2012-11-02 17:47:49 -07:00
|
|
|
const Cu = Components.utils;
|
|
|
|
|
2012-04-28 06:12:28 -07:00
|
|
|
function run_test() {
|
|
|
|
var sb1 = Cu.Sandbox("http://www.blah.com");
|
|
|
|
var sb2 = Cu.Sandbox("http://www.blah.com");
|
|
|
|
var sb3 = Cu.Sandbox(this);
|
|
|
|
var sb4 = Cu.Sandbox("http://www.other.com");
|
|
|
|
var rv;
|
|
|
|
|
2012-09-24 05:46:28 -07:00
|
|
|
// Components is normally hidden from content on the XBL scope chain, but we
|
|
|
|
// expose it to content here to make sure that the security wrappers work
|
|
|
|
// regardless.
|
|
|
|
[sb1, sb2, sb4].forEach(function(x) { x.Components = Cu.getComponentsForScope(x); });
|
|
|
|
|
2012-04-28 06:12:28 -07:00
|
|
|
// non-chrome accessing chrome Components
|
|
|
|
sb1.C = Components;
|
2012-11-02 17:47:49 -07:00
|
|
|
checkThrows("C.utils", sb1);
|
|
|
|
checkThrows("C.classes", sb1);
|
2012-04-28 06:12:28 -07:00
|
|
|
|
|
|
|
// non-chrome accessing own Components
|
2012-11-02 17:47:49 -07:00
|
|
|
checkThrows("Components.utils", sb1);
|
|
|
|
checkThrows("Components.classes", sb1);
|
2012-04-28 06:12:28 -07:00
|
|
|
|
|
|
|
// non-chrome same origin
|
|
|
|
var C2 = Cu.evalInSandbox("Components", sb2);
|
2012-11-02 17:47:49 -07:00
|
|
|
do_check_neq(rv, C2.utils);
|
2012-04-28 06:12:28 -07:00
|
|
|
sb1.C2 = C2;
|
2012-11-02 17:47:49 -07:00
|
|
|
checkThrows("C2.utils", sb1);
|
|
|
|
checkThrows("C2.classes", sb1);
|
2012-04-28 06:12:28 -07:00
|
|
|
|
|
|
|
// chrome accessing chrome
|
|
|
|
sb3.C = Components;
|
|
|
|
rv = Cu.evalInSandbox("C.utils", sb3);
|
|
|
|
do_check_eq(rv, Cu);
|
|
|
|
|
|
|
|
// non-chrome cross origin
|
|
|
|
sb4.C2 = C2;
|
2012-11-02 17:47:49 -07:00
|
|
|
checkThrows("C2.utils", sb1);
|
|
|
|
checkThrows("C2.classes", sb1);
|
|
|
|
}
|
2012-04-28 06:12:28 -07:00
|
|
|
|
2012-11-02 17:47:49 -07:00
|
|
|
function checkThrows(expression, sb) {
|
|
|
|
var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
|
|
|
|
do_check_true(!!/denied/.exec(result));
|
2012-09-24 05:46:28 -07:00
|
|
|
}
|