and content.
|
||
|
function runChromeContentTest(contentWin) {
|
||
|
|
||
|
// We should be able to clone a content object.
|
||
|
tryToClone(contentWin.wrappedJSObject.testObject,
|
||
|
true,
|
||
|
"Chrome should be able to clone content object");
|
||
|
|
||
|
// Content should not be able to clone a chrome object.
|
||
|
//
|
||
|
// Note that because we're using |wrappedJSObject| here, the subject
|
||
|
// principal is clamed to the principal of the iframe, which is what we want.
|
||
|
contentWin.wrappedJSObject.tryToClone(window.testObject, false,
|
||
|
"Content should not be able to clone chrome object");
|
||
|
}
|
||
|
|
||
|
// Test cloning between content and content.
|
||
|
//
|
||
|
// Note - the way we do this is kind of sketchy. Because we're grabbing the
|
||
|
// test object from win1 by waiving Xray (via .wrappedJSObject), the object
|
||
|
// we're passing from win1 to win2 is actually the waived object (which has
|
||
|
// a distinct identity in the compartment of win2). So this means that we're
|
||
|
// actually giving win2 Xray waivers to win1! This doesn't affect things as
|
||
|
// long as the security wrappers check documentDomainMakesSameOrigin directly
|
||
|
// for the puncture case rather than checking IsTransparent(), but it still
|
||
|
// gives rise to a situation that wouldn't really happen in practice.
|
||
|
//
|
||
|
// A more serious issues is that we don't/can't test the Xray wrapper path,
|
||
|
// because the only native objects that we successfully send through
|
||
|
// structured clone don't force a parent in PreCreate, and so we _can't_
|
||
|
// have security wrappers around them (we get a new XPCWN in each
|
||
|
// compartment). Since the case can't happen, we can't write tests for it.
|
||
|
// But when it can happen (ie, we fix PreCreate for File, FileList, Blob, etc),
|
||
|
// we want tests right away, because this stuff is very security-sensitive.
|
||
|
// So we set this test up to fail when things are fixed, so that the someone
|
||
|
// will notice and properly augment this test to cover native objects.
|
||
|
function runContentContentTest(win1, win2, shouldSucceed, msg) {
|
||
|
win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.testObject,
|
||
|
shouldSucceed, msg);
|
||
|
|
||
|
var fixMsg = "If this fails, you fixed PreCreate. That's a good thing, ";
|
||
|
fixMsg += "but now we need some test coverage. See the above comment.";
|
||
|
win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.blob, true, fixMsg);
|
||
|
win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.filelist, true, fixMsg);
|
||
|
}
|
||
|
|
||
|
function tryToClone(obj, shouldSucceed, message) {
|
||
|
var success = false;
|
||
|
var sink = window.frames[0];
|
||
|
try { sink.postMessage(obj, '*'); success = true; }
|
||
|
catch (e) { message = message + ' (threw: ' + e.message + ')'; }
|
||
|
is(success, shouldSucceed, message);
|
||
|
}
|
||
|
|
||
|
]]>
|
||
|
</script>
|
||
|
|
||
|
<!-- test results are displayed in the html:body -->
|
||
|
<body xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=667388"
|
||
|
target="_blank">Mozilla Bug 667388</a>
|
||
|
<iframe id="sink" />
|
||
|
<!-- The first two are same-origin, the third is not. -->
|
||
|
<iframe id="frame1" onload="onFrameLoaded(1);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
|
||
|
<iframe id="frame2" onload="onFrameLoaded(2);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
|
||
|
<iframe id="frame3" onload="onFrameLoaded(3);" src="http://test2.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
|
||
|
</body>
|
||
|
|
||
|
</window>
|