tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_expandosharing.xhtml (6727B)

      1 <?xml version="1.0"?>
      2 <?xml-stylesheet type="text/css" href="chrome://global/skin"?>
      3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
      4 <!--
      5 https://bugzilla.mozilla.org/show_bug.cgi?id=758415
      6 -->
      7 <window title="Mozilla Bug 758415"
      8        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
      9  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
     10 
     11  <!-- test results are displayed in the html:body -->
     12  <body xmlns="http://www.w3.org/1999/xhtml">
     13  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=758415"
     14     target="_blank">Mozilla Bug 758415</a>
     15  </body>
     16 
     17  <!-- test code goes here -->
     18  <script type="application/javascript">
     19  <![CDATA[
     20 
     21  /** Test for Cross-Origin Xray Expando Sharing. */
     22  SimpleTest.waitForExplicitFinish();
     23 
     24  // Import our test ESM. We first strip the filename off
     25  // the chrome url, then append the esm filename.
     26  var base = /.*\//.exec(window.location.href)[0];
     27  const {checkFromESM} = ChromeUtils.importESModule(base + "file_expandosharing.sys.mjs");
     28 
     29  // Wait for all child frames to load.
     30  var gLoadCount = 0;
     31  function frameLoaded() {
     32    if (++gLoadCount == window.frames.length)
     33      go();
     34  }
     35 
     36  function go() {
     37 
     38    // Empower the content windows with some functions.
     39    var wins = document.getElementsByTagName('iframe');
     40    for (var i = 0; i < wins.length; ++i) {
     41      var win = wins[i].contentWindow.wrappedJSObject;
     42      win.ok = ok;
     43      win.is = is;
     44    }
     45 
     46    // Grab references to the content windows. We abbreviate the origins as follows:
     47    // A: test1.example.org
     48    // B: test2.example.org
     49    // C: sub1.test1.example.org
     50    window.gWinA1 = document.getElementById('frameA1').contentWindow;
     51    window.gWinA2 = document.getElementById('frameA2').contentWindow;
     52    window.gWinA3 = document.getElementById('frameA3').contentWindow;
     53    window.gWinB = document.getElementById('frameB').contentWindow;
     54    window.gWinC = document.getElementById('frameC').contentWindow;
     55 
     56    /* globals gWinA1, gWinA2, gWinA3, gWinB, gWinC */
     57 
     58    // Test expando sharing with an ESM for different types of Xrays.
     59    testESM(Cu.unwaiveXrays(gWinC.wrappedJSObject.targetWN));
     60    testESM(Cu.unwaiveXrays(gWinC.wrappedJSObject.targetDOM));
     61    testESM(Cu.unwaiveXrays(gWinC.wrappedJSObject.targetJS));
     62 
     63    // Make sure sandboxes never share expandos with anyone else.
     64    testSandbox(Cu.unwaiveXrays(gWinB.wrappedJSObject.targetWN));
     65    testSandbox(Cu.unwaiveXrays(gWinB.wrappedJSObject.targetDOM));
     66    testSandbox(Cu.unwaiveXrays(gWinB.wrappedJSObject.targetJS));
     67 
     68    // Test Content Xrays.
     69    testContentXrays();
     70 
     71    SimpleTest.finish();
     72  }
     73 
     74  // Make sure that expandos are shared between us and an ESM.
     75  function testESM(target) {
     76    target.numProp = 42;
     77    target.strProp = "foo";
     78    target.objProp = { bar: "baz" };
     79    checkFromESM(target, is);
     80  }
     81 
     82  function testSandbox(target) {
     83 
     84    // This gets both run in this scope and the sandbox scope.
     85    var name = "harness";
     86    function placeExpando() {
     87      target.prop = name;
     88    }
     89 
     90    // Set up the sandboxes. Use an expanded principal to get xrays with
     91    // exclusive expandos.
