зеркало из https://github.com/mozilla/gecko-dev.git
59 строки
1.9 KiB
HTML
59 строки
1.9 KiB
HTML
<!DOCTYPE HTML>
|
|
<html>
|
|
<!--
|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=732413
|
|
-->
|
|
<head>
|
|
<title>Test for Bug 732413</title>
|
|
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
|
</head>
|
|
<body>
|
|
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=732413">Mozilla Bug 732413</a>
|
|
<p id="display"></p>
|
|
<div id="content" style="display: none">
|
|
|
|
</div>
|
|
<pre id="test">
|
|
<script type="application/javascript">
|
|
|
|
/** Test for Bug 732413
|
|
Passing DISALLOW_INHERIT_PRINCIPAL flag should be effective even if
|
|
aPrincipal is the system principal.
|
|
**/
|
|
|
|
const nsIScriptSecurityManager = SpecialPowers.Ci.nsIScriptSecurityManager;
|
|
var secMan = SpecialPowers.Cc["@mozilla.org/scriptsecuritymanager;1"]
|
|
.getService(nsIScriptSecurityManager);
|
|
var sysPrincipal = secMan.getSystemPrincipal();
|
|
isnot(sysPrincipal, undefined, "Should have a principal");
|
|
isnot(sysPrincipal, null, "Should have a non-null principal");
|
|
is(sysPrincipal.isSystemPrincipal, true,
|
|
"Should have system principal here");
|
|
|
|
|
|
var inheritingURI = SpecialPowers.Services.io.newURI("javascript:1+1");
|
|
|
|
// First try a normal call to checkLoadURIWithPrincipal
|
|
try {
|
|
secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI,
|
|
nsIScriptSecurityManager.STANDARD);
|
|
ok(true, "checkLoadURI allowed the load");
|
|
} catch (e) {
|
|
ok(false, "checkLoadURI failed unexpectedly: " + e);
|
|
}
|
|
|
|
// Now call checkLoadURIWithPrincipal with DISALLOW_INHERIT_PRINCIPAL
|
|
try {
|
|
secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI,
|
|
nsIScriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
|
|
ok(false, "checkLoadURI allowed the load unexpectedly");
|
|
} catch (e) {
|
|
ok(true, "checkLoadURI prevented load of principal-inheriting URI");
|
|
}
|
|
|
|
</script>
|
|
</pre>
|
|
</body>
|
|
</html>
|