diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /js/xpconnect/tests/chrome/test_bug792280.xul | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'js/xpconnect/tests/chrome/test_bug792280.xul')
-rw-r--r-- | js/xpconnect/tests/chrome/test_bug792280.xul | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/js/xpconnect/tests/chrome/test_bug792280.xul b/js/xpconnect/tests/chrome/test_bug792280.xul new file mode 100644 index 000000000..bbc420aa2 --- /dev/null +++ b/js/xpconnect/tests/chrome/test_bug792280.xul @@ -0,0 +1,45 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/css" href="chrome://global/skin"?> +<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=792280 +--> +<window title="Mozilla Bug 792280" + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> + <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/> + + <!-- test results are displayed in the html:body --> + <body xmlns="http://www.w3.org/1999/xhtml"> + <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=792280" + target="_blank">Mozilla Bug 792280</a> + </body> + + <!-- test code goes here --> + <script type="application/javascript"> + <![CDATA[ + /** Test for Bug 792280 **/ + const Cu = Components.utils; + + function checkSb(sb, expect) { + var target = new Cu.Sandbox('http://www.example.com'); + Cu.evalInSandbox('function fun() { return arguments.callee.caller; };', target); + sb.fun = target.fun; + let allowed = false; + try { + allowed = Cu.evalInSandbox('function doTest() { return fun() == doTest; }; doTest()', sb); + isnot(expect, "throw", "Should have thrown"); + } catch (e) { + is(expect, "throw", "Should expect exception"); + ok(/denied|insecure/.test(e), "Should be a security exception: " + e); + } + is(allowed, expect == "allow", "should censor appropriately"); + } + + // Note that COWs are callable, but XOWs are not. + checkSb(new Cu.Sandbox('http://www.example.com'), "allow"); + checkSb(new Cu.Sandbox('http://www.example.org'), "throw"); + checkSb(new Cu.Sandbox(window), "censor"); + + ]]> + </script> +</window> |