tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_clonewrapper.xhtml (4727B)

      1 <?xml version="1.0"?>
      2 <?xml-stylesheet type="text/css" href="chrome://global/skin"?>
      3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
      4 <!--
      5 https://bugzilla.mozilla.org/show_bug.cgi?id=667388
      6 -->
      7 <window title="Mozilla Bug 667388"
      8        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
      9  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
     10 
     11  <!-- test code goes here -->
     12  <script type="application/javascript">
     13  <![CDATA[
     14 
     15  // Setup.
     16  SimpleTest.waitForExplicitFinish();
     17  window.testObject = { myNumber: 42,
     18                        myDomain: window.location.domain };
     19 
     20 
     21  // Wait for both frames to load before proceeding.
     22  var framesLoaded = [null, false, false, false];
     23  function onFrameLoaded(id) {
     24 
     25    // Mark this frame as loaded.
     26    framesLoaded[id] = true;
     27 
     28    // Allow it to call various helpers.
     29    window.frames[id].wrappedJSObject.is = is;
     30    window.frames[id].wrappedJSObject.ok = ok;
     31    window.frames[id].wrappedJSObject.info = info;
     32 
     33    // If all the frames are loaded, start the test.
     34    if (framesLoaded[1] && framesLoaded[2] && framesLoaded[3])
     35      startTest();
     36  }
     37 
     38  function reject(e) {
     39    ok(false, "Rejected Promise: " + e);
     40    SimpleTest.finish();
     41  }
     42 
     43  function startTest() {
     44 
     45    runChromeContentTest(window.frames[1]).then(
     46    runContentContentTest.bind(null, window.frames[1], window.frames[2],
     47                               true, "Should be able to clone same-origin"), reject).then(
     48    runContentContentTest.bind(null, window.frames[2], window.frames[3],
     49                               false, "Should not be able to clone cross-origin"), reject).then(function() {
     50      // Colaborate with document.domain, then try again.
     51      frames[2].document.domain = 'example.org';
     52      frames[3].document.domain = 'example.org';
     53      return runContentContentTest(window.frames[2], window.frames[3],
     54                                   false, "Should be able to clone cross-origin with document.domain, but can't because of cached CCWs")
     55    }, reject).then(SimpleTest.finish.bind(SimpleTest), reject);
     56  }
     57 
     58  // Tests cloning between chrome and content.
     59  function runChromeContentTest(contentWin) {
     60 
     61    // We should be able to clone a content object.
     62    tryToClone(contentWin.wrappedJSObject.testObject,
     63               true,
     64               "Chrome should be able to clone content object");
     65 
     66    return Promise.resolve();
     67  }
     68 
     69  // Test cloning between content and content.
     70  //
     71  // Note - the way we do this is kind of sketchy. Because we're grabbing the
     72  // test object from win1 by waiving Xray (via .wrappedJSObject), the object
     73  // we're passing from win1 to win2 is actually the waived object (which has
     74  // a distinct identity in the compartment of win2). So this means that we're
     75  // actually giving win2 Xray waivers to win1! This doesn't affect things as
     76  // long as the security wrappers check documentDomainMakesSameOrigin directly
     77  // for the puncture case rather than checking IsTransparent(), but it still
     78  // gives rise to a situation that wouldn't really happen in practice.
     79  function runContentContentTest(win1, win2, shouldSucceed, msg) {
     80 
     81    var p = win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.testObject,
     82                                            shouldSucceed, msg);
     83    if (!shouldSucceed)
     84      return Promise.resolve();
     85    return new Promise(function(resolve) {
     86      p.then(function(cloneResult) {
     87        is(JSON.stringify(Cu.waiveXrays(cloneResult)),
     88           JSON.stringify(win2.wrappedJSObject.testObject),
     89           "Clone should create an identical object");
     90        resolve();
     91      });
     92    });
     93  }
     94 
     95  function tryToClone(obj, shouldSucceed, message) {
     96    var success = false;
     97    var sink = window.frames[0];
     98    try { sink.postMessage(obj, '*'); success = true; }
     99    catch (e) { message = message + ' (threw: ' + e.message + ')'; }
    100    is(success, shouldSucceed, message);
    101  }
    102 
    103  ]]>
    104  </script>
    105 
    106  <!-- test results are displayed in the html:body -->
    107  <body xmlns="http://www.w3.org/1999/xhtml">
    108  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=667388"
    109     target="_blank">Mozilla Bug 667388</a>
    110  <iframe id="sink" />
    111  <!-- The first two are same-origin, the third is not. -->
    112  <iframe id="frame1" onload="onFrameLoaded(1);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
    113  <iframe id="frame2" onload="onFrameLoaded(2);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
    114  <iframe id="frame3" onload="onFrameLoaded(3);" src="http://test2.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
    115  </body>
    116 
    117 </window>