Bug 684115 - Test what happens when chrome takes an XHR from one origin and sticks it in another origin. r=sicking
authorBlake Kaplan <mrbkap@gmail.com>
Fri, 02 Sep 2011 16:48:49 -0700
changeset 76494 9d79f12f8d33f96936d647be083e9c292ea3d90a
parent 76493 fc2a18413a7e095cba32522a1874b75fc2d049d2
child 76495 d06e88a99f39a02d5b0d3594df879fea846de2b1
push id3
push userfelipc@gmail.com
push dateFri, 30 Sep 2011 20:09:13 +0000
reviewerssicking
bugs684115
milestone9.0a1
Bug 684115 - Test what happens when chrome takes an XHR from one origin and sticks it in another origin. r=sicking
dom/tests/mochitest/chrome/Makefile.in
dom/tests/mochitest/chrome/test_moving_xhr.xul
dom/tests/mochitest/general/Makefile.in
dom/tests/mochitest/general/file_moving_xhr.html
--- a/dom/tests/mochitest/chrome/Makefile.in
+++ b/dom/tests/mochitest/chrome/Makefile.in
@@ -64,16 +64,17 @@ include $(topsrcdir)/config/rules.mk
 		window_activation.xul \
 		test_DOMWindowCreated.xul \
 		DOMWindowCreated_chrome.xul \
 		DOMWindowCreated_content.html \
 		test_sandbox_image.xul \
 		test_cyclecollector.xul \
 		test_resize_move_windows.xul \
 		test_popup_blocker_chrome.xul \
+		test_moving_xhr.xul \
 		$(NULL)
 
 ifeq (WINNT,$(OS_ARCH))
 _TEST_FILES += \
 		test_sizemode_attribute.xul \
 		sizemode_attribute.xul \
 		$(NULL)
 endif
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/chrome/test_moving_xhr.xul
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
+<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css"
+                 type="text/css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=654370
+-->
+<window title="Mozilla Bug 654370"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+  <script type="application/javascript"
+          src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+
+  <!-- test results are displayed in the html:body -->
+  <body xmlns="http://www.w3.org/1999/xhtml">
+  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=654370"
+     target="_blank">Mozilla Bug 654370</a>
+  </body>
+
+  <!-- test code goes here -->
+  <script type="application/javascript"><![CDATA[
+      SimpleTest.waitForExplicitFinish();
+
+      var firstWindow, secondWindow;
+      function iframe_loaded() {
+        if (!firstWindow || !secondWindow)
+          return;
+        var xhr = firstWindow.wrappedJSObject.createXHR();
+        ok(!("expando" in xhr), "shouldn't be able to see expandos on the XHR");
+        is(xhr.readyState, XMLHttpRequest.UNSENT, "can access readyState in chrome");
+        secondWindow.wrappedJSObject.tryToUseXHR(xhr, ok);
+        secondWindow.wrappedJSObject.tryToUseXHR(new XMLHttpRequest(), ok);
+        SimpleTest.finish();
+      }
+
+  ]]></script>
+
+  <iframe id="one" src="http://mochi.test:8888/tests/dom/tests/mochitest/general/file_moving_xhr.html"
+          onload="firstWindow = this.contentWindow; iframe_loaded()" />
+  <iframe id="two" src="http://example.org/tests/dom/tests/mochitest/general/file_moving_xhr.html"
+          onload="secondWindow = this.contentWindow; iframe_loaded()" />
+</window>
--- a/dom/tests/mochitest/general/Makefile.in
+++ b/dom/tests/mochitest/general/Makefile.in
@@ -63,16 +63,17 @@ include $(topsrcdir)/config/rules.mk
 		test_windowProperties.html \
 		test_clipboard_events.html \
 		test_nodesFromRect.html \
 		test_frameElementWrapping.html \
 		file_frameElementWrapping.html \
 		test_framedhistoryframes.html \
 		test_windowedhistoryframes.html \
 		test_focusrings.xul \
+		file_moving_xhr.html \
 		$(NULL)
 
 _CHROME_FILES = \
 		test_innerScreen.xul \
 		test_offsets.xul \
 		test_offsets.js \
 		$(NULL)
 
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/general/file_moving_xhr.html
@@ -0,0 +1,26 @@
+<html>
+    <head>
+        <script>
+            function createXHR() {
+                return new XMLHttpRequest();
+            }
+
+            function tryToUseXHR(xhr, ok) {
+                function expectException(op, reason) {
+                    try {
+                        var result = op();
+                        ok(false, "should have thrown an exception, got: " + result);
+                    } catch (e) {
+                        ok(/Permission denied/.test(e.toString()), reason);
+                    }
+                }
+
+                expectException(function() { xhr.open(); }, "should not have access to any functions");
+                expectException(function() { xhr.foo = "foo"; }, "should not be able to add expandos");
+                expectException(function() { xhr.withCredentials = true; }, "should not be able to set attributes");
+            }
+        </script>
+    </head>
+    <body>
+    </body>
+</html>