js/xpconnect/tests/chrome/test_documentdomain.xhtml

   1 <?xml version="1.0"?>
   2 <?xml-stylesheet type="text/css" href="chrome://global/skin"?>
   3 <?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
   4 <!--
   5 https://bugzilla.mozilla.org/show_bug.cgi?id=601277
   6 -->
   7 <window title="Mozilla Bug 601277"
   8         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
   9   <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
  10
  11   <!-- test results are displayed in the html:body -->
  12   <body xmlns="http://www.w3.org/1999/xhtml">
  13   <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=601277"
  14      target="_blank">Mozilla Bug 601277</a>
  15   </body>
  16
  17   <!-- test code goes here -->
  18   <script type="application/javascript">
  19   <![CDATA[
  20   /** Tests for document.domain. **/
  21
  22   SimpleTest.waitForExplicitFinish();
  23
  24   // Wait for the frames to load.
  25   var gFramesLoaded = 0;
  26   function frameLoaded() {
  27     gFramesLoaded++;
  28     if (gFramesLoaded == document.getElementsByTagName('iframe').length)
  29       startTest();
  30   }
  31
  32   function startTest() {
  33
  34     // Grab all the content windows and waive Xray. Xray waivers only apply to
  35     // chrome, so we can pass these references directly to content.
  36     var win1A = document.getElementById('test1A').contentWindow.wrappedJSObject;
  37     var win1B = document.getElementById('test1B').contentWindow.wrappedJSObject;
  38     var win2 = document.getElementById('test2').contentWindow.wrappedJSObject;
  39     var winBase = document.getElementById('base').contentWindow.wrappedJSObject;
  40
  41     // Check the basics.
  42     ok(win1A.tryToAccess(win1B),
  43        "Same-origin windows should grant access");
  44     ok(!win1A.tryToAccess(win2),
  45        "Cross-origin windows should not grant access");
  46     ok(!win1A.tryToAccess(winBase),
  47        "Subdomain windows should not receive access");
  48
  49     // Store references now, while test1A and test1B are same-origin.
  50     win1A.storeReference(win1B);
  51     win1B.storeReference(win1A);
  52     ok(win1A.tryToAccessStored(), "Stored references work when same-origin");
  53     win1A.evalFromB = Cu.unwaiveXrays(win1B.eval); // Crashtest for bug 1040181.
  54     win1B.functionFromA = Cu.unwaiveXrays(win1A.Function); // Crashtest for bug 1040181.
  55     ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "Should allow before document.domain");
  56     ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "Should allow before document.domain");
  57
  58     // Set document.domain on test1A. This should grant no access, since nobody
  59     // else set it.
  60     win1A.setDomain('example.org');
  61     ok(!win1A.tryToAccess(winBase), "base must collaborate too");
  62     ok(!winBase.tryToAccess(win1A), "base must collaborate too");
  63     ok(!win1A.tryToAccess(win1B), "No longer same-origin");
  64     ok(win1A.tryToAccessStored(), "We don't revoke access except through Window and Location");
  65     ok(!win1B.tryToAccess(win1A), "No longer same-origin");
  66     ok(win1B.tryToAccessStored(), "We don't revoke access except through Window and Location");
  67     ok(!win1A.invokingFunctionThrowsSecurityException('evalFromB'), "We don't revoke access except through Window and Location");
  68     ok(!win1B.invokingFunctionThrowsSecurityException('functionFromA'), "We don't revoke access except through Window and Location");
  69
  70     // Set document.domain on test1B. Now we're cooking with gas.
  71     win1B.setDomain('example.org');
  72     ok(!win1B.tryToAccess(winBase), "base must collaborate too");
  73     ok(!winBase.tryToAccess(win1B), "base must collaborate too");
  74     ok(win1A.tryToAccess(win1B), "same-origin");
  75     ok(win1A.tryToAccessStored(), "same-origin");
  76     ok(win1B.tryToAccess(win1A), "same-origin");
  77     ok(win1B.tryToAccessStored(), "same-origin");
  78
  79     // Explicitly collaborate with base.
  80     winBase.setDomain('example.org');
  81     ok(winBase.tryToAccess(win1A), "base collaborates");
  82     ok(win1A.tryToAccess(winBase), "base collaborates");
  83
  84     // All done.
  85     SimpleTest.finish();
  86   }
  87
  88
  89   ]]>
  90   </script>
  91
  92   <iframe id="test1A" onload="frameLoaded();" type="content"
  93           src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
  94   <iframe id="test1B" onload="frameLoaded();" type="content"
  95           src="http://test1.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
  96   <iframe id="test2" onload="frameLoaded();" type="content"
  97           src="http://test2.example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
  98   <iframe id="base" onload="frameLoaded();" type="content"
  99           src="http://example.org/tests/js/xpconnect/tests/mochitest/file_documentdomain.html" />
 100 </window>