Bug 799952 - Test for x-domain access to location objects. r=bz

2012-10-24 22:03:20 -04:00 · 2012-10-24 22:03:20 -04:00 · c23732fbe1
--- a/dom/tests/mochitest/bugs/Makefile.in
+++ b/dom/tests/mochitest/bugs/Makefile.in
@ -130,6 +130,8 @@ MOCHITEST_FILES	= \
 		test_bug755320.html \
 		test_bug777628.html \
 		test_bug665548.html \
+		test_bug799952.html \
+		child_bug799952.html \
 		$(NULL)

 ifneq (Linux,$(OS_ARCH))
--- a/dom/tests/mochitest/bugs/child_bug799952.html
+++ b/dom/tests/mochitest/bugs/child_bug799952.html
@ -0,0 +1,2 @@
+<!DOCTYPE html>
+#799952
--- a/dom/tests/mochitest/bugs/test_bug799952.html
+++ b/dom/tests/mochitest/bugs/test_bug799952.html
@ -0,0 +1,134 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=799952
+-->
+<head>
+  <title>Test for Bug 799952</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=799952">Mozilla Bug 799952</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+  
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+/** Test for Bug 799952 **/
+SimpleTest.waitForExplicitFinish();
+
+function start()
+{
+
+// the following are error cases. If they do not throw, they are failures.
+
+  var result;
+  try {
+  	foo = String (/(.*)/.exec($("win").contentWindow.location)[1]);
+  	result = "no error";
+  } catch (e) {
+  	result = e.toString();
+  }
+  is(result, "Error: Permission denied to access property \'toString\'", 
+     "Access to xdomain location via regexp must throw exception")
+
+
+  try {
+  	foo = document.getElementById("win").contentWindow.location + "";
+  	result = "no error";
+  } catch (e) {
+  	result = e.toString();
+  }
+  is(result, "Error: Permission denied to access property \'valueOf\'",
+     "Access to xdomain location via contentWindow.location must throw exception")
+
+
+  try {
+  	foo = document.getElementById("divA").textContent = 
+	document.getElementById("win").contentWindow.location;
+	result = "no error";
+  } catch (e) {
+	result = e.toString();
+  }
+  is(result, "Error: Permission denied to access property \'toString\'", 
+     "Access to xdomain iframe contentWindow.location object via textContent should throw exception")
+
+
+  try {
+	foo = Object.prototype.toString.call(document.getElementById("win").contentWindow.location);
+	result = "no error";
+  } catch (e) {
+	result = e.toString()
+  }
+
+  is(result, "Error: Permission denied to access object", 
+     "Access to xdomain iframe contentWindow.location object via textContent should throw exception")
+
+  // The following are normal cases to verify that we have not prevented same-domain use cases, which should be allowed.
+
+
+  try {
+	foo = String (/(.*)/.exec(document.getElementById("sameDomainContent").contentWindow.location)[1]);
+	result = foo.substr(foo.lastIndexOf("/"));
+  } catch (e) {
+	result = e.toString()
+  }
+
+  is(result, "/child_bug799952.html", 
+     "Same-domain access to location object via regexp should be allowed")
+
+
+  try {
+	foo = document.getElementById("sameDomainContent").contentWindow.location + "";
+	result = foo.substr(foo.lastIndexOf("/"));
+  } catch (e) {
+	result = e.toString()
+  }
+  is(result, "/child_bug799952.html", 
+     "Same-domain access to contentWindow.location object should be allowed")
+
+
+
+
+  try {
+	document.getElementById("divA").textContent = 
+	document.getElementById("sameDomainContent").contentWindow.location;
+	foo = document.getElementById("divA").textContent;
+	result = foo.substr(foo.lastIndexOf("/"));
+  } catch (e) {
+	result = e.toString()
+  }
+  is(result, "/child_bug799952.html", 
+     "Same-domain access to contentWindow.location object via textContent should be allowed")
+
+
+
+  try {
+	foo = Object.prototype.toString.call(document.getElementById("sameDomainContent").contentWindow.location);
+	result = foo.toString();
+  } catch (e) {
+	result = e.toString()
+  }
+  is(result, "[object Location]", 
+     "Same-domain access to contentWindow.location object via Object.prototype.toString.call should be allowed")
+
+  SimpleTest.finish();
+}
+addLoadEvent(start);
+
+</script>
+</pre>
+
+
+<div id="divA">Please wait two seconds...</div>
+<iframe id="win" src="https://example.com:443/tests/dom/tests/mochitest/bugs/child_bug799952.html"></iframe> 
+<iframe id="sameDomainContent" src="child_bug799952.html"></iframe>
+<div id="results"></div>
+
+
+</body>
+</html>