script-filename-validation-1.js (2058B)
1 load(libdir + "asserts.js"); 2 3 setTestFilenameValidationCallback(); 4 5 // Filenames starting with "safe" are fine. 6 assertEq(evaluate("2", {fileName: "safe.js"}), 2); 7 assertEq(evaluate("eval(3)", {fileName: "safe.js"}), 3); 8 assertEq(evaluate("Function('return 4')()", {fileName: "safe.js"}), 4); 9 10 // Delazification is fine. 11 function foo(x) { 12 function bar(x) { return x + 1; } 13 return bar(x); 14 } 15 assertEq(foo(1), 2); 16 17 // These are all blocked. 18 assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: "unsafe.js"}), InternalError); 19 assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: "system.js"}), InternalError); 20 assertThrowsInstanceOf(() => evaluate("throw 2", {fileName: ""}), InternalError); 21 assertThrowsInstanceOf(() => evaluate("throw 2"), InternalError); 22 assertThrowsInstanceOf(() => eval("throw 2"), InternalError); 23 assertThrowsInstanceOf(() => Function("return 1"), InternalError); 24 assertThrowsInstanceOf(() => parseModule("{ function x() {} }"), InternalError); 25 26 // The error message must contain the filename. 27 var ex = null; 28 try { 29 evaluate("throw 2", {fileName: "file://foo.js"}); 30 } catch (e) { 31 ex = e; 32 } 33 assertEq(ex.toString(), "InternalError: unsafe filename: file://foo.js"); 34 35 // Off-thread parse throws too, when finishing. 36 if (helperThreadCount() > 0) { 37 offThreadCompileToStencil('throw 1'); 38 var stencil = finishOffThreadStencil(); 39 assertThrowsInstanceOf(() => evalStencil(stencil), InternalError); 40 } 41 42 // Unsafe filename is accepted if we opt-out. 43 assertEq(evaluate("2", {fileName: "unsafe.js", skipFileNameValidation: true}), 2); 44 assertEq(evaluate("3", {skipFileNameValidation: true}), 3); 45 46 // In system realms we also accept filenames starting with "system". 47 var systemRealm = newGlobal({newCompartment: true, systemPrincipal: true}); 48 assertEq(systemRealm.evaluate("1 + 2", {fileName: "system.js"}), 3); 49 assertEq(systemRealm.evaluate("2 + 2", {fileName: "safe.js"}), 4); 50 assertThrowsInstanceOf(() => systemRealm.evaluate("1 + 2", {fileName: "unsafe.js"}), 51 systemRealm.InternalError);