Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Errors

<!DOCTYPE HTML>
<html>
<!--
-->
<head>
<title>Test for Bug 292789</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=292789">Mozilla Bug 292789</a>
<p id="display"></p>
<div id="content" style="display: none">
<script src="chrome://global/content/treeUtils.js"></script>
<script type="application/javascript" src="chrome://mozapps/content/update/history.js"></script>
<script id="resjs" type="application/javascript"></script>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Bug 292789
*
* Selectively allow access to allowlisted chrome packages
* even for ALLOW_CHROME mechanisms (<script>, <img> etc)
*/
/* import-globals-from ../../../toolkit/content/treeUtils.js */
/* import-globals-from ../../../toolkit/mozapps/update/content/history.js */
SimpleTest.waitForExplicitFinish();
let ChromeUtils = {
import() { return {}; },
};
/** <script src=""> test */
function testScriptSrc(aCallback) {
is(typeof gTreeUtils.sort, "function",
"content can still load <script> from chrome://global");
/** Try to find an export from history.js. We will find it if it is
* improperly not blocked, otherwise it will be "undefined".
*/
is(typeof gUpdateHistory, "undefined",
"content should not be able to load <script> from chrome://mozapps");
/** make sure the last one didn't pass because someone
* moved history.js
*/
var resjs = document.getElementById("resjs");
resjs.onload = scriptOnload;
document.getElementById("content").appendChild(resjs);
function scriptOnload() {
is(typeof gUpdateHistory.onLoad, "function",
"history.js has not moved unexpectedly");
// trigger the callback
if (aCallback)
aCallback();
}
}
/** <img src=""> tests */
var imgTests = [[img_global, "success"],
[img_mozapps, "fail"],
[res_mozapps, "success"]];
var curImgTest = 0;
function runImgTest() {
var test = imgTests[curImgTest++];
var callback = curImgTest == imgTests.length ? finishTest : runImgTest;
loadImage(test[0], test[1], callback);
}
function finishTest() {
SimpleTest.finish();
}
function fail(event) {
is("fail", event.target.expected,
"content should not be allowed to load " + event.target.src);
if (event.target.callback)
event.target.callback();
}
function success(event) {
is("success", event.target.expected,
"content should be able to load " + event.target.src);
if (event.target.callback)
event.target.callback();
}
function loadImage(uri, expect, callback) {
var img = document.createElement("img");
img.onerror = fail;
img.onload = success;
img.expected = expect;
img.callback = callback;
img.src = uri;
// document.getElementById("content").appendChild(img);
}
// Start off the script src test, and have it start the img tests when complete.
// Temporarily allow content to access all resource:// URIs.
SpecialPowers.pushPrefEnv({
set: [
["security.all_resource_uri_content_accessible", true],
],
}, () => testScriptSrc(runImgTest));
</script>
</pre>
</body>
</html>