summaryrefslogtreecommitdiffstats
path: root/browser/base/content/test/general/browser_web_channel.js
diff options
context:
space:
mode:
Diffstat (limited to 'browser/base/content/test/general/browser_web_channel.js')
-rw-r--r--browser/base/content/test/general/browser_web_channel.js436
1 files changed, 436 insertions, 0 deletions
diff --git a/browser/base/content/test/general/browser_web_channel.js b/browser/base/content/test/general/browser_web_channel.js
new file mode 100644
index 000000000..abc1c6fef
--- /dev/null
+++ b/browser/base/content/test/general/browser_web_channel.js
@@ -0,0 +1,436 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+Cu.import("resource://gre/modules/Promise.jsm");
+Cu.import("resource://gre/modules/Task.jsm");
+Cu.import("resource://gre/modules/Services.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "WebChannel",
+ "resource://gre/modules/WebChannel.jsm");
+
+const HTTP_PATH = "http://example.com";
+const HTTP_ENDPOINT = "/browser/browser/base/content/test/general/browser_web_channel.html";
+const HTTP_MISMATCH_PATH = "http://example.org";
+const HTTP_IFRAME_PATH = "http://mochi.test:8888";
+const HTTP_REDIRECTED_IFRAME_PATH = "http://example.org";
+
+requestLongerTimeout(2); // timeouts in debug builds.
+
+// Keep this synced with /mobile/android/tests/browser/robocop/testWebChannel.js
+// as much as possible. (We only have that since we can't run browser chrome
+// tests on Android. Yet?)
+var gTests = [
+ {
+ desc: "WebChannel generic message",
+ run: function* () {
+ return new Promise(function(resolve, reject) {
+ let tab;
+ let channel = new WebChannel("generic", Services.io.newURI(HTTP_PATH, null, null));
+ channel.listen(function (id, message, target) {
+ is(id, "generic");
+ is(message.something.nested, "hello");
+ channel.stopListening();
+ gBrowser.removeTab(tab);
+ resolve();
+ });
+
+ tab = gBrowser.addTab(HTTP_PATH + HTTP_ENDPOINT + "?generic");
+ });
+ }
+ },
+ {
+ desc: "WebChannel generic message in a private window.",
+ run: function* () {
+ let promiseTestDone = new Promise(function(resolve, reject) {
+ let channel = new WebChannel("generic", Services.io.newURI(HTTP_PATH, null, null));
+ channel.listen(function(id, message, target) {
+ is(id, "generic");
+ is(message.something.nested, "hello");
+ channel.stopListening();
+ resolve();
+ });
+ });
+
+ const url = HTTP_PATH + HTTP_ENDPOINT + "?generic";
+ let privateWindow = yield BrowserTestUtils.openNewBrowserWindow({private: true});
+ yield BrowserTestUtils.openNewForegroundTab(privateWindow.gBrowser, url);
+ yield promiseTestDone;
+ yield BrowserTestUtils.closeWindow(privateWindow);
+ }
+ },
+ {
+ desc: "WebChannel two way communication",
+ run: function* () {
+ return new Promise(function(resolve, reject) {
+ let tab;
+ let channel = new WebChannel("twoway", Services.io.newURI(HTTP_PATH, null, null));
+
+ channel.listen(function (id, message, sender) {
+ is(id, "twoway", "bad id");
+ ok(message.command, "command not ok");
+
+ if (message.command === "one") {
+ channel.send({ data: { nested: true } }, sender);
+ }
+
+ if (message.command === "two") {
+ is(message.detail.data.nested, true);
+ channel.stopListening();
+ gBrowser.removeTab(tab);
+ resolve();
+ }
+ });
+
+ tab = gBrowser.addTab(HTTP_PATH + HTTP_ENDPOINT + "?twoway");
+ });
+ }
+ },
+ {
+ desc: "WebChannel two way communication in an iframe",
+ run: function* () {
+ let parentChannel = new WebChannel("echo", Services.io.newURI(HTTP_PATH, null, null));
+ let iframeChannel = new WebChannel("twoway", Services.io.newURI(HTTP_IFRAME_PATH, null, null));
+ let promiseTestDone = new Promise(function (resolve, reject) {
+ parentChannel.listen(function (id, message, sender) {
+ reject(new Error("WebChannel message incorrectly sent to parent"));
+ });
+
+ iframeChannel.listen(function (id, message, sender) {
