test_bug292789.html (3721B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 https://bugzilla.mozilla.org/show_bug.cgi?id=292789 5 --> 6 <head> 7 <title>Test for Bug 292789</title> 8 <script src="/tests/SimpleTest/SimpleTest.js"></script> 9 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 10 </head> 11 <body> 12 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=292789">Mozilla Bug 292789</a> 13 <p id="display"></p> 14 <div id="content" style="display: none"> 15 <script src="chrome://global/content/treeUtils.js"></script> 16 <script type="application/javascript" src="chrome://mozapps/content/update/history.js"></script> 17 <script id="resjs" type="application/javascript"></script> 18 </div> 19 <pre id="test"> 20 <script class="testbody" type="text/javascript"> 21 22 /** 23 * Test for Bug 292789 24 * 25 * Selectively allow access to allowlisted chrome packages 26 * even for ALLOW_CHROME mechanisms (<script>, <img> etc) 27 */ 28 29 /* import-globals-from ../../../toolkit/content/treeUtils.js */ 30 /* import-globals-from ../../../toolkit/mozapps/update/content/history.js */ 31 32 SimpleTest.waitForExplicitFinish(); 33 34 let ChromeUtils = { 35 import() { return {}; }, 36 }; 37 38 /** <script src=""> test */ 39 function testScriptSrc(aCallback) { 40 is(typeof gTreeUtils.sort, "function", 41 "content can still load <script> from chrome://global"); 42 43 /** 44 * Try to find an export from history.js. We will find it if it is 45 * improperly not blocked, otherwise it will be "undefined". 46 */ 47 is(typeof gUpdateHistory, "undefined", 48 "content should not be able to load <script> from chrome://mozapps"); 49 50 /** 51 * Make sure the last one didn't pass because someone moved history.js. 52 */ 53 var resjs = document.getElementById("resjs"); 54 resjs.onload = scriptOnload; 55 resjs.src = "resource://gre/chrome/toolkit/content/mozapps/update/history.js"; 56 document.getElementById("content").appendChild(resjs); 57 58 function scriptOnload() { 59 is(typeof gUpdateHistory.onLoad, "function", 60 "history.js has not moved unexpectedly"); 61 62 // trigger the callback 63 if (aCallback) 64 aCallback(); 65 } 66 } 67 68 /** <img src=""> tests */ 69 var img_global = "chrome://global/skin/media/error.png"; 70 var img_mozapps = "chrome://mozapps/skin/extensions/extensionGeneric.svg"; 71 var res_mozapps = "resource://gre/chrome/toolkit/skin/classic/mozapps/extensions/extensionGeneric.svg"; 72 73 var imgTests = [[img_global, "success"], 74 [img_mozapps, "fail"], 75 [res_mozapps, "success"]]; 76 77 var curImgTest = 0; 78 79 function runImgTest() { 80 var test = imgTests[curImgTest++]; 81 var callback = curImgTest == imgTests.length ? finishTest : runImgTest; 82 loadImage(test[0], test[1], callback); 83 } 84 85 function finishTest() { 86 SimpleTest.finish(); 87 } 88 89 function fail(event) { 90 is("fail", event.target.expected, 91 "content should not be allowed to load " + event.target.src); 92 if (event.target.callback) 93 event.target.callback(); 94 } 95 96 function success(event) { 97 is("success", event.target.expected, 98 "content should be able to load " + event.target.src); 99 if (event.target.callback) 100 event.target.callback(); 101 } 102 103 function loadImage(uri, expect, callback) { 104 var img = document.createElement("img"); 105 img.onerror = fail; 106 img.onload = success; 107 img.expected = expect; 108 img.callback = callback; 109 img.src = uri; 110 // document.getElementById("content").appendChild(img); 111 } 112 113 // Start off the script src test, and have it start the img tests when complete. 114 // Temporarily allow content to access all resource:// URIs. 115 SpecialPowers.pushPrefEnv({ 116 set: [ 117 ["security.all_resource_uri_content_accessible", true], 118 ], 119 }, () => testScriptSrc(runImgTest)); 120 </script> 121 </pre> 122 </body> 123 </html>