2013-02-08 06:24:22 -08:00
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
|
|
<!--
|
|
|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=821850
|
|
|
|
-->
|
|
|
|
<head>
|
|
|
|
<bindings xmlns="http://www.mozilla.org/xbl">
|
|
|
|
<binding id="testBinding">
|
|
|
|
<implementation>
|
|
|
|
<constructor>
|
|
|
|
// Store a property as an expando on the bound element.
|
|
|
|
this._prop = "propVal";
|
|
|
|
|
|
|
|
// Wait for both constructors to fire.
|
|
|
|
window.constructorCount = (window.constructorCount + 1) || 1;
|
|
|
|
if (window.constructorCount != 2)
|
|
|
|
return;
|
|
|
|
|
|
|
|
// Grab some basic infrastructure off the content window.
|
|
|
|
var win = XPCNativeWrapper.unwrap(window);
|
|
|
|
SpecialPowers = win.SpecialPowers;
|
|
|
|
Cu = SpecialPowers.Cu;
|
|
|
|
is = win.is;
|
|
|
|
ok = win.ok;
|
|
|
|
SimpleTest = win.SimpleTest;
|
|
|
|
|
|
|
|
// Stick some expandos on the content window.
|
|
|
|
window.xrayExpando = 3;
|
|
|
|
win.primitiveExpando = 11;
|
|
|
|
win.stringExpando = "stringExpando";
|
|
|
|
win.objectExpando = { foo: 12 };
|
|
|
|
win.globalExpando = SpecialPowers.unwrap(Cu.getGlobalForObject({}));
|
|
|
|
win.functionExpando = function() { return "called" };
|
|
|
|
win.functionExpando.prop = 2;
|
|
|
|
|
|
|
|
// Make sure we're Xraying.
|
|
|
|
ok(Cu.isXrayWrapper(window), "Window is Xrayed");
|
|
|
|
ok(Cu.isXrayWrapper(document), "Document is Xrayed");
|
|
|
|
|
|
|
|
var bound = document.getElementById('bound');
|
|
|
|
ok(bound, "bound is non-null");
|
|
|
|
is(bound.method('baz'), "method:baz", "Xray methods work");
|
|
|
|
is(bound.prop, "propVal", "Property Xrays work");
|
2013-05-09 09:16:02 -07:00
|
|
|
is(bound.primitiveField, undefined, "Xrays don't show fields");
|
|
|
|
is(bound.wrappedJSObject.primitiveField, 2, "Waiving Xrays show fields");
|
2013-02-08 06:24:22 -08:00
|
|
|
|
2013-11-01 07:31:58 -07:00
|
|
|
// Check exposure behavior.
|
|
|
|
is(typeof bound.unexposedMethod, 'function',
|
|
|
|
"Unexposed method should be visible to XBL");
|
|
|
|
is(typeof bound.wrappedJSObject.unexposedMethod, 'undefined',
|
|
|
|
"Unexposed method should not be defined in content");
|
|
|
|
is(typeof bound.unexposedProperty, 'number',
|
|
|
|
"Unexposed property should be visible to XBL");
|
|
|
|
is(typeof bound.wrappedJSObject.unexposedProperty, 'undefined',
|
|
|
|
"Unexposed property should not be defined in content");
|
|
|
|
|
2014-04-15 12:04:05 -07:00
|
|
|
// Check that here HTMLImageElement.QueryInterface works
|
2014-04-15 06:31:21 -07:00
|
|
|
var img = document.querySelector("img");
|
|
|
|
ok("QueryInterface" in img,
|
|
|
|
"Should have a img.QueryInterface here");
|
|
|
|
is(img.QueryInterface(Components.interfaces.nsIImageLoadingContent),
|
2014-04-15 12:02:57 -07:00
|
|
|
img, "Should be able to QI the image");
|
2013-05-14 11:24:48 -07:00
|
|
|
|
2014-03-25 08:36:39 -07:00
|
|
|
// Make sure standard constructors work right in the presence of
|
|
|
|
// sandboxPrototype and Xray-resolved constructors.