+ is(id, "twoway", "bad id (2)");
+ ok(message.command, "command not ok (2)");
+
+ if (message.command === "one") {
+ iframeChannel.send({ data: { nested: true } }, sender);
+ }
+
+ if (message.command === "two") {
+ is(message.detail.data.nested, true);
+ resolve();
+ }
+ });
+ });
+ yield BrowserTestUtils.withNewTab({
+ gBrowser: gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?iframe"
+ }, function* () {
+ yield promiseTestDone;
+ parentChannel.stopListening();
+ iframeChannel.stopListening();
+ });
+ }
+ },
+ {
+ desc: "WebChannel response to a redirected iframe",
+ run: function* () {
+ /**
+ * This test checks that WebChannel responses are only sent
+ * to an iframe if the iframe has not redirected to another origin.
+ * Test flow:
+ * 1. create a page, embed an iframe on origin A.
+ * 2. the iframe sends a message `redirecting`, then redirects to
+ * origin B.
+ * 3. the iframe at origin B is set up to echo any messages back to the
+ * test parent.
+ * 4. the test parent receives the `redirecting` message from origin A.
+ * the test parent creates a new channel with origin B.
+ * 5. when origin B is ready, it sends a `loaded` message to the test
+ * parent, letting the test parent know origin B is ready to echo
+ * messages.
+ * 5. the test parent tries to send a response to origin A. If the
+ * WebChannel does not perform a valid origin check, the response
+ * will be received by origin B. If the WebChannel does perform
+ * a valid origin check, the response will not be sent.
+ * 6. the test parent sends a `done` message to origin B, which origin
+ * B echoes back. If the response to origin A is not echoed but
+ * the message to origin B is, then hooray, the test passes.
+ */
+
+ let preRedirectChannel = new WebChannel("pre_redirect", Services.io.newURI(HTTP_IFRAME_PATH, null, null));
+ let postRedirectChannel = new WebChannel("post_redirect", Services.io.newURI(HTTP_REDIRECTED_IFRAME_PATH, null, null));
+
+ let promiseTestDone = new Promise(function (resolve, reject) {
+ preRedirectChannel.listen(function (id, message, preRedirectSender) {
+ if (message.command === "redirecting") {
+
+ postRedirectChannel.listen(function (aId, aMessage, aPostRedirectSender) {
+ is(aId, "post_redirect");
+ isnot(aMessage.command, "no_response_expected");
+
+ if (aMessage.command === "loaded") {
+ // The message should not be received on the preRedirectChannel
+ // because the target window has redirected.
+ preRedirectChannel.send({ command: "no_response_expected" }, preRedirectSender);
+ postRedirectChannel.send({ command: "done" }, aPostRedirectSender);
+ } else if (aMessage.command === "done") {
+ resolve();
+ } else {
+ reject(new Error(`Unexpected command ${aMessage.command}`));
+ }
+ });
+ } else {
+ reject(new Error(`Unexpected command ${message.command}`));
+ }
+ });
+ });
+
+ yield BrowserTestUtils.withNewTab({
+ gBrowser: gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?iframe_pre_redirect"
+ }, function* () {
+ yield promiseTestDone;
+ preRedirectChannel.stopListening();
+ postRedirectChannel.stopListening();
+ });
+ }
+ },
+ {
+ desc: "WebChannel multichannel",
+ run: function* () {
+ return new Promise(function(resolve, reject) {
+ let tab;
+ let channel = new WebChannel("multichannel", Services.io.newURI(HTTP_PATH, null, null));
+
+ channel.listen(function (id, message, sender) {
+ is(id, "multichannel");
+ gBrowser.removeTab(tab);
+ resolve();
+ });
+
+ tab = gBrowser.addTab(HTTP_PATH + HTTP_ENDPOINT + "?multichannel");
+ });
+ }
+ },
+ {
+ desc: "WebChannel unsolicited send, using system principal",
+ run: function* () {
+ let channel = new WebChannel("echo", Services.io.newURI(HTTP_PATH, null, null));
+
+ // an unsolicted message is sent from Chrome->Content which is then
+ // echoed back. If the echo is received here, then the content
+ // received the message.
