<!DOCTYPE HTML> <html> <!-- https://bugzilla.mozilla.org/show_bug.cgi?id=292789 --> <head> <title>Test for Bug 292789</title> <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> </head> <body> <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=292789">Mozilla Bug 292789</a> <p id="display"></p> <div id="content" style="display: none"> <script src="chrome://global/content/treeUtils.js"></script> <script type="application/javascript;version=1.8" src="chrome://mozapps/content/xpinstall/xpinstallConfirm.js"></script> <script id="resjs" type="application/javascript;version=1.8"></script> </div> <pre id="test"> <script class="testbody" type="text/javascript"> /** Test for Bug 292789 ** ** Selectively allow access to whitelisted chrome packages ** even for ALLOW_CHROME mechanisms (<script>, <img> etc) **/ SimpleTest.waitForExplicitFinish(); /** <script src=""> test **/ function testScriptSrc(aCallback) { is(typeof gTreeUtils.sort, "function", "content can still load <script> from chrome://global"); is(typeof XPInstallConfirm, "undefined", "content should not be able to load <script> from chrome://mozapps"); /** make sure the last one didn't pass because someone ** moved the resource **/ var resjs = document.getElementById("resjs"); resjs.onload = scriptOnload; resjs.src = "resource://gre/chrome/toolkit/content/mozapps/xpinstall/xpinstallConfirm.js"; document.getElementById("content").appendChild(resjs); function scriptOnload() { is(typeof XPInstallConfirm, "object", "xpinstallConfirm.js has not moved unexpectedly"); // trigger the callback if (aCallback) aCallback(); } } /** <img src=""> tests **/ var img_global = "chrome://global/skin/icons/Error.png"; var img_mozapps = "chrome://mozapps/skin/plugins/contentPluginClose.png"; var res_mozapps = "resource://gre/chrome/toolkit/skin/classic/mozapps/plugins/contentPluginClose.png"; var imgTests = [[img_global, "success"], [img_mozapps, "fail"], [res_mozapps, "success"]]; var curImgTest = 0; function runImgTest() { var test = imgTests[curImgTest++]; var callback = curImgTest == imgTests.length ? finishTest : runImgTest; loadImage(test[0], test[1], callback); } function finishTest() { SimpleTest.finish(); } function fail(event) { is("fail", event.target.expected, "content should not be allowed to load "+event.target.src); if (event.target.callback) event.target.callback(); } function success(event) { is("success", event.target.expected, "content should be able to load "+event.target.src); if (event.target.callback) event.target.callback(); } function loadImage(uri, expect, callback) { var img = document.createElement("img"); img.onerror = fail; img.onload = success; img.expected = expect; img.callback = callback; img.src = uri; //document.getElementById("content").appendChild(img); } // Start off the script src test, and have it start the img tests when complete. testScriptSrc(runImgTest); </script> </pre> </body> </html>