js/xpconnect/tests/chrome/test_evalInSandbox.xhtml

   1 <?xml version="1.0"?>
   2 <?xml-stylesheet href="chrome://global/skin" type="text/css"?>
   3 <?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css"
   4                  type="text/css"?>
   5 <!--
   6 https://bugzilla.mozilla.org/show_bug.cgi?id=533596
   7 -->
   8 <window title="Mozilla Bug 533596"
   9   xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
  10   <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
  11
  12   <!-- test results are displayed in the html:body -->
  13   <body xmlns="http://www.w3.org/1999/xhtml">
  14
  15   <iframe src="http://example.org/tests/js/xpconnect/tests/mochitest/file_evalInSandbox.html"
  16           onload="checkCrossOrigin(this)">
  17   </iframe>
  18   <iframe src="chrome://mochitests/content/chrome/js/xpconnect/tests/chrome/file_evalInSandbox.html"
  19           onload="checkSameOrigin(this)">
  20   </iframe>
  21   </body>
  22
  23   <!-- test code goes here -->
  24   <script type="application/javascript"><![CDATA[
  25       const utils = window.windowUtils;
  26
  27       function checkCrossOriginSandbox(sandbox)
  28       {
  29           is(utils.getClassName(sandbox),
  30              "Proxy",
  31              "sandbox was wrapped correctly");
  32
  33           is(utils.getClassName(Cu.evalInSandbox("this.document", sandbox)),
  34              "Proxy",
  35              "return value was rewrapped correctly");
  36       }
  37
  38       function checkCrossOriginXrayedSandbox(sandbox)
  39       {
  40         ok(Cu.evalInSandbox("!('windowfoo' in window);", sandbox),
  41            "the window itself Xray is an XrayWrapper");
  42         ok(Cu.evalInSandbox("('wrappedJSObject' in this.document);", sandbox),
  43            "wrappers inside eIS are Xrays");
  44         ok(Cu.evalInSandbox("!('foo' in this.document);", sandbox),
  45            "must not see expandos");
  46         ok('wrappedJSObject' in Cu.evalInSandbox("this.document", sandbox),
  47            "wrappers returned from the sandbox are Xrays");
  48         ok(!("foo" in Cu.evalInSandbox("this.document", sandbox)),
  49            "must not see expandos in wrappers returned from the sandbox");
  50
  51         ok('wrappedJSObject' in sandbox.document,
  52            "values obtained from the sandbox are Xrays");
  53         ok(!("foo" in sandbox.document),
  54            "must not see expandos in wrappers obtained from the sandbox");
  55
  56       }
  57
  58       function checkCrossOrigin(ifr) {
  59         var win = ifr.contentWindow;
  60         var sandbox =
  61           new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: true } );
  62
  63         checkCrossOriginSandbox(sandbox);
  64         checkCrossOriginXrayedSandbox(sandbox);
  65
  66         sandbox =
  67           new Cu.Sandbox(win, { sandboxPrototype: win } );
  68
  69         checkCrossOriginSandbox(sandbox);
  70         checkCrossOriginXrayedSandbox(sandbox);
  71
  72         sandbox =
  73           new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: false } );
  74
  75         checkCrossOriginSandbox(sandbox);
  76
  77         ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
  78            "can see expandos");
  79         ok(!("foo" in Cu.evalInSandbox("this.document", sandbox)),
  80            "must not see expandos in wrappers returned from the sandbox");
  81         ok(("foo" in Cu.waiveXrays(Cu.evalInSandbox("this.document", sandbox))),
  82            "must see expandos in waived wrappers returned from the sandbox");
  83
  84         ok(!("foo" in sandbox.document),
  85            "must not see expandos in wrappers obtained from the sandbox");
  86         ok("foo" in Cu.waiveXrays(sandbox.document),
  87            "must see expandos in wrappers obtained from the sandbox");
  88
  89         testDone();
  90       }
  91
  92       function checkSameOrigin(ifr) {
  93         var win = ifr.contentWindow;
  94         var sandbox =