+ let messagePromise = new Promise(function (resolve, reject) {
+ channel.listen(function (id, message, sender) {
+ is(id, "echo");
+ is(message.command, "unsolicited");
+
+ resolve()
+ });
+ });
+
+ yield BrowserTestUtils.withNewTab({
+ gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?unsolicited"
+ }, function* (targetBrowser) {
+ channel.send({ command: "unsolicited" }, {
+ browser: targetBrowser,
+ principal: Services.scriptSecurityManager.getSystemPrincipal()
+ });
+ yield messagePromise;
+ channel.stopListening();
+ });
+ }
+ },
+ {
+ desc: "WebChannel unsolicited send, using target origin's principal",
+ run: function* () {
+ let targetURI = Services.io.newURI(HTTP_PATH, null, null);
+ let channel = new WebChannel("echo", targetURI);
+
+ // an unsolicted message is sent from Chrome->Content which is then
+ // echoed back. If the echo is received here, then the content
+ // received the message.
+ let messagePromise = new Promise(function (resolve, reject) {
+ channel.listen(function (id, message, sender) {
+ is(id, "echo");
+ is(message.command, "unsolicited");
+
+ resolve();
+ });
+ });
+
+ yield BrowserTestUtils.withNewTab({
+ gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?unsolicited"
+ }, function* (targetBrowser) {
+
+ channel.send({ command: "unsolicited" }, {
+ browser: targetBrowser,
+ principal: Services.scriptSecurityManager.getNoAppCodebasePrincipal(targetURI)
+ });
+
+ yield messagePromise;
+ channel.stopListening();
+ });
+ }
+ },
+ {
+ desc: "WebChannel unsolicited send with principal mismatch",
+ run: function* () {
+ let targetURI = Services.io.newURI(HTTP_PATH, null, null);
+ let channel = new WebChannel("echo", targetURI);
+
+ // two unsolicited messages are sent from Chrome->Content. The first,
+ // `unsolicited_no_response_expected` is sent to the wrong principal
+ // and should not be echoed back. The second, `done`, is sent to the
+ // correct principal and should be echoed back.
+ let messagePromise = new Promise(function (resolve, reject) {
+ channel.listen(function (id, message, sender) {
+ is(id, "echo");
+
+ if (message.command === "done") {
+ resolve();
+ } else {
+ reject(new Error(`Unexpected command ${message.command}`));
+ }
+ });
+ });
+
+ yield BrowserTestUtils.withNewTab({
+ gBrowser: gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?unsolicited"
+ }, function* (targetBrowser) {
+
+ let mismatchURI = Services.io.newURI(HTTP_MISMATCH_PATH, null, null);
+ let mismatchPrincipal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(mismatchURI);
+
+ // send a message to the wrong principal. It should not be delivered
+ // to content, and should not be echoed back.
+ channel.send({ command: "unsolicited_no_response_expected" }, {
+ browser: targetBrowser,
+ principal: mismatchPrincipal
+ });
+
+ let targetPrincipal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(targetURI);
+
+ // send the `done` message to the correct principal. It
+ // should be echoed back.
