Bug 839867 - Align gecko with the spec on cross-origin access to Location.hash. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Mon, 11 Feb 2013 00:05:17 +0100
changeset 131354 1c2e7ae47afcdb65aea913365be867abf7327a8a
parent 131353 1ff7a764c2a9fcaaec2c6b254a86832c1bdf4fca
child 131355 a4ce303cca2f9c4581530c80666d8041fdd53809
push id2323
push userbbajaj@mozilla.com
push dateMon, 01 Apr 2013 19:47:02 +0000
treeherdermozilla-beta@7712be144d91 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs839867
milestone21.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 839867 - Align gecko with the spec on cross-origin access to Location.hash. r=bz We update the tests to cover this case. There was also a bug in the tests where we were accidentally testing non-writable Location properties against window rather than window.location. :-(
content/base/test/file_bug326337_inner.html
js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
js/xpconnect/wrappers/AccessCheck.cpp
--- a/content/base/test/file_bug326337_inner.html
+++ b/content/base/test/file_bug326337_inner.html
@@ -31,29 +31,29 @@ function runTest2() {
   var secondDoc = false;
   xhr = new XMLHttpRequest();
   xhr.multipart = true;
   xhr.open("GET", "file_bug326337_multipart.txt", true);
   xhr.onreadystatechange = function() {
     if (xhr.readyState == 4) {
       check(xhr.responseXML.documentElement.getAttribute("root"));
       if (secondDoc) {
-        parent.location.hash = "#done";
+        SpecialPowers.wrap(parent).location.hash = "#done";
       }
       else {
         secondDoc = true;
       }
     }
   }
   xhr.send(null);
 }
 
 function check(attr) {
   if (attr != "yes") {
-    parent.location.hash = "#fail";
+    SpeciaPowers.wrap(parent).location.hash = "#fail";
     throw 1;
   }
 }
 
 </script>
 </pre>
 </body>
 </html>
--- a/js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
+++ b/js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
@@ -49,17 +49,17 @@ function isCrossOriginReadable(obj, prop
     return prop == 'replace';
   return false;
 }
 
 function isCrossOriginWritable(obj, prop) {
   if (obj == "Window")
     return prop == 'location';
   if (obj == "Location")
-    return prop == 'hash' || prop == 'href';
+    return prop == 'href';
 }
 
 // NB: we don't want to succeed with writes, so we only check them when it should be denied.
 function testAll(sameOrigin) {
   var win = document.getElementById('ifr').contentWindow;
   for (var prop in window) {
     // On android, this appears to be on the window but not on the iframe. It's
     // not really relevant to this test, so just skip it.
@@ -67,17 +67,17 @@ function testAll(sameOrigin) {
       continue;
     check(win, prop, sameOrigin || isCrossOriginReadable('Window', prop), /* write = */ false);
     if (!sameOrigin && !isCrossOriginWritable('Window', prop))
       check(win, prop, false, /* write = */ true);
   }
   for (var prop in window.location) {
     check(win.location, prop, sameOrigin || isCrossOriginReadable('Location', prop));
     if (!sameOrigin && !isCrossOriginWritable('Location', prop))
-      check(win, prop, false, /* write = */ true);
+      check(win.location, prop, false, /* write = */ true);
   }
 }
 
 var loadCount = 0;
 function go() {
   ++loadCount;
   if (loadCount == 1) {
     testAll(true);
--- a/js/xpconnect/wrappers/AccessCheck.cpp
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@@ -137,17 +137,17 @@ IsPermitted(const char *name, JSFlatStri
 {
     size_t propLength;
     const jschar *propChars =
         JS_GetInternedStringCharsAndLength(JS_FORGET_STRING_FLATNESS(prop), &propLength);
     if (!propLength)
         return false;
     switch (name[0]) {
         NAME('L', "Location",
-             PROP('h', W("hash") W("href"))
+             PROP('h', W("href"))
              PROP('r', R("replace")))
         NAME('W', "Window",
              PROP('b', R("blur"))
              PROP('c', R("close") R("closed"))
              PROP('f', R("focus") R("frames"))
              PROP('l', RW("location") R("length"))
              PROP('o', R("opener"))
              PROP('p', R("parent") R("postMessage"))