Bug 579303 Fix docshells to respect SetAllowJavascript properly. r=ehsan,smag,a=bsmedberg
authorMark Banner <bugzilla@standard8.plus.com>
Fri, 23 Jul 2010 07:40:19 +0100
changeset 48119 05a194f6de30fb8694bc5e4c98b56eeb9092c885
parent 48118 2addd3953801997e9994689ed83d510f075fb425
child 48120 f4fd78850340c58f4ed4702c1e5329f0d6ff9a0d
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersehsan, smag, bsmedberg
bugs579303
milestone2.0b3pre
Bug 579303 Fix docshells to respect SetAllowJavascript properly. r=ehsan,smag,a=bsmedberg
docshell/base/nsDocShell.cpp
editor/composer/test/test_bug519928.html
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -11324,16 +11324,17 @@ nsDocShell::GetCanExecuteScripts(PRBool 
                       // scripts at all.
                       return NS_OK;
                   }
               }
           } else if (lookForParents) {
               // The parent docshell was not explicitly set to design
               // mode, so js on the child docshell was disabled for
               // another reason.  Therefore, we need to disable js.
+              *aResult = PR_FALSE;
               return NS_OK;
           }
           firstPass = PR_FALSE;
 
           treeItem->GetParent(getter_AddRefs(parentItem));
           treeItem.swap(parentItem);
           docshell = do_QueryInterface(treeItem);
 #ifdef DEBUG
--- a/editor/composer/test/test_bug519928.html
+++ b/editor/composer/test/test_bug519928.html
@@ -15,24 +15,24 @@ https://bugzilla.mozilla.org/show_bug.cg
 <div id="content">
 <iframe id="load-frame"></iframe>  
 </div>
 <pre id="test">
 <script class="testbody" type="text/javascript">
 
 var iframe = document.getElementById("load-frame");
 
-function enableJS() allowJS(true);
-function disableJS() allowJS(false);
-function allowJS(allow) {
+function enableJS() allowJS(true, iframe);
+function disableJS() allowJS(false, iframe);
+function allowJS(allow, frame) {
   netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-  iframe.contentWindow.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
-                      .getInterface(Components.interfaces.nsIWebNavigation)
-                      .QueryInterface(Components.interfaces.nsIDocShell)
-                      .allowJavascript = allow;
+  frame.contentWindow.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
+                     .getInterface(Components.interfaces.nsIWebNavigation)
+                     .QueryInterface(Components.interfaces.nsIDocShell)
+                     .allowJavascript = allow;
 }
 function expectJSAllowed(allowed, testCondition, callback) {
   window.ICanRunMyJS = false;
   var self_ = window;
   testCondition();
 
   var doc = iframe.contentDocument;
   doc.body.innerHTML = "<iframe></iframe>";
@@ -65,17 +65,17 @@ addLoadEvent(function() {
                   expectJSAllowed(false, disableJS, function() {
                     expectJSAllowed(true, enableJS, function() {
                       expectJSAllowed(true, enterDesignMode, function() {
                         expectJSAllowed(true, leaveDesignMode, function() {
                           expectJSAllowed(false, disableJS, function() {
                             expectJSAllowed(true, enterDesignMode, function() {
                               expectJSAllowed(false, leaveDesignMode, function() {
                                 expectJSAllowed(true, enableJS, function() {
-                                  SimpleTest.finish();
+                                  testDocumentDisabledJS();
                                 });
                               });
                             });
                           });
                         });
                       });
                     });
                   });
@@ -84,13 +84,42 @@ addLoadEvent(function() {
             });
           });
         });
       });
     });
   });
 });
 
+function testDocumentDisabledJS() {
+  window.ICanRunMyJS = false;
+  var self_ = window;
+  // Ensure design modes are disabled
+  document.designMode = "off";
+  iframe.contentDocument.designMode = "off";
+
+  // Javascriont enabled on the main iframe
+  enableJS();
+
+  var doc = iframe.contentDocument;
+  doc.body.innerHTML = "<iframe></iframe>";
+  var innerFrame = doc.querySelector("iframe");
+
+  // Javascript disabled on the innerFrame.
+  allowJS(false, innerFrame);
+
+  innerFrame.addEventListener("load", function() {
+    innerFrame.removeEventListener("load", arguments.callee, false);
+
+    var msg = "The inner iframe should not be able to run Javascript";
+    is(self_.ICanRunMyJS, false, msg);
+    SimpleTest.finish();
+    endTest();
+  }, false);
+  var iframeSrc = "data:text/html,<script>parent.parent.ICanRunMyJS = true;</scr" + "ipt>";
+  innerFrame.src = iframeSrc;
+}
+
 </script>
 </pre>
 </body>
 </html>