|
|
|
|
is(window.Function, XPCNativeWrapper(window.wrappedJSObject.Function),
|
|
|
|
"window.Function comes from the window, not the global");
|
|
|
|
ok(Function != window.Function, "Function constructors are distinct");
|
|
|
|
is(Object.getPrototypeOf(Function.prototype), Object.getPrototypeOf({foo: 42}),
|
|
|
|
"Function constructor is local");
|
|
|
|
|
2013-02-08 06:24:22 -08:00
|
|
|
// This gets invoked by an event handler.
|
|
|
|
window.finish = function() {
|
|
|
|
// Content messed with stuff. Make sure we still see the right thing.
|
|
|
|
is(bound.method('bay'), "method:bay", "Xray methods work");
|
|
|
|
is(bound.wrappedJSObject.method('bay'), "hah", "Xray waived methods work");
|
|
|
|
is(bound.prop, "set:someOtherVal", "Xray props work");
|
|
|
|
is(bound.wrappedJSObject.prop, "redefined", "Xray waived props work");
|
2013-05-09 09:16:02 -07:00
|
|
|
is(bound.wrappedJSObject.primitiveField, 321, "Can't do anything about redefined fields");
|
2013-02-08 06:24:22 -08:00
|
|
|
|
|
|
|
SimpleTest.finish();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Hand things off to content. Content will call us back.
|
|
|
|
win.go();
|
|
|
|
</constructor>
|
|
|
|
<field name="primitiveField">2</field>
|
2013-11-01 07:31:58 -07:00
|
|
|
<method name="unexposedMethod"><body></body></method>
|
|
|
|
<property name="unexposedProperty" onget="return 2;" readonly="true"></property>
|
2013-11-01 07:31:57 -07:00
|
|
|
<method name="method" exposeToUntrustedContent="true">
|
2013-02-08 06:24:22 -08:00
|
|
|
<parameter name="arg" />
|
|
|
|
<body>
|
|
|
|
return "method:" + arg;
|
|
|
|
</body>
|
|
|
|
</method>
|
2013-11-01 07:31:57 -07:00
|
|
|
<method name="passMeAJSObject" exposeToUntrustedContent="true">
|
2013-04-03 11:41:23 -07:00
|
|
|
<parameter name="arg" />
|
|
|
|
<body>
|
|
|
|
is(typeof arg.prop, 'undefined', "No properties");
|
|
|
|
is(Object.getOwnPropertyNames(arg).length, 0, "Should have no own properties");
|
|
|
|
try {
|
|
|
|
arg.foo = 2;
|
|
|
|
ok(true, "Stuff fails silently");
|
|
|
|
} catch (e) {
|
|
|
|
ok(false, "Stuff should fail silently");
|
|
|
|
}
|
|
|
|
is(typeof arg.foo, 'undefined', "Shouldn't place props");
|
|
|
|
</body>
|
|
|
|
</method>
|
2013-11-01 07:31:57 -07:00
|
|
|
<property name="prop" exposeToUntrustedContent="true">
|
2013-02-08 06:24:22 -08:00
|
|
|
<getter>return this._prop;</getter>
|
|
|
|
<setter>this._prop = "set:" + val;</setter>
|
|
|
|
</property>
|
|
|
|
</implementation>
|
|
|
|
<handlers>
|
2013-11-01 07:31:58 -07:00
|
|
|
<handler event="testevent" action="ok(true, 'called event handler'); finish();" allowuntrusted="true"/>
|
|
|
|
<handler event="testtrusted" action="ok(true, 'called trusted handler'); window.wrappedJSObject.triggeredTrustedHandler = true;"/>
|
|
|
|
<handler event="keyup" action="ok(true, 'called untrusted key handler'); window.wrappedJSObject.triggeredUntrustedKeyHandler = true;" allowuntrusted="true"/>
|
|
|
|
<handler event="keydown" action="ok(true, 'called trusted key handler'); window.wrappedJSObject.triggeredTrustedKeyHandler = true;"/>
|
2013-02-08 06:24:22 -08:00
|
|
|
</handlers>
|
|
|
|
</binding>
|
|
|
|
</bindings>
|
|
|
|
<script type="application/javascript">
|
|
|
|
<![CDATA[
|
|
|
|
|
2013-02-22 07:56:03 -08:00
|
|
|
ok = parent.ok;
|
|
|
|
is = parent.is;
|
|
|
|
SimpleTest = parent.SimpleTest;
|
|
|
|
SpecialPowers = parent.SpecialPowers;
|
2013-02-08 06:24:22 -08:00
|
|
|
|
|
|
|
// Test the Xray waiving behavior when accessing fields. We should be able to
|
|
|
|
// see sequential JS-implemented properties, but should regain Xrays when we
|
|
|
|
// hit a native property.