+ channel.send({ command: "done" }, {
+ browser: targetBrowser,
+ principal: targetPrincipal
+ });
+
+ yield messagePromise;
+ channel.stopListening();
+ });
+ }
+ },
+ {
+ desc: "WebChannel non-window target",
+ run: function* () {
+ /**
+ * This test ensures messages can be received from and responses
+ * sent to non-window elements.
+ *
+ * First wait for the non-window element to send a "start" message.
+ * Then send the non-window element a "done" message.
+ * The non-window element will echo the "done" message back, if it
+ * receives the message.
+ * Listen for the response. If received, good to go!
+ */
+ let channel = new WebChannel("not_a_window", Services.io.newURI(HTTP_PATH, null, null));
+
+ let testDonePromise = new Promise(function (resolve, reject) {
+ channel.listen(function (id, message, sender) {
+ if (message.command === "start") {
+ channel.send({ command: "done" }, sender);
+ } else if (message.command === "done") {
+ resolve();
+ } else {
+ reject(new Error(`Unexpected command ${message.command}`));
+ }
+ });
+ });
+
+ yield BrowserTestUtils.withNewTab({
+ gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?bubbles"
+ }, function* () {
+ yield testDonePromise;
+ channel.stopListening();
+ });
+ }
+ },
+ {
+ desc: "WebChannel disallows non-string message from non-whitelisted origin",
+ run: function* () {
+ /**
+ * This test ensures that non-string messages can't be sent via WebChannels.
+ * We create a page (on a non-whitelisted origin) which should send us two
+ * messages immediately. The first message has an object for it's detail,
+ * and the second has a string. We check that we only get the second
+ * message.
+ */
+ let channel = new WebChannel("objects", Services.io.newURI(HTTP_PATH, null, null));
+ let testDonePromise = new Promise((resolve, reject) => {
+ channel.listen((id, message, sender) => {
+ is(id, "objects");
+ is(message.type, "string");
+ resolve();
+ });
+ });
+ yield BrowserTestUtils.withNewTab({
+ gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?object"
+ }, function* () {
+ yield testDonePromise;
+ channel.stopListening();
+ });
+ }
+ },
+ {
+ desc: "WebChannel allows both string and non-string message from whitelisted origin",
+ run: function* () {
+ /**
+ * Same process as above, but we whitelist the origin before loading the page,
+ * and expect to get *both* messages back (each exactly once).
+ */
+ let channel = new WebChannel("objects", Services.io.newURI(HTTP_PATH, null, null));
+
+ let testDonePromise = new Promise((resolve, reject) => {
+ let sawObject = false;
+ let sawString = false;
+ channel.listen((id, message, sender) => {
+ is(id, "objects");
+ if (message.type === "object") {
+ ok(!sawObject);
+ sawObject = true;
+ } else if (message.type === "string") {
+ ok(!sawString);
+ sawString = true;
+ } else {
+ reject(new Error(`Unknown message type: ${message.type}`))
+ }
+ if (sawObject && sawString) {
+ resolve();
+ }
+ });
+ });
+ const webchannelWhitelistPref = "webchannel.allowObject.urlWhitelist";
+ let origWhitelist = Services.prefs.getCharPref(webchannelWhitelistPref);
+ let newWhitelist = origWhitelist + " " + HTTP_PATH;
+ Services.prefs.setCharPref(webchannelWhitelistPref, newWhitelist);
+ yield BrowserTestUtils.withNewTab({
+ gBrowser,
+ url: HTTP_PATH + HTTP_ENDPOINT + "?object"
+ }, function* () {
+ yield testDonePromise;
+ Services.prefs.setCharPref(webchannelWhitelistPref, origWhitelist);
+ channel.stopListening();
+ });
+ }
+ }
+]; // gTests
+
+function test() {
+ waitForExplicitFinish();
+
+ Task.spawn(function* () {
+ for (let testCase of gTests) {
+ info("Running: " + testCase.desc);
+ yield testCase.run();
+ }
+ }).then(finish, ex => {
+ ok(false, "Unexpected Exception: " + ex);
+ finish();
+ });
+}