mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-03 10:33:33 +00:00
Fix bug 636097 (r=gal, a=blocker).
This commit is contained in:
parent
9c4e860a93
commit
5178abf4ed
@ -87,6 +87,7 @@ _TEST_FILES = bug500931_helper.html \
|
||||
test1_bug629331.html \
|
||||
test2_bug629331.html \
|
||||
test_bug618017.html \
|
||||
test_bug636097.html \
|
||||
$(NULL)
|
||||
|
||||
#test_bug484107.html \
|
||||
|
63
js/src/xpconnect/tests/mochitest/test_bug636097.html
Normal file
63
js/src/xpconnect/tests/mochitest/test_bug636097.html
Normal file
@ -0,0 +1,63 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=504877
|
||||
test by moz_bug_r_a4@yahoo.com
|
||||
-->
|
||||
<head>
|
||||
<title>Test for Bug 504877</title>
|
||||
<script type="application/javascript" src="/MochiKit/packed.js"></script>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=504877">Mozilla Bug 504877</a>
|
||||
<p id="display"></p>
|
||||
<div id="content" style="display: none">
|
||||
|
||||
</div>
|
||||
<pre id="test">
|
||||
<script type="application/javascript">
|
||||
|
||||
/** Test for Bug 504877 **/
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
var targetUrl = "http://example.com/";
|
||||
var l;
|
||||
|
||||
function a() {
|
||||
var r = "FAIL", s;
|
||||
try {
|
||||
s = l.toString();
|
||||
}
|
||||
catch (e) {
|
||||
if (/Permission denied/.test(e))
|
||||
r = "PASS";
|
||||
s = e;
|
||||
}
|
||||
|
||||
is(r, "PASS", "should have thrown an exception");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
var p = 0;
|
||||
function b() {
|
||||
switch (++p) {
|
||||
case 1:
|
||||
frames[0].location = "about:blank";
|
||||
break;
|
||||
case 2:
|
||||
l = frames[0].location;
|
||||
frames[0].location = targetUrl;
|
||||
break;
|
||||
case 3:
|
||||
a();
|
||||
break;
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
</pre>
|
||||
<iframe onload="b()"></iframe>
|
||||
</body>
|
||||
</html>
|
@ -93,7 +93,9 @@ AccessCheck::isLocationObjectSameOrigin(JSContext *cx, JSObject *wrapper)
|
||||
JS_ASSERT(obj->getClass()->ext.innerObject);
|
||||
}
|
||||
OBJ_TO_INNER_OBJECT(cx, obj);
|
||||
return obj && isSameOrigin(wrapper->compartment(), obj->compartment());
|
||||
return obj &&
|
||||
(isSameOrigin(wrapper->compartment(), obj->compartment()) ||
|
||||
documentDomainMakesSameOrigin(cx, obj));
|
||||
}
|
||||
|
||||
bool
|
||||
|
@ -121,8 +121,7 @@ struct SameOriginOrCrossOriginAccessiblePropertiesOnly : public Policy {
|
||||
static bool check(JSContext *cx, JSObject *wrapper, jsid id, JSWrapper::Action act,
|
||||
Permission &perm) {
|
||||
if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
|
||||
AccessCheck::isLocationObjectSameOrigin(cx, wrapper) ||
|
||||
AccessCheck::documentDomainMakesSameOrigin(cx, wrapper->unwrap())) {
|
||||
AccessCheck::isLocationObjectSameOrigin(cx, wrapper)) {
|
||||
perm = PermitPropertyAccess;
|
||||
return true;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user