bug 405924 Test that loading place URIs is prevented r=dietrich

This commit is contained in:
ctalbert@mozilla.com 2008-04-11 15:39:13 -07:00
parent b5511a40a1
commit 7cade4e365
3 changed files with 202 additions and 2 deletions

View File

@ -40,16 +40,24 @@ DEPTH = ../../../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
relativesrcdir = toolkit/components/places/tests
include $(DEPTH)/config/autoconf.mk
MODULE = test_places
XPCSHELL_TESTS = unit \
XPCSHELL_TESTS = queries \
unit \
bookmarks \
queries \
$(NULL)
# Simple MochiTests
MOCHI_TESTS = mochitest/test_bug_405924.html \
$(NULL)
MOCHI_CONTENT = mochitest/prompt_common.js \
$(NULL)
ifdef MOZ_MOCHITEST
DIRS = \
chrome \
@ -59,3 +67,6 @@ DIRS = \
endif
include $(topsrcdir)/config/rules.mk
libs:: $(MOCHI_TESTS) $(MOCHI_CONTENT)
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)

View File

@ -0,0 +1,74 @@
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
const Ci = Components.interfaces;
ok(Ci != null, "Access Ci");
const Cc = Components.classes;
ok(Cc != null, "Access Cc");
var didDialog;
var timer; // keep in outer scope so it's not GC'd before firing
function startCallbackTimer() {
didDialog = false;
// Delay before the callback twiddles the prompt.
const dialogDelay = 10;
// Use a timer to invoke a callback to twiddle the authentication dialog
timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
timer.init(observer, dialogDelay, Ci.nsITimer.TYPE_ONE_SHOT);
}
var observer = {
QueryInterface : function (iid) {
const interfaces = [Ci.nsIObserver,
Ci.nsISupports, Ci.nsISupportsWeakReference];
if (!interfaces.some( function(v) { return iid.equals(v) } ))
throw Components.results.NS_ERROR_NO_INTERFACE;
return this;
},
observe : function (subject, topic, data) {
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
var doc = getDialogDoc();
if (doc)
handleDialog(doc);
else
startCallbackTimer(); // try again in a bit
}
};
function getDialogDoc() {
// Find the <browser> which contains notifyWindow, by looking
// through all the open windows and all the <browsers> in each.
var wm = Cc["@mozilla.org/appshell/window-mediator;1"].
getService(Ci.nsIWindowMediator);
//var enumerator = wm.getEnumerator("navigator:browser");
var enumerator = wm.getXULWindowEnumerator(null);
while (enumerator.hasMoreElements()) {
var win = enumerator.getNext();
var windowDocShell = win.QueryInterface(Ci.nsIXULWindow).docShell;
var containedDocShells = windowDocShell.getDocShellEnumerator(
Ci.nsIDocShellTreeItem.typeChrome,
Ci.nsIDocShell.ENUMERATE_FORWARDS);
while (containedDocShells.hasMoreElements()) {
// Get the corresponding document for this docshell
var childDocShell = containedDocShells.getNext();
// We don't want it if it's not done loading.
if (childDocShell.busyFlags != Ci.nsIDocShell.BUSY_FLAGS_NONE)
continue;
var childDoc = childDocShell.QueryInterface(Ci.nsIDocShell).
contentViewer.DOMDocument;
//ok(true, "Got window: " + childDoc.location.href);
if (childDoc.location.href == "chrome://global/content/commonDialog.xul")
return childDoc;
}
}
return null;
}

View File

@ -0,0 +1,115 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=405924
-->
<head>
<title>Test for Bug 405924</title>
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="prompt_common.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=405924">
Mozilla Bug 405924</a>
<p id="display"></p>
<div id="content" style="display: none">
<iframe id="iframe"></iframe>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Bug 405924 **/
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
var isDone = false;
// This is called from prompt_common when the error dialog shows up
function handleDialog(doc) {
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
// Verify the error message is correct - the string (places) is not
// translated
var dialog = doc.getElementById("commonDialog");
var desc = doc.getElementById("info.body");
var errmsg = desc.childNodes[0].data;
ok(errmsg.match(/\(place\)/), "Check for the correct message");
// Clear the dialog
dialog.acceptDialog();
// Declared in prompt_common and used to show that we flashed the error
// message
didDialog = true;
if (isDone) {
// Finish up
SimpleTest.finish();
}
}
// Called when the iFrame or the Window is reloaded
function onloadHandler() {
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
// Make sure the alert dialog was shown if we do manage to complete
// the onload. (Usually the alert dialog blocks the onload event)
ok(didDialog, "Alert Dialog was shown");
}
function useXMLHttpRequest(aType, aUri, aValueToSend) {
var req = new XMLHttpRequest();
req.onreadystatechange=function() {
// If this completes, it's an error
if (req.readyState == 4)
ok(false, "XMLHttpRequest to Places URI succeeded: security breach");
}
try {
req.open(aType, aUri, false);
req.send(aValueToSend);
ok(false, "XMLHttpRequest did not throw - security breach");
} catch (ex) {
// Unfortunately it's an unknown error, so no use in trying to see
// what it was
// XMLHttpRequest to Places URI threw: expected behavior
}
}
// First try requesting a places URI from javascript - fails silently
useXMLHttpRequest("GET",
"place:folder=BOOKMARKS_MENU&folder=UNFILED_BOOKMARKS&folder=TOOLBAR&sort=12&excludeQueries=1&queryType=1",
null);
// Second, try posting to a places URI just for grins
useXMLHttpRequest("POST",
"place:folder=UNFILED_BOOKMARKS&sort=12&queryType=1",
"SELECT%20*%20FROM%20moz_places");
// Third test, use the iFrame and try loading directly
var iframe = document.getElementById("iframe");
iframe.onload = onloadHandler;
startCallbackTimer();
try {
// This one probably won't throw but it will show the Error Dialog
iframe.src = "place:sort=14&type=6&maxResults=10";
todo(false, "This should throw: bug 428585")
} catch (ex) {
// Bug 428585: This should throw
}
// And finally, go for broke
window.onload = onloadHandler;
isDone = true;
startCallbackTimer();
try {
window.content.document.location.href = "place:sort=8&maxResults=10";
ok(false, "Window set to places URI did not throw - security breach");
} catch (ex) {
// Window set to places URI threw exception: expected behavior
}
// We finish up in the onloadHandler
SimpleTest.waitForExplicitFinish();
</script>
</pre>
</body>
</html>