gecko/js/xpconnect/tests/unit/test_components.js

const Cu = Components.utils;

function run_test() {
  var sb1 = Cu.Sandbox("http://www.blah.com");
  var sb2 = Cu.Sandbox("http://www.blah.com");
  var sb3 = Cu.Sandbox(this);
  var sb4 = Cu.Sandbox("http://www.other.com");
  var rv;

  // Components is normally hidden from content on the XBL scope chain, but we
  // expose it to content here to make sure that the security wrappers work
  // regardless.
  [sb1, sb2, sb4].forEach(function(x) { x.Components = Cu.getComponentsForScope(x); });

  // non-chrome accessing chrome Components
  sb1.C = Components;
  checkThrows("C.utils", sb1);
  checkThrows("C.classes", sb1);

  // non-chrome accessing own Components
  do_check_eq(Cu.evalInSandbox("typeof Components.interfaces", sb1), 'object');
  do_check_eq(Cu.evalInSandbox("typeof Components.utils", sb1), 'undefined');
  do_check_eq(Cu.evalInSandbox("typeof Components.classes", sb1), 'undefined');

  // Make sure an unprivileged Components is benign.
  var C2 = Cu.evalInSandbox("Components", sb2);
  var whitelist = ['interfaces', 'interfacesByID', 'results', 'isSuccessCode', 'QueryInterface'];
  for (var prop in Components) {
    do_print("Checking " + prop);
    do_check_eq((prop in C2), whitelist.indexOf(prop) != -1);
  }

  // non-chrome same origin
  sb1.C2 = C2;
  do_check_eq(Cu.evalInSandbox("typeof C2.interfaces", sb1), 'object');
  do_check_eq(Cu.evalInSandbox("typeof C2.utils", sb1), 'undefined');
  do_check_eq(Cu.evalInSandbox("typeof C2.classes", sb1), 'undefined');

  // chrome accessing chrome
  sb3.C = Components;
  rv = Cu.evalInSandbox("C.utils", sb3);
  do_check_eq(rv, Cu);

  // non-chrome cross origin
  sb4.C2 = C2;
  checkThrows("C2.interfaces", sb4);
  checkThrows("C2.utils", sb4);
  checkThrows("C2.classes", sb4);
}

function checkThrows(expression, sb) {
  var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
  do_check_true(!!/denied/.exec(result));
}