tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_documentdomain.xhtml (4605B)

      1 <?xml version="1.0"?>
      2 <?xml-stylesheet type="text/css" href="chrome://global/skin"?>
      3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
      4 <!--
      5 https://bugzilla.mozilla.org/show_bug.cgi?id=601277
      6 -->
      7 <window title="Mozilla Bug 601277"
      8        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
      9  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
     10 
     11  <!-- test results are displayed in the html:body -->
     12  <body xmlns="http://www.w3.org/1999/xhtml">
     13  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=601277"
     14     target="_blank">Mozilla Bug 601277</a>
     15  </body>
     16 
     17  <!-- test code goes here -->
     18  <script type="application/javascript">
     19  <![CDATA[
     20  /** Tests for document.domain. */
     21 
     22  SimpleTest.waitForExplicitFinish();
     23 
     24  // Wait for the frames to load.
     25  var gFramesLoaded = 0;
     26  function frameLoaded() {
     27    gFramesLoaded++;
     28    if (gFramesLoaded == document.getElementsByTagName('iframe').length)
     29      startTest();
     30  }
     31 
     32  function startTest() {
     33 
     34    // Grab all the content windows and waive Xray. Xray waivers only apply to
     35    // chrome, so we can pass these references directly to content.
     36    var win1A = document.getElementById('test1A').contentWindow.wrappedJSObject;
     37    var win1B = document.getElementById('test1B').contentWindow.wrappedJSObject;
     38    var win2 = document.getElementById('test2').contentWindow.wrappedJSObject;
     39    var winBase = document.getElementById('base').contentWindow.wrappedJSObject;
     40 
     41    // Check the basics.
     42    ok(win1A.tryToAccess(win1B),
     43       "Same-origin windows should grant access");
     44    ok(!win1A.tryToAccess(win2),
     45       "Cross-origin windows should not grant access");
     46    ok(!win1A.tryToAccess(winBase),
     47       "Subdomain windows should not receive access");
     48 
     49    // Store references now, while test1A and test1B are same-origin.
     50    win1A.storeReference(win1B);
     51    win1B.storeReference(win1A);
     52    ok(win1A.tryToAccessStored(), "Stored references work when same-origin");
     53    win1A.evalFromB = Cu.unwaiveXrays(win1B.eval); // Crashtest for bug 1040181.
     54    win1B.functionFromA = Cu.unwaiveXrays(win1A.Function); // Crashtest for bug 1040181.
     55    ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "Should allow before document.domain");
     56    ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "Should allow before document.domain");
     57 
     58    // Set document.domain on test1A. This should grant no access, since nobody
     59    // else set it.
     60    win1A.setDomain('example.org');
     61    ok(!win1A.tryToAccess(winBase), "base must collaborate too");
     62    ok(!winBase.tryToAccess(win1A), "base must collaborate too");
     63    ok(!win1A.tryToAccess(win1B), "No longer same-origin");
     64    ok(win1A.tryToAccessStored(), "We don't revoke access except through Window and Location");
     65    ok(!win1B.tryToAccess(win1A), "No longer same-origin");
     66    ok(win1B.tryToAccessStored(), "We don't revoke access except through Window and Location");
     67    ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "We don't revoke access except through Window and Location");
     68    ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "We don't revoke access except through Window and Location");
     69 
     70    // Set document.domain on test1B. Now we're cooking with gas.
     71    win1B.setDomain('example.org');
     72    ok(!win1B.tryToAccess(winBase), "base must collaborate too");
     73    ok(!winBase.tryToAccess(win1B), "base must collaborate too");
     74    ok(win1A.tryToAccess(win1B), "same-origin");
     75    ok(win1A.tryToAccessStored(), "same-origin");
     76    ok(win1B.tryToAccess(win1A), "same-origin");
     77    ok(win1B.tryToAccessStored(), "same-origin");
     78 
     79    // Explicitly collaborate with base.
     80    winBase.setDomain('example.org');
     81    ok(winBase.tryToAccess(win1A), "base collaborates");
     82    ok(win1A.tryToAccess(winBase), "base collaborates");
     83 
     84    // All done.
     85    SimpleTest.finish();
     86  }
     87 
     88 
     89  ]]>
     90  </script>
     91 
     92  <iframe id="test1A" onload="frameLoaded();" type="content"
     93          src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
     94  <iframe id="test1B" onload="frameLoaded();" type="content"
     95          src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
     96  <iframe id="test2" onload="frameLoaded();" type="content"
     97          src="http://test2.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
     98  <iframe id="base" onload="frameLoaded();" type="content"
     99          src="http://example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
    100 </window>