Bug 802557 - Mochitests. r=bz

js/xpconnect/tests/mochitest/Makefile.in

@@ -85,6 +85,8 @@ MOCHITEST_FILES =	chrome_wrappers_helper.html \
 		file_bug795275.xml \
 		file_bug799348.html \
 		test_bug800864.html \
+		test_bug802557.html \
+		file_bug802557.html \
 		$(NULL)
 
 ifneq ($(OS_TARGET),Android)

js/xpconnect/tests/mochitest/file_bug802557.html

@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+var gTS = window.location.toString;
+var gGHR = Object.__lookupGetter__.call(window.location, 'href');
+var gTests = {
+  getLocationImplicit: function () {
+    return window.location + "";
+  },
+  getLocationExplicit: function() {
+    return window.location.toString();
+  },
+  getLocationApply1: function() {
+    return gTS.call(window.location);
+  },
+  getLocationApply2: function() {
+    return gTS.apply(window.location, []);
+  },
+  getLocationApply3: function() {
+    return Function.call.apply(gTS, [window.location]);
+  },
+  getLocationViaPrototype: function() {
+    return Location.prototype.toString.call(window.location);
+  },
+  getHref: function() {
+    return window.location.href;
+  },
+  getHrefViaApply: function() {
+    return Function.call.apply(gGHR, [window.location]);
+  },
+  getHrefViaPrototype: function() {
+    return Object.getOwnPropertyDescriptor(Location.prototype, 'href').get.call(window.location);
+  }
+};
+
+gTests.getLocationViaPrototype.skipMessageCheck = true;
+gTests.getHrefViaPrototype.skipMessageCheck = true;
+
+</script>
+</head>
+<body>
+</body>
+</html>

js/xpconnect/tests/mochitest/test_bug802557.html

@@ -0,0 +1,101 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=802557
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 802557</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=802557">Mozilla Bug 802557</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+  
+</div>
+<iframe id="ifr" onload="go();" src="file_empty.html"></iframe>
+<pre id="test">
+<script type="application/javascript">
+
+/** Test for Bug 802557 **/
+SimpleTest.waitForExplicitFinish();
+
+// In the case of apply()ing on a Location object that's script access only,
+// we just throw a very bland XPConnect message. In other cases though, we want
+// to check the message to make sure we're throwing a security exception and not
+// something else.
+function checkThrows(fun, desc, skipMessageCheck) {
+  try {
+    fun();
+    ok(false, "Didn't throw when " + desc);
+  } catch(e) {
+    ok(true, "Threw when " + desc + " " + e);
+    if (!skipMessageCheck)
+      ok(/denied|insecure/.exec(e), "Should be security exception");
+  }
+}
+
+var loadCount = 0;
+var ifr = document.getElementById('ifr');
+var iWin = ifr.contentWindow;
+function boundTo(item, l) { return item[3] && item[2] === l; };
+function go() {
+  ++loadCount;
+
+  if (loadCount == 1) {
+    gLoc = iWin.location;
+    // Note that accessors pulled off Xrays are currently bound. This is bug 658909.
+    // [getter, description, locationObj, bound]
+    gGetters = [[ location.toString, 'toString from LW', location, true ],
+                [ gLoc.toString, 'toString from XLW', gLoc, true ],
+                [ Location.prototype.toString, 'toString from Location.prototype', location, false ],
+                [ iWin.Location.prototype.toString, 'toString from iWin.Location.prototype', gLoc, false ],
+                [ Object.__lookupGetter__.call(location, 'href'), 'href getter from LW', location, true ],
+                [ Object.__lookupGetter__.call(gLoc, 'href'), 'href getter from XLW', gLoc, true ],
+                [ Object.getOwnPropertyDescriptor(Location.prototype, 'href').get, 'href getter from Location.prototype', location, false ],
+                [ Object.getOwnPropertyDescriptor(iWin.Location.prototype, 'href').get, 'href getter from iWin.Location.prototype', gLoc, false ],
+                [ function() { return this + ''; }, 'implicit conversion via [[DefaultValue]]', location, false]];
+    gGetters.forEach(function(item) {
+      try {
+        (boundTo(item, gLoc) ? todo_is : is)(item[0].call(location), location.toString(), 'Same-origin LW: ' + item[1]);
+        (boundTo(item, location) ? todo_is : is)(item[0].call(gLoc), gLoc.toString(), 'Same-origin XLW: ' + item[1]);
+      } catch (e) {
+        ok(false, "Threw while applying " + item[1] + " to same-origin location object: " + e);
+      }
+    });
+    ifr.src = "http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html";
+  }
+  else if (loadCount == 2) {
+    gGetters.forEach(function(item) {
+      // If the getter is bound to our local window.location, it's not going to throw
+      if (!boundTo(item, window.location))
+        checkThrows(function() { item[0].call(gLoc); },
+                    'call()ing ' + item[1] + ' after navigation cross-origin',
+                    /* skipMessageCheck = */ true);
+    });
+    ifr.src = 'http://mochi.test:8888/tests/js/xpconnect/tests/mochitest/file_bug802557.html';
+  }
+  else if (loadCount == 3) {
+    gTestFunctions = ifr.contentWindow.gTests;
+    var win = ifr.contentWindow;
+    for (fun in gTestFunctions)
+       is(gTestFunctions[fun](), win.location.toString(), "allowed via " + fun);
+    win.location = 'http://example.org/tests/js/xpconnect/tests/mochitest/file_bug802557.html';
+  }
+  else if (loadCount == 4) {
+    for (fun in gTestFunctions) {
+      var f = gTestFunctions[fun];
+      checkThrows(f, "calling " + fun, f.skipMessageCheck);
+    }
+    SimpleTest.finish();
+  }
+}
+
+
+
+</script>
+</pre>
+</body>
+</html>