mozilla-central/js/xpconnect/tests/chrome/test_documentdomain.xhtml

Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
<!--
-->
<window title="Mozilla Bug 601277"
<!-- test results are displayed in the html:body -->
target="_blank">Mozilla Bug 601277</a>
</body>
<!-- test code goes here -->
<script type="application/javascript">
<![CDATA[
/** Tests for document.domain. **/
SimpleTest.waitForExplicitFinish();
// Wait for the frames to load.
var gFramesLoaded = 0;
function frameLoaded() {
gFramesLoaded++;
if (gFramesLoaded == document.getElementsByTagName('iframe').length)
startTest();
}
function startTest() {
// Grab all the content windows and waive Xray. Xray waivers only apply to
// chrome, so we can pass these references directly to content.
var win1A = document.getElementById('test1A').contentWindow.wrappedJSObject;
var win1B = document.getElementById('test1B').contentWindow.wrappedJSObject;
var win2 = document.getElementById('test2').contentWindow.wrappedJSObject;
var winBase = document.getElementById('base').contentWindow.wrappedJSObject;
// Check the basics.
ok(win1A.tryToAccess(win1B),
"Same-origin windows should grant access");
ok(!win1A.tryToAccess(win2),
"Cross-origin windows should not grant access");
ok(!win1A.tryToAccess(winBase),
"Subdomain windows should not receive access");
// Store references now, while test1A and test1B are same-origin.
win1A.storeReference(win1B);
win1B.storeReference(win1A);
ok(win1A.tryToAccessStored(), "Stored references work when same-origin");
win1A.evalFromB = Cu.unwaiveXrays(win1B.eval); // Crashtest for bug 1040181.
win1B.functionFromA = Cu.unwaiveXrays(win1A.Function); // Crashtest for bug 1040181.
ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "Should allow before document.domain");
ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "Should allow before document.domain");
// Set document.domain on test1A. This should grant no access, since nobody
// else set it.
win1A.setDomain('example.org');
ok(!win1A.tryToAccess(winBase), "base must collaborate too");
ok(!winBase.tryToAccess(win1A), "base must collaborate too");
ok(!win1A.tryToAccess(win1B), "No longer same-origin");
ok(win1A.tryToAccessStored(), "We don't revoke access except through Window and Location");
ok(!win1B.tryToAccess(win1A), "No longer same-origin");
ok(win1B.tryToAccessStored(), "We don't revoke access except through Window and Location");
ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "We don't revoke access except through Window and Location");
ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "We don't revoke access except through Window and Location");
// Set document.domain on test1B. Now we're cooking with gas.
win1B.setDomain('example.org');
ok(!win1B.tryToAccess(winBase), "base must collaborate too");
ok(!winBase.tryToAccess(win1B), "base must collaborate too");
ok(win1A.tryToAccess(win1B), "same-origin");
ok(win1A.tryToAccessStored(), "same-origin");
ok(win1B.tryToAccess(win1A), "same-origin");
ok(win1B.tryToAccessStored(), "same-origin");
// Explicitly collaborate with base.
winBase.setDomain('example.org');
ok(winBase.tryToAccess(win1A), "base collaborates");
ok(win1A.tryToAccess(winBase), "base collaborates");
// All done.
SimpleTest.finish();
}
]]>
</script>
<iframe id="test1A" onload="frameLoaded();" type="content"
<iframe id="test1B" onload="frameLoaded();" type="content"
<iframe id="test2" onload="frameLoaded();" type="content"
<iframe id="base" onload="frameLoaded();" type="content"
</window>