mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-16 23:05:42 +00:00
Bug 1404910 - WebSocket should consider the corrent top-level window principal, r=smaug
This commit is contained in:
parent
fb5c48f638
commit
6e03c7e15b
@ -1666,18 +1666,17 @@ WebSocketImpl::Init(JSContext* aCx,
|
||||
nsCOMPtr<nsPIDOMWindowInner> innerWindow;
|
||||
|
||||
while (true) {
|
||||
if (principal) {
|
||||
bool isNullPrincipal = true;
|
||||
isNullPrincipal = principal->GetIsNullPrincipal();
|
||||
if (isNullPrincipal || nsContentUtils::IsSystemPrincipal(principal)) {
|
||||
break;
|
||||
}
|
||||
if (principal && !principal->GetIsNullPrincipal()) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (!innerWindow) {
|
||||
innerWindow = do_QueryInterface(globalObject);
|
||||
if (NS_WARN_IF(!innerWindow)) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
if (!innerWindow) {
|
||||
// If we are in a XPConnect sandbox or in a JS component,
|
||||
// innerWindow will be null. There is nothing on top of this to be
|
||||
// considered.
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
62
dom/base/test/iframe_webSocket_sandbox.html
Normal file
62
dom/base/test/iframe_webSocket_sandbox.html
Normal file
@ -0,0 +1,62 @@
|
||||
<html><body>
|
||||
<iframe id="frame" sandbox="allow-scripts allow-popups"></iframe>
|
||||
<script type="application/javascript;version=1.8">
|
||||
onmessage = function(e) {
|
||||
parent.postMessage(e.data, '*');
|
||||
}
|
||||
|
||||
var ifr = document.getElementById('frame');
|
||||
|
||||
if (location.search == '?nested') {
|
||||
var url = new URL(location);
|
||||
url.search = "";
|
||||
ifr.src = url.href;
|
||||
} else if (location.search == '?popup') {
|
||||
var url = new URL(location);
|
||||
url.search = "?opener";
|
||||
|
||||
ifr.srcdoc = "<html><script>" +
|
||||
"window.open('" + url.href + "', 'foobar');" +
|
||||
"onmessage = function(e) { " +
|
||||
" parent.postMessage(e.data, '*'); " +
|
||||
"}" +
|
||||
"</scr" + "ipt></html>";
|
||||
} else if (location.search == '?opener') {
|
||||
try{
|
||||
var socket = new WebSocket('ws://mochi.test:8888/tests/dom/base/test/file_websocket_basic');
|
||||
socket.onerror = function(e) {
|
||||
opener.postMessage('WS onerror', '*');
|
||||
};
|
||||
socket.onopen = function(event) {
|
||||
opener.postMessage('WS onopen', '*');
|
||||
};
|
||||
} catch(e) {
|
||||
if (e.name == 'SecurityError') {
|
||||
opener.postMessage('WS Throws!', '*');
|
||||
} else {
|
||||
opener.postMessage('WS Throws something else!', '*');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
ifr.srcdoc = `
|
||||
<html><script>
|
||||
try{
|
||||
var socket = new WebSocket('ws://mochi.test:8888/tests/dom/base/test/file_websocket_basic');
|
||||
socket.onerror = function(e) {
|
||||
parent.postMessage('WS onerror', '*');
|
||||
};
|
||||
socket.onopen = function(event) {
|
||||
parent.postMessage('WS onopen', '*');
|
||||
};
|
||||
} catch(e) {
|
||||
if (e.name == 'SecurityError') {
|
||||
parent.postMessage('WS Throws!', '*');
|
||||
} else {
|
||||
parent.postMessage('WS Throws something else!', '*');
|
||||
}
|
||||
}
|
||||
</scr`+`ipt>
|
||||
</html>`;
|
||||
}
|
||||
</script>
|
||||
</body></html>
|
@ -804,6 +804,9 @@ skip-if = toolkit == 'android'
|
||||
skip-if = toolkit == 'android'
|
||||
[test_websocket_permessage_deflate.html]
|
||||
skip-if = toolkit == 'android'
|
||||
[test_webSocket_sandbox.html]
|
||||
skip-if = toolkit == 'android'
|
||||
support-files = iframe_webSocket_sandbox.html
|
||||
[test_websocket1.html]
|
||||
skip-if = toolkit == 'android'
|
||||
[test_websocket2.html]
|
||||
|
34
dom/base/test/test_webSocket_sandbox.html
Normal file
34
dom/base/test/test_webSocket_sandbox.html
Normal file
@ -0,0 +1,34 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1252751</title>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="container"></div>
|
||||
<iframe id="frame"></iframe>
|
||||
<script type="application/javascript;version=1.8">
|
||||
var urls = [ "https://example.com/tests/dom/base/test/iframe_webSocket_sandbox.html",
|
||||
"https://example.com/tests/dom/base/test/iframe_webSocket_sandbox.html?nested",
|
||||
"https://example.com/tests/dom/base/test/iframe_webSocket_sandbox.html?popup" ];
|
||||
|
||||
onmessage = function(e) {
|
||||
is(e.data, "WS Throws!", "ws://URI cannot be used by a https iframe");
|
||||
runTest();
|
||||
}
|
||||
|
||||
function runTest() {
|
||||
if (!urls.length) {
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
document.getElementById("frame").src = urls.shift();
|
||||
}
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
runTest();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user