зеркало из https://github.com/mozilla/gecko-dev.git
117 строки
3.4 KiB
HTML
117 строки
3.4 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<!--
|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=292789
|
|
-->
|
|
<head>
|
|
<title>Test for Bug 292789</title>
|
|
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
|
</head>
|
|
<body>
|
|
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=292789">Mozilla Bug 292789</a>
|
|
<p id="display"></p>
|
|
<div id="content" style="display: none">
|
|
<script src="chrome://global/content/treeUtils.js"></script>
|
|
<script type="application/javascript" src="chrome://mozapps/content/extensions/blocklist.js"></script>
|
|
<script id="resjs" type="application/javascript"></script>
|
|
</div>
|
|
<pre id="test">
|
|
<script class="testbody" type="text/javascript">
|
|
|
|
/** Test for Bug 292789
|
|
**
|
|
** Selectively allow access to allowlisted chrome packages
|
|
** even for ALLOW_CHROME mechanisms (<script>, <img> etc)
|
|
**/
|
|
|
|
/* import-globals-from ../../../toolkit/content/treeUtils.js */
|
|
|
|
SimpleTest.waitForExplicitFinish();
|
|
|
|
let ChromeUtils = {
|
|
import() { return {}; },
|
|
};
|
|
|
|
/** <script src=""> test **/
|
|
function testScriptSrc(aCallback) {
|
|
is(typeof gTreeUtils.sort, "function",
|
|
"content can still load <script> from chrome://global");
|
|
is(typeof Startup, "undefined",
|
|
"content should not be able to load <script> from chrome://mozapps");
|
|
|
|
/** make sure the last one didn't pass because someone
|
|
** moved the resource
|
|
**/
|
|
var resjs = document.getElementById("resjs");
|
|
resjs.onload = scriptOnload;
|
|
resjs.src = "resource://gre/chrome/toolkit/content/mozapps/extensions/blocklist.js";
|
|
document.getElementById("content").appendChild(resjs);
|
|
|
|
function scriptOnload() {
|
|
is(typeof init, "function",
|
|
"blocklist.js has not moved unexpectedly");
|
|
|
|
// trigger the callback
|
|
if (aCallback)
|
|
aCallback();
|
|
}
|
|
}
|
|
|
|
/** <img src=""> tests **/
|
|
var img_global = "chrome://global/skin/media/error.png";
|
|
var img_mozapps = "chrome://mozapps/skin/extensions/extensionGeneric.svg";
|
|
var res_mozapps = "resource://gre/chrome/toolkit/skin/classic/mozapps/extensions/extensionGeneric.svg";
|
|
|
|
var imgTests = [[img_global, "success"],
|
|
[img_mozapps, "fail"],
|
|
[res_mozapps, "success"]];
|
|
|
|
var curImgTest = 0;
|
|
|
|
function runImgTest() {
|
|
var test = imgTests[curImgTest++];
|
|
var callback = curImgTest == imgTests.length ? finishTest : runImgTest;
|
|
loadImage(test[0], test[1], callback);
|
|
}
|
|
|
|
function finishTest() {
|
|
SimpleTest.finish();
|
|
}
|
|
|
|
function fail(event) {
|
|
is("fail", event.target.expected,
|
|
"content should not be allowed to load " + event.target.src);
|
|
if (event.target.callback)
|
|
event.target.callback();
|
|
}
|
|
|
|
function success(event) {
|
|
is("success", event.target.expected,
|
|
"content should be able to load " + event.target.src);
|
|
if (event.target.callback)
|
|
event.target.callback();
|
|
}
|
|
|
|
function loadImage(uri, expect, callback) {
|
|
var img = document.createElement("img");
|
|
img.onerror = fail;
|
|
img.onload = success;
|
|
img.expected = expect;
|
|
img.callback = callback;
|
|
img.src = uri;
|
|
// document.getElementById("content").appendChild(img);
|
|
}
|
|
|
|
// Start off the script src test, and have it start the img tests when complete.
|
|
// Temporarily allow content to access all resource:// URIs.
|
|
SpecialPowers.pushPrefEnv({
|
|
set: [
|
|
["security.all_resource_uri_content_accessible", true],
|
|
],
|
|
}, () => testScriptSrc(runImgTest));
|
|
</script>
|
|
</pre>
|
|
</body>
|
|
</html>
|