  95           new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: true } );
  96
  97         ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
  98            "must see expandos for a chrome sandbox");
  99
 100         sandbox =
 101           new Cu.Sandbox(win, { sandboxPrototype: win } );
 102
 103         ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
 104            "must see expandos for a chrome sandbox");
 105
 106         sandbox =
 107           new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: false } );
 108
 109         ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
 110            "can see expandos for a chrome sandbox");
 111
 112         testDone();
 113       }
 114
 115       var testsRun = 0;
 116       function testDone() {
 117         if (++testsRun == 2)
 118           SimpleTest.finish();
 119       }
 120
 121       SimpleTest.waitForExplicitFinish();
 122
 123       try {
 124         var sandbox1 = new Cu.Sandbox(this, { sandboxPrototype: undefined } );
 125         ok(false, "undefined is not a valid prototype");
 126       }
 127       catch (e) {
 128         ok(true, "undefined is not a valid prototype");
 129       }
 130
 131       try {
 132         var sandbox2 = new Cu.Sandbox(this, { wantXrays: undefined } );
 133         ok(false, "undefined is not a valid value for wantXrays");
 134       }
 135       catch (e) {
 136         ok(true, "undefined is not a valid value for wantXrays");
 137       }
 138
 139       // Crash test for bug 601829.
 140       try {
 141         Cu.evalInSandbox('', null);
 142       } catch (e) {
 143         ok(true, "didn't crash on a null sandbox object");
 144       }
 145
 146       try {
 147         var sandbox3 = new Cu.Sandbox(this, { sameZoneAs: this } );
 148         ok(true, "sameZoneAs works");
 149       }
 150       catch (e) {
 151         ok(false, "sameZoneAs works");
 152       }
 153
 154       // The 'let' keyword only appears with JS 1.7 and above. We use this fact
 155       // to make sure that sandboxes get explict JS versions and don't inherit
 156       // them from the most recent scripted frame.
 157       function checkExplicitVersions() {
 158         // eslint-disable-next-line no-undef
 159         var sb = new Cu.Sandbox(sop);
 160         Cu.evalInSandbox('let someVariable = 42', sb, '1.7');
 161         ok(true, "Didn't throw with let");
 162         try {
 163           Cu.evalInSandbox('let someVariable = 42', sb);
 164           ok(false, "Should have thrown with let");
 165         } catch (e) {
 166           ok(true, "Threw with let: " + e);
 167         }
 168         try {
 169           Cu.evalInSandbox('let someVariable = 42', sb, '1.5');
 170           ok(false, "Should have thrown with let");
 171         } catch (e) {
 172           ok(true, "Threw with let: " + e);
 173         }
 174       }
 175       var outerSB = new Cu.Sandbox(this);
 176       Cu.evalInSandbox(checkExplicitVersions.toSource(), outerSB, '1.7');
 177       outerSB.ok = ok;
 178       outerSB.sop = this;
 179       Cu.evalInSandbox('checkExplicitVersions();', outerSB);
 180
 181       const {addDebuggerToGlobal} = ChromeUtils.importESModule("resource://gre/modules/jsdebugger.sys.mjs");
 182       addDebuggerToGlobal(globalThis);
 183
 184       try {
 185         let dbg = new Debugger();
 186         let sandbox = new Cu.Sandbox(this, {
 187           invisibleToDebugger: false,
 188           freshCompartment: true,
 189         });
 190         dbg.addDebuggee(sandbox);
 191         ok(true, "debugger added visible value");
 192       } catch(e) {
 193         ok(false, "debugger could not add visible value");
 194       }
 195
 196       try {
 197         let dbg = new Debugger();
 198         let sandbox = new Cu.Sandbox(this, { invisibleToDebugger: true });
 199         dbg.addDebuggee(sandbox);
 200         ok(false, "debugger added invisible value");
 201       } catch(e) {
 202         ok(true, "debugger did not add invisible value");
 203       }
 204   ]]></script>
 205 </window>