|
|
|
|
window.contentVal = { foo: 10, rabbit: { hole: { bar: 100, win: window} } };
|
|
|
|
ok(true, "Set contentVal");
|
|
|
|
|
2013-05-14 11:24:48 -07:00
|
|
|
// Check that we're not exposing QueryInterface to non-XBL code
|
|
|
|
ok(!("QueryInterface" in document),
|
|
|
|
"Should not have a document.QueryInterface here");
|
|
|
|
|
2013-02-08 06:24:22 -08:00
|
|
|
function go() {
|
|
|
|
"use strict";
|
|
|
|
|
|
|
|
// Test what we can and cannot access in the XBL scope.
|
|
|
|
is(typeof window.xrayExpando, "undefined", "Xray expandos are private to the caller");
|
|
|
|
is(window.primitiveExpando, 11, "Can see waived expandos");
|
|
|
|
is(window.stringExpando, "stringExpando", "Can see waived expandos");
|
|
|
|
is(typeof window.objectExpando, "object", "object expando exists");
|
|
|
|
checkThrows(function() window.objectExpando.foo);
|
|
|
|
is(SpecialPowers.wrap(window.objectExpando).foo, 12, "SpecialPowers sees the right thing");
|
|
|
|
is(typeof window.globalExpando, "object", "Can see global object");
|
|
|
|
checkThrows(function() window.globalExpando.win);
|
|
|
|
is(window.functionExpando(), "called", "XBL functions are callable");
|
|
|
|
checkThrows(function() window.functionExpando.prop);
|
|
|
|
|
|
|
|
// Inspect the bound element.
|
2013-02-22 07:56:03 -08:00
|
|
|
var bound = document.getElementById('bound');
|
2013-02-08 06:24:22 -08:00
|
|
|
is(bound.primitiveField, 2, "Can see primitive fields");
|
|
|
|
is(bound.method("foo"), "method:foo", "Can invoke XBL method from content");
|
|
|
|
is(bound.prop, "propVal", "Can access properties from content");
|
|
|
|
bound.prop = "someOtherVal";
|
|
|
|
is(bound.prop, "set:someOtherVal", "Can set properties from content");
|
|
|
|
|
2013-04-03 11:41:23 -07:00
|
|
|
// Make sure we can't pass JS objects to the XBL scope.
|
|
|
|
var proto = bound.__proto__;
|
|
|
|
proto.passMeAJSObject({prop: 2});
|
|
|
|
|
2013-02-08 06:24:22 -08:00
|
|
|
//
|
|
|
|
// Try sticking a bunch of stuff on the prototype object.
|
|
|
|
//
|
|
|
|
|
|
|
|
proto.someExpando = 201;
|
|
|
|
is(bound.someExpando, 201, "Can stick non-XBL properties on the proto");
|
|
|
|
|
2013-02-13 10:16:19 -08:00
|
|
|
// Previously, this code checked that content couldn't tamper with its XBL
|
|
|
|
// prototype. But we decided to allow this to reduce regression risk, so for
|
|
|
|
// now just check that this works.
