toolkit/mozapps/webextensions/test/browser/browser_webapi_access.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/
 */

registerCleanupFunction(() => {
  Services.prefs.clearUserPref("extensions.webapi.testing");
});

function check_frame_availability(browser) {
  return ContentTask.spawn(browser, null, function*() {
    let frame = content.document.getElementById("frame");
    return frame.contentWindow.document.getElementById("result").textContent == "true";
  });
}

function check_availability(browser) {
  return ContentTask.spawn(browser, null, function*() {
    return content.document.getElementById("result").textContent == "true";
  });
}

// Test that initially the API isn't available in the test domain
add_task(function* test_not_available() {
  yield BrowserTestUtils.withNewTab(`${SECURE_TESTROOT}webapi_checkavailable.html`,
    function* test_not_available(browser) {
      let available = yield check_availability(browser);
      ok(!available, "API should not be available.");
    })
});

// Test that with testing on the API is available in the test domain
add_task(function* test_available() {
  Services.prefs.setBoolPref("extensions.webapi.testing", true);

  yield BrowserTestUtils.withNewTab(`${SECURE_TESTROOT}webapi_checkavailable.html`,
    function* test_not_available(browser) {
      let available = yield check_availability(browser);
      ok(available, "API should be available.");
    })
});

// Test that the API is not available in a bad domain
add_task(function* test_bad_domain() {
  yield BrowserTestUtils.withNewTab(`${SECURE_TESTROOT2}webapi_checkavailable.html`,
    function* test_not_available(browser) {
      let available = yield check_availability(browser);
      ok(!available, "API should not be available.");
    })
});

// Test that the API is only available in https sites
add_task(function* test_not_available_http() {
  yield BrowserTestUtils.withNewTab(`${TESTROOT}webapi_checkavailable.html`,
    function* test_not_available(browser) {
      let available = yield check_availability(browser);
      ok(!available, "API should not be available.");
    })
});

// Test that the API is available when in a frame of the test domain
add_task(function* test_available_framed() {
  yield BrowserTestUtils.withNewTab(`${SECURE_TESTROOT}webapi_checkframed.html`,
    function* test_available(browser) {
      let available = yield check_frame_availability(browser);
      ok(available, "API should be available.");
    })
});

// Test that if the external frame is http then the inner frame doesn't have
// the API
add_task(function* test_not_available_http_framed() {
  yield BrowserTestUtils.withNewTab(`${TESTROOT}webapi_checkframed.html`,
    function* test_not_available(browser) {
      let available = yield check_frame_availability(browser);
      ok(!available, "API should not be available.");
    })
});

// Test that if the external frame is a bad domain then the inner frame doesn't
// have the API
add_task(function* test_not_available_framed() {
  yield BrowserTestUtils.withNewTab(`${SECURE_TESTROOT2}webapi_checkframed.html`,
    function* test_not_available(browser) {
      let available = yield check_frame_availability(browser);
      ok(!available, "API should not be available.");
    })
});

// Test that a window navigated to a bad domain doesn't allow access to the API
add_task(function* test_navigated_window() {
  yield BrowserTestUtils.withNewTab(`${SECURE_TESTROOT2}webapi_checknavigatedwindow.html`,
    function* test_available(browser) {
      let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser);

      yield ContentTask.spawn(browser, null, function*() {
        yield content.wrappedJSObject.openWindow();
      });

      // Should be a new tab open
      let tab = yield tabPromise;
      let loadPromise = BrowserTestUtils.browserLoaded(gBrowser.getBrowserForTab(tab));

      ContentTask.spawn(browser, null, function*() {
        content.wrappedJSObject.navigate();
      });

      yield loadPromise;

      let available = yield ContentTask.spawn(browser, null, function*() {
        return content.wrappedJSObject.check();
      });

      ok(!available, "API should not be available.");

      gBrowser.removeTab(tab);
    })
});

// Check that if a page is embedded in a chrome content UI that it can still
// access the API.
add_task(function* test_chrome_frame() {
  yield BrowserTestUtils.withNewTab(`${CHROMEROOT}webapi_checkchromeframe.xul`,
    function* test_available(browser) {
      let available = yield check_frame_availability(browser);
      ok(available, "API should be available.");
    })
});