firefox-main/js/xpconnect/tests/unit/test_sandbox_SharedArrayBuffer.js (file symbol)

Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const { XPCShellContentUtils } = ChromeUtils.importESModule(
);
XPCShellContentUtils.init(this);
const server = XPCShellContentUtils.createHttpServer();
const SERVER_ORIGIN = `http://localhost:${server.identity.primaryPort}`;
server.registerPathHandler("/isolated_yes", (req, res) => {
res.setHeader("Cross-Origin-Opener-Policy", "same-origin");
res.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
});
server.registerPathHandler("/isolated_no", (req, res) => {
// No COOP or COEP headers, implies not cross-origin isolated.
});
add_task(function test_system_sandbox() {
let sand = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
equal(
Cu.evalInSandbox("new SharedArrayBuffer(1).byteLength", sand),
1,
"Can use SharedArrayBuffer in system principal"
);
});
add_task(function test_null_principal_sandbox() {
let sand = Cu.Sandbox(null);
equal(
Cu.evalInSandbox("typeof SharedArrayBuffer", sand),
"undefined",
"SharedArrayBuffer unavailable in null principal sandbox"
);
});
add_task(async function test_cross_origin_isolated_window() {
const contentPage = await XPCShellContentUtils.loadContentPage(
`${SERVER_ORIGIN}/isolated_yes`
);
await contentPage.spawn([], () => {
const window = content;
Assert.ok(window.crossOriginIsolated, "Window is crossOriginIsolated");
let sand1 = Cu.Sandbox([window.document.nodePrincipal], {
sandboxPrototype: window,
});
Assert.equal(
Cu.evalInSandbox("new SharedArrayBuffer(1).byteLength", sand1),
1,
"Sandbox with sandboxPrototype set to window can access SharedArrayBuffer"
);
let sand2 = Cu.Sandbox([window.document.nodePrincipal]);
Assert.equal(
Cu.evalInSandbox("typeof SharedArrayBuffer", sand2),
"undefined",
"Sandbox without window cannot access SharedArrayBuffer"
);
let sand3 = Cu.Sandbox(window);
Assert.equal(
Cu.evalInSandbox("typeof SharedArrayBuffer", sand3),
"undefined",
"Sandbox with window as principal arg, without sandboxPrototype, cannot access SharedArrayBuffer"
);
// SharedArrayBuffer not exposed to the sandbox's global, so a lookup is
// triggered on sandboxPrototype. That fails because the null principal
// is not allowed access to sandboxPrototype.
let sand4 = Cu.Sandbox(null, { sandboxPrototype: window });
Assert.throws(
() => Cu.evalInSandbox("typeof SharedArrayBuffer", sand4),
/Permission denied to access property "SharedArrayBuffer" on cross-origin object/,
"Sandbox with window as sandboxPrototype not subsumed by principal cannot access SharedArrayBuffer"
);
// sandboxPrototype is often set to a window, but in theory it can be set
// to an object from said window.
let sand5 = Cu.Sandbox([window.document.nodePrincipal], {
sandboxPrototype: Cu.createObjectIn(window),
});
Assert.equal(
Cu.evalInSandbox("new SharedArrayBuffer(1).byteLength", sand5),
1,
"Sandbox with sandboxPrototype set to window's object can access SharedArrayBuffer"
);
});
await contentPage.close();
});
add_task(async function test_non_cross_origin_isolated_window() {
const contentPage = await XPCShellContentUtils.loadContentPage(
`${SERVER_ORIGIN}/isolated_no`
);
await contentPage.spawn([], () => {
const window = content;
Assert.ok(!window.crossOriginIsolated, "Window is not crossOriginIsolated");
let sand1 = Cu.Sandbox([window.document.nodePrincipal], {
sandboxPrototype: window,
});
Assert.equal(
Cu.evalInSandbox("typeof SharedArrayBuffer", sand1),
"undefined",
"Sandbox with window that is not crossOriginIsolated does not grant SharedArrayBuffer"
);
});
await contentPage.close();
});