Bug 799952 - Test for x-domain access to location objects. r=bz
☠☠ backed out by 305471f75b59 ☠ ☠
authorMatt Wobensmith <mwobensmith@mozilla.com>
Wed, 24 Oct 2012 22:03:20 -0400
changeset 111449 d8cf15921d0384b32debe19e1eb30f4c7c1e5a41
parent 111448 8a58f6111c990886d3739eb071c405598caf4156
child 111450 678e0066c0e1b4a4f587fa2a409b7fc68f59d883
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersbz
bugs799952
milestone19.0a1
Bug 799952 - Test for x-domain access to location objects. r=bz
dom/tests/mochitest/bugs/Makefile.in
dom/tests/mochitest/bugs/child_bug799952.html
dom/tests/mochitest/bugs/test_bug799952.html
--- a/dom/tests/mochitest/bugs/Makefile.in
+++ b/dom/tests/mochitest/bugs/Makefile.in
@@ -125,16 +125,18 @@ MOCHITEST_FILES	= \
 		test_bug740811.html \
 		test_bug743615.html \
 		utils_bug743615.js \
 		worker_bug743615.js \
 		test_bug750051.html \
 		test_bug755320.html \
 		test_bug777628.html \
 		test_bug665548.html \
+		test_bug799952.html \
+		child_bug799952.html \
 		$(NULL)
 
 ifneq (Linux,$(OS_ARCH))
 MOCHITEST_FILES += \
 		test_resize_move_windows.html \
 		$(NULL)
 else
 $(warning test_resize_move_windows.html is disabled on Linux for timeouts. Bug 677841)
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/bugs/child_bug799952.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+#799952
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/bugs/test_bug799952.html
@@ -0,0 +1,134 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=799952
+-->
+<head>
+  <title>Test for Bug 799952</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=799952">Mozilla Bug 799952</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+  
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+/** Test for Bug 799952 **/
+SimpleTest.waitForExplicitFinish();
+
+function start()
+{
+
+// the following are error cases. If they do not throw, they are failures.
+
+  var result;
+  try {
+  	foo = String (/(.*)/.exec($("win").contentWindow.location)[1]);
+  	result = "no error";
+  } catch (e) {
+  	result = e.toString();
+  }
+  is(result, "Error: Permission denied to access property \'toString\'", 
+     "Access to xdomain location via regexp must throw exception")
+
+
+  try {
+  	foo = document.getElementById("win").contentWindow.location + "";
+  	result = "no error";
+  } catch (e) {
+  	result = e.toString();
+  }
+  is(result, "Error: Permission denied to access property \'valueOf\'",
+     "Access to xdomain location via contentWindow.location must throw exception")
+
+
+  try {
+  	foo = document.getElementById("divA").textContent = 
+	document.getElementById("win").contentWindow.location;
+	result = "no error";
+  } catch (e) {
+	result = e.toString();
+  }
+  is(result, "Error: Permission denied to access property \'toString\'", 
+     "Access to xdomain iframe contentWindow.location object via textContent should throw exception")
+
+
+  try {
+	foo = Object.prototype.toString.call(document.getElementById("win").contentWindow.location);
+	result = "no error";
+  } catch (e) {
+	result = e.toString()
+  }
+
+  is(result, "Error: Permission denied to access object", 
+     "Access to xdomain iframe contentWindow.location object via textContent should throw exception")
+
+  // The following are normal cases to verify that we have not prevented same-domain use cases, which should be allowed.
+
+
+  try {
+	foo = String (/(.*)/.exec(document.getElementById("sameDomainContent").contentWindow.location)[1]);
+	result = foo.substr(foo.lastIndexOf("/"));
+  } catch (e) {
+	result = e.toString()
+  }
+
+  is(result, "/child_bug799952.html", 
+     "Same-domain access to location object via regexp should be allowed")
+
+
+  try {
+	foo = document.getElementById("sameDomainContent").contentWindow.location + "";
+	result = foo.substr(foo.lastIndexOf("/"));
+  } catch (e) {
+	result = e.toString()
+  }
+  is(result, "/child_bug799952.html", 
+     "Same-domain access to contentWindow.location object should be allowed")
+
+
+
+
+  try {
+	document.getElementById("divA").textContent = 
+	document.getElementById("sameDomainContent").contentWindow.location;
+	foo = document.getElementById("divA").textContent;
+	result = foo.substr(foo.lastIndexOf("/"));
+  } catch (e) {
+	result = e.toString()
+  }
+  is(result, "/child_bug799952.html", 
+     "Same-domain access to contentWindow.location object via textContent should be allowed")
+
+
+
+  try {
+	foo = Object.prototype.toString.call(document.getElementById("sameDomainContent").contentWindow.location);
+	result = foo.toString();
+  } catch (e) {
+	result = e.toString()
+  }
+  is(result, "[object Location]", 
+     "Same-domain access to contentWindow.location object via Object.prototype.toString.call should be allowed")
+
+  SimpleTest.finish();
+}
+addLoadEvent(start);
+
+</script>
+</pre>
+
+
+<div id="divA">Please wait two seconds...</div>
+<iframe id="win" src="https://example.com:443/tests/dom/tests/mochitest/bugs/child_bug799952.html"></iframe> 
+<iframe id="sameDomainContent" src="child_bug799952.html"></iframe>
+<div id="results"></div>
+
+
+</body>
+</html>