Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-01-16 15:17:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Backed out changesets 3c9d48f28a5e and fd9d5186e741 (bug 944407) for mochitest-other orange.

Browse Source 
CLOSED TREE
This commit is contained in:
Ryan VanderMeulen 2013-12-10 15:35:31 -05:00
parent 9166bcd03a
commit 1cea1392d7
11 changed files with 26 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
content/xbl/src/nsXBLBinding.cpp
View File

@ -1082,7 +1082,28 @@ nsXBLBinding::DoInitJSClass(JSContext *cx, JS::Handle<JSObject*> global,
bool
nsXBLBinding::AllowScripts()
{
return mPrototypeBinding->GetAllowScripts();
if (!mPrototypeBinding->GetAllowScripts())
return false;
// Nasty hack. Use the JSContext of the bound node, since the
// security manager API expects to get the docshell type from
// that. But use the nsIPrincipal of our document.
nsIScriptSecurityManager* mgr = nsContentUtils::GetSecurityManager();
if (!mgr) {
return false;
}
nsIDocument* doc = mBoundElement ? mBoundElement->OwnerDoc() : nullptr;
if (!doc) {
return false;
}
nsCOMPtr<nsIScriptGlobalObject> global = do_QueryInterface(doc->GetInnerWindow());
if (!global || !global->GetGlobalJSObject()) {
return false;
}
return mgr->ScriptAllowed(global->GetGlobalJSObject());
}
nsXBLBinding*

2
content/xbl/src/nsXBLBinding.h
View File

@ -141,7 +141,7 @@ public:
JS::MutableHandle<JSObject*> aClassObject,
bool* aNew);
bool AllowScripts();
bool AllowScripts(); // XXX make const
mozilla::dom::XBLChildrenElement* FindInsertionPointFor(nsIContent* aChild);

18
content/xbl/src/nsXBLDocumentInfo.cpp
View File

@ -403,24 +403,6 @@ nsXBLDocumentInfo::nsXBLDocumentInfo(nsIDocument* aDocument)
mScriptAccess = allow;
}
mIsChrome = true;
} else {
// If this binding isn't running with system principal, then it's running
// from a remote-XUL whitelisted domain. This is already a not-really-
// supported configuration (among other things, we don't use XBL scopes in
// that configuration for compatibility reasons). But we should still at
// least make an effort to prevent binding code from running if content
// script is disabled or if the source domain is blacklisted (since the
// source domain for remote XBL must always be the same as the source domain
// of the bound content).
//
// If we just ask the binding document if script is enabled, it will
// discover that it has no inner window, and return false. So instead, we
// short-circuit the normal compartment-managed script-disabling machinery,
// and query the policy for the URI directly.
bool allow;
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
nsresult rv = ssm->PolicyAllowsScript(uri, &allow);
mScriptAccess = NS_SUCCEEDED(rv) && allow;
}
}

2
content/xbl/src/nsXBLDocumentInfo.h
View File

@ -27,7 +27,7 @@ public:
already_AddRefed<nsIDocument> GetDocument()
{ nsCOMPtr<nsIDocument> copy = mDocument; return copy.forget(); }
bool GetScriptAccess() const { return mScriptAccess; }
bool GetScriptAccess() { return mScriptAccess; }
nsIURI* DocumentURI() { return mDocument->GetDocumentURI(); }

2
content/xbl/src/nsXBLPrototypeBinding.cpp
View File

@ -214,7 +214,7 @@ nsXBLPrototypeBinding::SetBindingElement(nsIContent* aElement)
}
bool
nsXBLPrototypeBinding::GetAllowScripts() const
nsXBLPrototypeBinding::GetAllowScripts()
{
return mXBLDocInfoWeak->GetScriptAccess();
}

2
content/xbl/src/nsXBLPrototypeBinding.h
View File

@ -48,7 +48,7 @@ public:
// binding URIs.
bool CompareBindingURI(nsIURI* aURI) const;
bool GetAllowScripts() const;
bool GetAllowScripts();
nsresult BindingAttached(nsIContent* aBoundElement);
nsresult BindingDetached(nsIContent* aBoundElement);

3
content/xbl/test/chrome.ini
View File

@ -1,6 +1,4 @@
[DEFAULT]
support-files =
file_bug944407.xml
[test_bug378518.xul]
[test_bug398135.xul]
@ -8,4 +6,3 @@ support-files =
[test_bug721452.xul]
[test_bug723676.xul]
[test_bug772966.xul]
[test_bug944407.xul]

