tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_xhr_sandbox.js (2068B)

      1 // This code is evaluated in a sandbox courtesy of toSource();
      2 var sandboxCode =
      3  function () {
      4    let req = new XMLHttpRequest();
      5    req.open("GET", "http://mochi.test:8888/browser/dom/tests/browser/", true);
      6    req.onreadystatechange = function () {
      7      if (req.readyState === 4) {
      8        // If we get past the problem above, we end up with a req.status of zero
      9        // (ie, blocked due to CORS) even though we are fetching from the same
     10        // origin as the window itself.
     11        let result;
     12        if (req.status != 200) {
     13          result = "ERROR: got request status of " + req.status;
     14        } else if (!req.responseText.length) {
     15          result = "ERROR: got zero byte response text";
     16        } else {
     17          result = "ok";
     18        }
     19        postMessage({ result }, "*");
     20      }
     21    };
     22    req.send(null);
     23  }.toSource() + "();";
     24 
     25 add_task(async function test() {
     26  await SpecialPowers.pushPrefEnv({
     27    set: [["security.allow_unsafe_parent_loads", true]],
     28  });
     29 
     30  let newWin = await BrowserTestUtils.openNewBrowserWindow();
     31 
     32  let frame = newWin.document.createXULElement("iframe");
     33  frame.setAttribute("type", "content");
     34  frame.setAttribute(
     35    "src",
     36    "http://mochi.test:8888/browser/dom/tests/browser/browser_xhr_sandbox.js"
     37  );
     38 
     39  newWin.document.documentElement.appendChild(frame);
     40  await BrowserTestUtils.waitForEvent(frame, "load", true);
     41 
     42  let contentWindow = frame.contentWindow;
     43  let sandbox = new Cu.Sandbox(contentWindow);
     44 
     45  // inject some functions from the window into the sandbox.
     46  // postMessage so the async code in the sandbox can report a result.
     47  sandbox.importFunction(
     48    contentWindow.postMessage.bind(contentWindow),
     49    "postMessage"
     50  );
     51  sandbox.importFunction(contentWindow.XMLHttpRequest, "XMLHttpRequest");
     52  Cu.evalInSandbox(sandboxCode, sandbox, "1.8");
     53 
     54  let sandboxReply = await BrowserTestUtils.waitForEvent(
     55    contentWindow,
     56    "message",
     57    true
     58  );
     59  is(sandboxReply.data.result, "ok", "check the sandbox code was felipe");
     60 
     61  await BrowserTestUtils.closeWindow(newWin);
     62 });