|
|
|
|
function checkMayTamper(obj, propName, desc) {
|
2013-02-08 06:24:22 -08:00
|
|
|
var accessor = !('value' in Object.getOwnPropertyDescriptor(obj, propName));
|
|
|
|
if (!accessor)
|
2013-02-13 10:16:19 -08:00
|
|
|
checkAllowed(function() { obj[propName] = function() {} }, desc + ": assign");
|
|
|
|
checkAllowed(function() { Object.defineProperty(obj, propName, {configurable: true, value: 3}) }, desc + ": define with value");
|
|
|
|
checkAllowed(function() { Object.defineProperty(obj, propName, {configurable: true, writable: true}) }, desc + ": make writable");
|
|
|
|
checkAllowed(function() { Object.defineProperty(obj, propName, {configurable: true}) }, desc + ": make configurable");
|
|
|
|
checkAllowed(function() { Object.defineProperty(obj, propName, {configurable: true, get: function() {}}) }, desc + ": define with getter");
|
|
|
|
checkAllowed(function() { Object.defineProperty(obj, propName, {configurable: true, set: function() {}}) }, desc + ": define with setter");
|
2013-02-08 06:24:22 -08:00
|
|
|
|
|
|
|
// Windows are implemented as proxies, and Proxy::delete_ doesn't currently
|
|
|
|
// pass strict around. Work around it in the window.binding case by just
|
|
|
|
// checking if delete returns false.
|
|
|
|
// manually.
|
2013-02-13 10:16:19 -08:00
|
|
|
checkAllowed(function() { delete obj[propName]; }, desc + ": delete");
|
2013-02-08 06:24:22 -08:00
|
|
|
|
|
|
|
if (!accessor)
|
2013-02-13 10:16:19 -08:00
|
|
|
checkAllowed(function() { obj[propName] = function() {} }, desc + ": assign (again)");
|
2013-02-08 06:24:22 -08:00
|
|
|
}
|
|
|
|
|
2013-02-13 10:16:19 -08:00
|
|
|
// Make sure content can do whatever it wants with the prototype.
|
|
|
|
checkMayTamper(proto, 'method', "XBL Proto Method");
|
|
|
|
checkMayTamper(proto, 'prop', "XBL Proto Prop");
|
|
|
|
checkMayTamper(proto, 'primitiveField', "XBL Field Accessor");
|
2013-02-08 06:24:22 -08:00
|
|
|
|
|
|
|
// Tamper with the derived object. This doesn't affect the XBL scope thanks
|
|
|
|
// to Xrays.
|
2013-02-13 10:16:19 -08:00
|
|
|
bound.method = function() { return "heh"; };
|
2013-02-08 06:24:22 -08:00
|
|
|
Object.defineProperty(bound, 'method', {value: function() { return "hah" }});
|
|
|
|
Object.defineProperty(bound, 'prop', {value: "redefined"});
|
|
|
|
bound.primitiveField = 321;
|
|
|
|
|
2013-11-01 07:31:58 -07:00
|
|
|
// We need a chrome window to create trusted events. This isn't really doable
|
|
|
|
// in child processes, so let's just skip if that's the case.
|
|
|
|
if (SpecialPowers.isMainProcess()) {
|
|
|
|
var Ci = SpecialPowers.Ci;
|
|
|
|
var chromeWin = SpecialPowers.wrap(window.top)
|
|
|
|
.QueryInterface(Ci.nsIInterfaceRequestor)
|
|
|
|
.getInterface(Ci.nsIWebNavigation)
|
|
|
|
.QueryInterface(Ci.nsIDocShell)
|
|
|
|
.chromeEventHandler.ownerDocument.defaultView;
|
|
|
|
|
|
|
|
// Untrusted events should not trigger event handlers without
|
|
|
|
// exposeToUntrustedContent=true.
|
|
|
|
window.triggeredTrustedHandler = false;
|
|
|
|
var untrustedEvent = new CustomEvent('testtrusted');
|
|
|
|
ok(!untrustedEvent.isTrusted, "Created an untrusted event");
|
2014-03-10 14:38:14 -07:00
|
|
|
is(untrustedEvent.type, 'testtrusted', "Constructor should see type");
|
2013-11-01 07:31:58 -07:00
|
|
|
bound.dispatchEvent(untrustedEvent);
|
|
|
|
ok(!window.triggeredTrustedHandler, "untrusted events should not trigger trusted handler");
|
|
|
|
var trustedEvent = new chromeWin.CustomEvent('testtrusted');
|
|
|
|
ok(trustedEvent.isTrusted, "Created a trusted event");
|
2014-03-10 14:38:14 -07:00
|
|
|
is(trustedEvent.type, 'testtrusted', "Wrapped constructor should see type");
|
2013-11-01 07:31:58 -07:00
|
|
|
SpecialPowers.wrap(bound).dispatchEvent(trustedEvent);
|
|
|
|
ok(window.triggeredTrustedHandler, "trusted events should trigger trusted handler");
|
|
|
|
|
|
|
|
//
|
|
|
|
// We check key events as well, since they're implemented differently.
