Bug 801576 - Add tests for the same-origin policy. r=mrbkap
authorBobby Holley <bobbyholley@gmail.com>
Wed, 24 Oct 2012 12:04:19 +0200
changeset 111367 6973d363e3e111d43db46e69eac4803bb1c17cbe
parent 111366 95806d8419f95a8234a4c7875e671a67b0b613cd
child 111368 2e780fd05fbf4da309fef5795205ca446fbf1c02
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersmrbkap
bugs801576
milestone19.0a1
Bug 801576 - Add tests for the same-origin policy. r=mrbkap
js/xpconnect/tests/mochitest/Makefile.in
js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
--- a/js/xpconnect/tests/mochitest/Makefile.in
+++ b/js/xpconnect/tests/mochitest/Makefile.in
@@ -15,16 +15,17 @@ MOCHITEST_FILES =	chrome_wrappers_helper
 		file_documentdomain.html \
 		file_doublewrappedcompartments.html \
 		file_empty.html \
 		file_evalInSandbox.html \
 		file_exnstack.html \
 		file_expandosharing.html \
 		file_mozMatchesSelector.html \
 		file_nodelists.html \
+		test_sameOriginPolicy.html \
 		file_wrappers-2.html \
 		inner.html \
 		test_frameWrapping.html \
 		test_lookupMethod.html \
 		test_bug92773.html \
 		bug92773_helper.html \
 		test_bug384632.html \
 		test_bug390488.html \
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
@@ -0,0 +1,93 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=801576
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 801576</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=801576">Mozilla Bug 801576</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+</div>
+<iframe id="ifr" onload="go();" src="file_empty.html"></iframe>
+<pre id="test">
+<script type="application/javascript">
+
+/** Test for the same-origin policy. **/
+SimpleTest.waitForExplicitFinish();
+
+function check(obj, prop, allowed, write) {
+  var accessed = false;
+  try {
+    if (write) {
+      try {
+        obj[prop] = 2;
+        accessed = true;
+      } catch (e) {}
+      Object.defineProperty(obj, 'prop', {getter: function() {}, setter: null});
+    }
+    else
+      obj[prop];
+    accessed = true;
+  } catch (e) {}
+  is(accessed, allowed, prop + " is correctly (in)accessible for " + (write ? 'write' : 'read'));
+}
+
+var crossOriginReadableWindowProps = ['blur', 'close', 'closed', 'focus',
+                                      'frames', 'location', 'length',
+                                      'opener', 'parent', 'postMessage',
+                                      'self', 'top', 'window'];
+
+function isCrossOriginReadable(obj, prop) {
+  if (obj == "Window")
+    return crossOriginReadableWindowProps.indexOf(prop) != -1;
+  if (obj == "Location")
+    return prop == 'replace';
+  return false;
+}
+
+function isCrossOriginWritable(obj, prop) {
+  if (obj == "Window")
+    return prop == 'location';
+  if (obj == "Location")
+    return prop == 'hash' || prop == 'href';
+}
+
+// NB: we don't want to succeed with writes, so we only check them when it should be denied.
+function testAll(sameOrigin) {
+  var win = document.getElementById('ifr').contentWindow;
+  for (var prop in window) {
+    check(win, prop, sameOrigin || isCrossOriginReadable('Window', prop), /* write = */ false);
+    if (!sameOrigin && !isCrossOriginWritable('Window', prop))
+      check(win, prop, false, /* write = */ true);
+  }
+  for (var prop in window.location) {
+    check(win.location, prop, sameOrigin || isCrossOriginReadable('Location', prop));
+    if (!sameOrigin && !isCrossOriginWritable('Location', prop))
+      check(win, prop, false, /* write = */ true);
+  }
+}
+
+var loadCount = 0;
+function go() {
+  ++loadCount;
+  if (loadCount == 1) {
+    testAll(true);
+    document.getElementById('ifr').contentWindow.location = 'http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html';
+  }
+  else {
+    is(loadCount, 2);
+    testAll(false);
+    SimpleTest.finish();
+  }
+}
+
+</script>
+</pre>
+</body>
+</html>