7
content/xbl/test/file_bug944407.html
View File

@ -1,7 +0,0 @@
<!DOCTYPE html>
<html>
<body>
<div id="deny" style="-moz-binding: url(file_bug944407.xml#testAllowScript)"></div>
<div id="allow" style="-moz-binding: url(chrome://mochitests/content/chrome/content/xbl/test/file_bug944407.xml#testAllowScript)"</div>
</body>
</html>

60
content/xbl/test/file_bug944407.xml
View File

@ -1,60 +0,0 @@
<?xml version="1.0"?>
<bindings id="testBindings" xmlns="http://www.mozilla.org/xbl"
xmlns:html="http://www.w3.org/1999/xhtml">
<binding id="testAllowScript">
<implementation>
<property name="someProp" onget="return 2;" readonly="true"></property>
<method name="someMethod"><body> return 3; </body></method>
<constructor>
<![CDATA[
win = XPCNativeWrapper.unwrap(window);
SpecialPowers = win.SpecialPowers;
ok = win.ok = SpecialPowers.wrap(window.parent).ok;
todo = win.todo = SpecialPowers.wrap(window.parent).todo;
is = win.is = SpecialPowers.wrap(window.parent).is;
// Make sure we only get constructed when we're loaded from a domain
// with script enabled.
is(this.id, 'allow', "XBL should only be bound when the origin of the binding allows scripts");
var t = this;
doFinish = function() {
// Take a moment to make sure that other constructors don't run when they shouldn't.
if (t.id == 'allow')
setTimeout(SpecialPowers.wrap(window.parent).finish, 100);
}
onTestEvent = function(target) {
ok(true, 'called event handler');
// First, dispatch an event to the anonymous content. The event
// handlers on the AC should run, but they won't until bug 948000
// is fixed. So the check here is a todo().
var e = new MouseEvent('click');
document.getAnonymousNodes(target)[1].dispatchEvent(e);
// Now, dispatch a key event to test key handlers and move the test along.
var k = document.createEvent('KeyboardEvent');
k.initEvent('keyup', true, true);
target.dispatchEvent(k);
}
// Check the implementation.
is(this.someProp, 2, "Properties work");
is(this.someMethod(), 3, "Methods work");
// Kick over to the event handlers. This tests XBL event handlers,
// XBL key handlers, and event handlers on anonymous content.
this.dispatchEvent(new CustomEvent('testEvent'));
]]>
</constructor>
</implementation>
<handlers>
<handler event="testEvent" action="onTestEvent(this)" allowuntrusted="true"/>
<handler event="keyup" action="ok(true, 'called key handler'); doFinish();" allowuntrusted="true"/>
</handlers>
<content>Anonymous Content<html:div onclick="todo(true, 'called event handler on ac, this needs bug 948000');"></html:div><html:b style="display:none"><children/></html:b></content>
</binding>
</bindings>

2
content/xbl/test/mochitest.ini
View File

@ -12,8 +12,6 @@ support-files =
file_bug591198_xbl.xml
file_bug821850.xhtml
file_bug844783.xhtml
file_bug944407.html
file_bug944407.xml
[test_bug310107.html]
[test_bug366770.html]

41
content/xbl/test/test_bug944407.xul
View File

@ -1,41 +0,0 @@
<?xml version="1.0"?>
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=944407
-->
<window title="Mozilla Bug 944407"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
<!-- test results are displayed in the html:body -->
<body xmlns="http://www.w3.org/1999/xhtml">
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=944407"
target="_blank">Mozilla Bug 944407</a>
</body>
<!-- test code goes here -->
<script type="application/javascript">
<![CDATA[
/** Test for XBL bindings with script disabled. **/
SimpleTest.waitForExplicitFinish();
function go() {
// Disable javascript, and load the frame.
function loadFrame() {
$('ifr').setAttribute('src', 'http://mochi.test:8888/tests/content/xbl/test/file_bug944407.html');
}
SpecialPowers.pushPrefEnv({ set: [['javascript.enabled', false]] }, loadFrame);
}
function finish() {
SimpleTest.finish();
}
addLoadEvent(go);
]]>
</script>
<iframe id='ifr' />
</window>