tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_subScriptLoader.js (938B)

      1 "use strict";
      2 
      3 add_task(async function test_executeScriptAfterNuked() {
      4  let scriptUrl = Services.io.newFileURI(do_get_file("file_simple_script.js")).spec;
      5 
      6  // Load the script for the first time into a sandbox, and then nuke
      7  // that sandbox.
      8  let sandbox = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
      9  Services.scriptloader.loadSubScript(scriptUrl, sandbox);
     10  Cu.nukeSandbox(sandbox);
     11 
     12  // Load the script again into a new sandbox, and make sure it
     13  // succeeds.
     14  sandbox = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
     15  Services.scriptloader.loadSubScript(scriptUrl, sandbox);
     16 });
     17 
     18 
     19 add_task(function test_disallowed_scheme() {
     20  const URLs = [
     21    "data:text/javascript,1",
     22    "blob:https://example.org/aa99b0a0-25cd-44b2-840d-641c5c55f0fd",
     23  ]
     24 
     25  for (let url of URLs) {
     26    Assert.throws(() => Services.scriptloader.loadSubScript(url, {}), /Trying to load untrusted URI/);
     27  }
     28 })