toolkit/components/extensions/test/mochitest/test_ext_contentscript_create_iframe.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

<!DOCTYPE HTML>
<html>
<head>
  <title>Test for content script</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
  <script type="text/javascript" src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
  <script type="text/javascript" src="head.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>

<!-- WORKAROUND: this textarea hack is used to contain the html page source without escaping it -->
<textarea id="test-asset">
  <!DOCTYPE HTML>
  <html>
    <head>
      <meta charset="utf-8">
      <script type="text/javascript" src="content_script_iframe.js"></script>
    </head>
  </html>
</textarea>

<script type="text/javascript">
"use strict";

add_task(function* test_contentscript_create_iframe() {
  function background() {
    browser.runtime.onMessage.addListener((msg, sender) => {
      let {name, availableAPIs, manifest, testGetManifest} = msg;
      let hasExtTabsAPI = availableAPIs.indexOf("tabs") > 0;
      let hasExtWindowsAPI = availableAPIs.indexOf("windows") > 0;

      browser.test.assertFalse(hasExtTabsAPI, "the created iframe should not be able to use privileged APIs (tabs)");
      browser.test.assertFalse(hasExtWindowsAPI, "the created iframe should not be able to use privileged APIs (windows)");

      let {applications: {gecko: {id: expectedManifestGeckoId}}} = chrome.runtime.getManifest();
      let {applications: {gecko: {id: actualManifestGeckoId}}} = manifest;

      browser.test.assertEq(actualManifestGeckoId, expectedManifestGeckoId,
                            "the add-on manifest should be accessible from the created iframe"
      );

      let {applications: {gecko: {id: testGetManifestGeckoId}}} = testGetManifest;

      browser.test.assertEq(testGetManifestGeckoId, expectedManifestGeckoId,
                              "GET_MANIFEST() returns manifest data before extension unload"
      );

      browser.test.sendMessage(name);
    });
  }

  function contentScript() {
    let iframe = document.createElement("iframe");
    iframe.setAttribute("src", browser.runtime.getURL("content_script_iframe.html"));
    document.body.appendChild(iframe);
  }

  function contentScriptIframe() {
    window.GET_MANIFEST = browser.runtime.getManifest.bind(null);

    window.testGetManifestException = () => {
      try {
        window.GET_MANIFEST();
      } catch (exception) {
        return String(exception);
      }
    };

    let testGetManifest = window.GET_MANIFEST();

    let manifest = browser.runtime.getManifest();
    let availableAPIs = Object.keys(browser);

    browser.runtime.sendMessage({
      name: "content-script-iframe-loaded",
      availableAPIs,
      manifest,
      testGetManifest,
    });
  }

  const ID = "contentscript@tests.mozilla.org";
  let extensionData = {
    manifest: {
      applications: {gecko: {id: ID}},
      content_scripts: [
        {
          "matches": ["http://mochi.test/*/file_sample.html"],
          "js": ["content_script.js"],
          "run_at": "document_idle",
        },
      ],
      web_accessible_resources: [
        "content_script_iframe.html",
      ],
    },

    background,

    files: {
      "content_script.js": contentScript,
      "content_script_iframe.html": document.querySelector("#test-asset").textContent,
      "content_script_iframe.js": contentScriptIframe,
    },
  };

  let extension = ExtensionTestUtils.loadExtension(extensionData);

  let contentScriptIframeCreatedPromise = new Promise(resolve => {
    extension.onMessage("content-script-iframe-loaded", () => { resolve(); });
  });

  yield extension.startup();
  info("extension loaded");

  let win = window.open("file_sample.html");

  yield Promise.all([waitForLoad(win), contentScriptIframeCreatedPromise]);
  info("content script privileged iframe loaded and executed");

  info("testing APIs availability once the extension is unloaded...");

  let iframeWindow = SpecialPowers.wrap(win)[0];

  ok(iframeWindow, "content script enabled iframe found");
  ok(/content_script_iframe\.html$/.test(iframeWindow.location), "the found iframe has the expected URL");

  yield extension.unload();
  info("extension unloaded");

  info("test content script APIs not accessible from the frame once the extension is unloaded");

  let ww = SpecialPowers.Cu.waiveXrays(iframeWindow);
  let isDeadWrapper = SpecialPowers.Cu.isDeadWrapper(ww.browser);
  ok(!isDeadWrapper, "the API object should not be a dead object");

  let manifest;
  let manifestException;

  try {
    manifest = ww.browser.runtime.getManifest();
  } catch (e) {
    manifestException = e;
  }

  ok(!manifest, "manifest should be undefined");

  is(String(manifestException), "TypeError: ww.browser.runtime is undefined",
     "expected exception received");

  let getManifestException = ww.testGetManifestException();

  is(getManifestException, "TypeError: can't access dead object",
     "expected exception received");

  win.close();

  info("done");
});
</script>

</body>
</html>