This commit is contained in:
Bobby Holley 2012-03-23 15:00:22 -07:00
Родитель e567a0cae5
Коммит 8e8e938610
4 изменённых файлов: 157 добавлений и 0 удалений

Просмотреть файл

@ -73,6 +73,7 @@ _TEST_FILES = \
489127.html \
test_focus_docnav.xul \
window_focus_docnav.xul \
test_clonewrapper.xul \
$(NULL)
ifeq (WINNT,$(OS_ARCH))

Просмотреть файл

@ -0,0 +1,126 @@
<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=667388
-->
<window title="Mozilla Bug 667388"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
<!-- test code goes here -->
<script type="application/javascript">
<![CDATA[
// Setup.
SimpleTest.waitForExplicitFinish();
window.testObject = { myNumber: 42,
myDomain: window.location.domain };
// Wait for both frames to load before proceeding.
var framesLoaded = [null, false, false, false];
function onFrameLoaded(id) {
// Mark this frame as loaded.
framesLoaded[id] = true;
// Allow it to call |is|.
window.frames[id].wrappedJSObject.is = is;
// If all the frames are loaded, start the test.
if (framesLoaded[1] && framesLoaded[2] && framesLoaded[3])
startTest();
}
function startTest() {
// Test interaction between chrome and content.
runChromeContentTest(window.frames[1]);
// Try same origin.
runContentContentTest(window.frames[1], window.frames[2],
true, "Should be able to clone same-origin");
// Try cross-origin.
runContentContentTest(window.frames[2], window.frames[3],
false, "Should not be able to clone cross-origin");
// Colaborate with document.domain, then try again.
frames[2].document.domain = 'example.org';
frames[3].document.domain = 'example.org';
runContentContentTest(window.frames[2], window.frames[3],
true, "Should be able to clone cross-origin with document.domain")
SimpleTest.finish();
}
// Tests cloning between chrome and content.
function runChromeContentTest(contentWin) {
// We should be able to clone a content object.
tryToClone(contentWin.wrappedJSObject.testObject,
true,
"Chrome should be able to clone content object");
// Content should not be able to clone a chrome object.
//
// Note that because we're using |wrappedJSObject| here, the subject
// principal is clamed to the principal of the iframe, which is what we want.
contentWin.wrappedJSObject.tryToClone(window.testObject, false,
"Content should not be able to clone chrome object");
}
// Test cloning between content and content.
//
// Note - the way we do this is kind of sketchy. Because we're grabbing the
// test object from win1 by waiving Xray (via .wrappedJSObject), the object
// we're passing from win1 to win2 is actually the waived object (which has
// a distinct identity in the compartment of win2). So this means that we're
// actually giving win2 Xray waivers to win1! This doesn't affect things as
// long as the security wrappers check documentDomainMakesSameOrigin directly
// for the puncture case rather than checking IsTransparent(), but it still
// gives rise to a situation that wouldn't really happen in practice.
//
// A more serious issues is that we don't/can't test the Xray wrapper path,
// because the only native objects that we successfully send through
// structured clone don't force a parent in PreCreate, and so we _can't_
// have security wrappers around them (we get a new XPCWN in each
// compartment). Since the case can't happen, we can't write tests for it.
// But when it can happen (ie, we fix PreCreate for File, FileList, Blob, etc),
// we want tests right away, because this stuff is very security-sensitive.
// So we set this test up to fail when things are fixed, so that the someone
// will notice and properly augment this test to cover native objects.
function runContentContentTest(win1, win2, shouldSucceed, msg) {
win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.testObject,
shouldSucceed, msg);
var fixMsg = "If this fails, you fixed PreCreate. That's a good thing, ";
fixMsg += "but now we need some test coverage. See the above comment.";
win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.blob, true, fixMsg);
win1.wrappedJSObject.tryToClone(win2.wrappedJSObject.filelist, true, fixMsg);
}
function tryToClone(obj, shouldSucceed, message) {
var success = false;
var sink = window.frames[0];
try { sink.postMessage(obj, '*'); success = true; }
catch (e) { message = message + ' (threw: ' + e.message + ')'; }
is(success, shouldSucceed, message);
}
]]>
</script>
<!-- test results are displayed in the html:body -->
<body xmlns="http://www.w3.org/1999/xhtml">
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=667388"
target="_blank">Mozilla Bug 667388</a>
<iframe id="sink" />
<!-- The first two are same-origin, the third is not. -->
<iframe id="frame1" onload="onFrameLoaded(1);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
<iframe id="frame2" onload="onFrameLoaded(2);" src="http://test1.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
<iframe id="frame3" onload="onFrameLoaded(3);" src="http://test2.example.org/tests/dom/tests/mochitest/general/file_clonewrapper.html" />
</body>
</window>

Просмотреть файл

@ -82,6 +82,7 @@ _TEST_FILES = \
test_browserFrame7.html \
test_for_of.html \
test_focus_legend_noparent.html \
file_clonewrapper.html \
$(NULL)
_CHROME_FILES = \

Просмотреть файл

@ -0,0 +1,29 @@
<!doctype html>
<html>
<head>
<script type="application/javascript">
// Set up the objects for cloning.
function setup() {
window.testObject = { myNumber: 42,
myDomain: window.location.domain };
window.blob = (new MozBlobBuilder()).getBlob('text/plain');
window.fileList = document.getElementById('fileinput').files;
}
// Called by the chrome parent window.
function tryToClone(obj, shouldSucceed, message) {
var success = false;
var sink = window.frames[0];
try { sink.postMessage(obj, '*'); success = true; }
catch (e) { message = message + ' (threw: ' + e.message + ')'; }
is(success, shouldSucceed, message);
}
</script>
</head>
<body onload="setup()">
<input id="fileinput" type="file"></input>
<iframe id="sink">
</body>
</html>