|
|
|
|
//
|
|
|
|
// NB: We don't check isTrusted on the events we create here, because
|
|
|
|
// according to smaug, old-style event initialization doesn't mark the
|
|
|
|
// event as trusted until it's dispatched.
|
|
|
|
//
|
|
|
|
|
|
|
|
window.triggeredUntrustedKeyHandler = false;
|
|
|
|
window.triggeredTrustedKeyHandler = false;
|
|
|
|
|
|
|
|
// Untrusted event, permissive handler.
|
|
|
|
var untrustedKeyEvent = document.createEvent('KeyboardEvent');
|
|
|
|
untrustedKeyEvent.initEvent('keyup', true, true);
|
|
|
|
bound.dispatchEvent(untrustedKeyEvent);
|
|
|
|
ok(window.triggeredUntrustedKeyHandler, "untrusted key events should trigger untrusted handler");
|
|
|
|
|
|
|
|
// Untrusted event, strict handler.
|
|
|
|
var fakeTrustedKeyEvent = document.createEvent('KeyboardEvent');
|
|
|
|
fakeTrustedKeyEvent.initEvent('keydown', true, true);
|
|
|
|
bound.dispatchEvent(fakeTrustedKeyEvent);
|
|
|
|
ok(!window.triggeredTrustedKeyHandler, "untrusted key events should not trigger trusted handler");
|
|
|
|
|
|
|
|
// Trusted event, strict handler.
|
|
|
|
var trustedKeyEvent = chromeWin.document.createEvent('KeyboardEvent');
|
|
|
|
trustedKeyEvent.initEvent('keydown', true, true);
|
|
|
|
SpecialPowers.wrap(bound).dispatchEvent(trustedKeyEvent);
|
|
|
|
ok(window.triggeredTrustedKeyHandler, "trusted key events should trigger trusted handler");
|
|
|
|
}
|
|
|
|
|
2013-02-08 06:24:22 -08:00
|
|
|
// Hand control back to the XBL scope by dispatching an event on the bound element.
|
|
|
|
bound.dispatchEvent(new CustomEvent('testevent'));
|
|
|
|
}
|
|
|
|
|
|
|
|
function checkThrows(fn) {
|
|
|
|
try { fn(); ok(false, "Should have thrown"); }
|
|
|
|
catch (e) { ok(!!/denied|insecure/.exec(e), "Should have thrown security exception: " + e); }
|
|
|
|
}
|
|
|
|
|
2013-02-13 10:16:19 -08:00
|
|
|
function checkAllowed(fn, desc) {
|
|
|
|
try { fn(); ok(true, desc + ": Didn't throw"); }
|
|
|
|
catch (e) { ok(false, desc + ": Threw: " + e); }
|
2013-02-08 06:24:22 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
function setup() {
|
|
|
|
// When the bindings are applied, the constructor will be invoked and the
|
|
|
|
// test will continue.
|
2013-02-22 07:56:03 -08:00
|
|
|
document.getElementById('bound').style.MozBinding = 'url(#testBinding)';
|
|
|
|
document.getElementById('bound2').style.MozBinding = 'url(#testBinding)';
|
2013-02-08 06:24:22 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
]]>
|
|
|
|
</script>
|
|
|
|
</head>
|
|
|
|
<body onload="setup()">
|
|
|
|
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=821850">Mozilla Bug 821850</a>
|
|
|
|
<p id="display"></p>
|
|
|
|
<div id="content">
|
|
|
|
<div id="bound">Bound element</div>
|
|
|
|
<div id="bound2">Bound element</div>
|
2014-04-15 06:31:21 -07:00
|
|
|
<img/>
|
2013-02-08 06:24:22 -08:00
|
|
|
</div>
|
|
|
|
<pre id="test">
|
|
|
|
</pre>
|
|
|
|
</body>
|
|
|
|
</html>
|