test_disallowInheritPrincipal.html (1905B)
1 <!DOCTYPE HTML> 2 <html> 3 <!-- 4 https://bugzilla.mozilla.org/show_bug.cgi?id=732413 5 --> 6 <head> 7 <title>Test for Bug 732413</title> 8 <script src="/tests/SimpleTest/SimpleTest.js"></script> 9 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 10 </head> 11 <body> 12 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=732413">Mozilla Bug 732413</a> 13 <p id="display"></p> 14 <div id="content" style="display: none"> 15 16 </div> 17 <pre id="test"> 18 <script type="application/javascript"> 19 20 /** 21 * Test for Bug 732413 22 * Passing DISALLOW_INHERIT_PRINCIPAL flag should be effective even if 23 * aPrincipal is the system principal. 24 */ 25 26 const nsIScriptSecurityManager = SpecialPowers.Ci.nsIScriptSecurityManager; 27 var secMan = SpecialPowers.Cc["@mozilla.org/scriptsecuritymanager;1"] 28 .getService(nsIScriptSecurityManager); 29 var sysPrincipal = secMan.getSystemPrincipal(); 30 isnot(sysPrincipal, undefined, "Should have a principal"); 31 isnot(sysPrincipal, null, "Should have a non-null principal"); 32 is(sysPrincipal.isSystemPrincipal, true, 33 "Should have system principal here"); 34 35 36 var inheritingURI = SpecialPowers.Services.io.newURI("javascript:1+1"); 37 38 // First try a normal call to checkLoadURIWithPrincipal 39 try { 40 secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI, 41 nsIScriptSecurityManager.STANDARD); 42 ok(true, "checkLoadURI allowed the load"); 43 } catch (e) { 44 ok(false, "checkLoadURI failed unexpectedly: " + e); 45 } 46 47 // Now call checkLoadURIWithPrincipal with DISALLOW_INHERIT_PRINCIPAL 48 try { 49 secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI, 50 nsIScriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL); 51 ok(false, "checkLoadURI allowed the load unexpectedly"); 52 } catch (e) { 53 ok(true, "checkLoadURI prevented load of principal-inheriting URI"); 54 } 55 56 </script> 57 </pre> 58 </body> 59 </html>