     92    let sb1 = Cu.Sandbox(["https://test1.example.org", "https://test2.example.org"]);
     93    let sb2 = Cu.Sandbox(["https://test1.example.org", "https://test2.example.org"]);
     94    sb1.target = target;
     95    sb2.target = target;
     96    sb1.name = "sandbox1";
     97    sb2.name = "sandbox2";
     98    placeExpando();
     99    Cu.evalInSandbox(placeExpando.toSource() + "placeExpando();", sb1);
    100    Cu.evalInSandbox(placeExpando.toSource() + "placeExpando();", sb2);
    101 
    102    // Make sure everyone sees a different value.
    103    is(target.prop, "harness", "Harness sees its own value");
    104    is(Cu.evalInSandbox("target.prop", sb1), "sandbox1", "Sandbox 1 sees its own value");
    105    is(Cu.evalInSandbox("target.prop", sb2), "sandbox2", "Sandbox 2 sees its own value");
    106  }
    107 
    108  // Make sure that the origin tagging machinery works correctly and that we don't
    109  // mix up chrome and content expandos.
    110  function testContentXrays() {
    111 
    112    // Give A1 and A3 xrays to (same-origin) A2.
    113    Cu.setWantXrays(gWinA1);
    114    Cu.setWantXrays(gWinA3);
    115 
    116    gWinA1.wrappedJSObject.placeExpando('A1_expando', 11, gWinA2.document);
    117    gWinA3.wrappedJSObject.placeExpando('A3_expando', 33, gWinA2.document);
    118    gWinA2.document.Chrome_expando = 33;
    119 
    120    is(gWinA2.document.Chrome_expando, 33, "Read chrome expando properly");
    121    is(typeof gWinA2.document.A1_expando, 'undefined', "Chrome doesn't see content expandos");
    122    is(typeof gWinA2.document.A3_expando, 'undefined', "Chrome doesn't see content expandos");
    123    gWinA1.wrappedJSObject.checkExpando('A1_expando', 11, gWinA2.document, "Content sees proper expandos");
    124    gWinA3.wrappedJSObject.checkExpando('A1_expando', 11, gWinA2.document, "Content sees proper expandos");
    125    gWinA1.wrappedJSObject.checkExpando('A3_expando', 33, gWinA2.document, "Content sees proper expandos");
    126    gWinA3.wrappedJSObject.checkExpando('A3_expando', 33, gWinA2.document, "Content sees proper expandos");
    127    gWinA1.wrappedJSObject.checkExpando('Chrome_expando', null, gWinA2.document, "Content doesn't see chrome expandos");
    128    gWinA3.wrappedJSObject.checkExpando('Chrome_expando', null, gWinA2.document, "Content doesn't see chrome expandos");
    129 
    130    // We very explicitly do not support expando sharing via document.domain.
    131    // A comment in the implementation explains why.
    132    gWinA1.document.domain = 'test1.example.org';
    133    gWinA2.document.domain = 'test1.example.org';
    134    gWinA3.document.domain = 'test1.example.org';
    135    gWinC.document.domain = 'test1.example.org';
    136    gWinC.wrappedJSObject.checkExpando('A1_expando', null, gWinA2.document, "document.domain should have no effect here");
    137    gWinC.wrappedJSObject.checkExpando('A3_expando', null, gWinA2.document, "document.domain should have no effect here");
    138  }
    139 
    140  ]]>
    141  </script>
    142  <iframe id="frameA1" onload="frameLoaded();" type="content" src="https://test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
    143  <iframe id="frameA2" onload="frameLoaded();" type="content" src="https://test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
    144  <iframe id="frameA3" onload="frameLoaded();" type="content" src="https://test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
    145  <iframe id="frameB" onload="frameLoaded();" type="content" src="https://test2.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
    146  <iframe id="frameC" onload="frameLoaded();" type="content" src="https://sub1.test1.example.org/tests/js/xpconnect/tests/mochitest/file_expandosharing.html" />
    147 </window>