4 https://bugzilla.mozilla.org/show_bug.cgi?id=292789
7 <title>Test for Bug
292789</title>
8 <script src=
"/tests/SimpleTest/SimpleTest.js"></script>
9 <link rel=
"stylesheet" type=
"text/css" href=
"/tests/SimpleTest/test.css" />
12 <a target=
"_blank" href=
"https://bugzilla.mozilla.org/show_bug.cgi?id=292789">Mozilla Bug
292789</a>
14 <div id=
"content" style=
"display: none">
15 <script src=
"chrome://global/content/treeUtils.js"></script>
16 <script type=
"application/javascript" src=
"chrome://mozapps/content/update/history.js"></script>
17 <script id=
"resjs" type=
"application/javascript"></script>
20 <script class=
"testbody" type=
"text/javascript">
22 /** Test for Bug
292789
24 * Selectively allow access to allowlisted chrome packages
25 * even for ALLOW_CHROME mechanisms (
<script>, <img
> etc
)
28 /* import-globals-from ../../../toolkit/content/treeUtils.js */
29 /* import-globals-from ../../../toolkit/mozapps/update/content/history.js */
31 SimpleTest.waitForExplicitFinish();
34 import() { return {}; },
37 /** <script src=""> test */
38 function testScriptSrc(aCallback
) {
39 is(typeof gTreeUtils
.sort
, "function",
40 "content can still load <script> from chrome://global");
42 /** Try to find an export from history.js. We will find it if it is
43 * improperly not blocked, otherwise it will be "undefined".
45 is(typeof gUpdateHistory
, "undefined",
46 "content should not be able to load <script> from chrome://mozapps");
48 /** make sure the last one didn't pass because someone
51 var resjs
= document
.getElementById("resjs");
52 resjs
.onload
= scriptOnload
;
53 resjs
.src
= "resource://gre/chrome/toolkit/content/mozapps/update/history.js";
54 document
.getElementById("content").appendChild(resjs
);
56 function scriptOnload() {
57 is(typeof gUpdateHistory
.onLoad
, "function",
58 "history.js has not moved unexpectedly");
60 // trigger the callback
66 /** <img src=""> tests */
67 var img_global
= "chrome://global/skin/media/error.png";
68 var img_mozapps
= "chrome://mozapps/skin/extensions/extensionGeneric.svg";
69 var res_mozapps
= "resource://gre/chrome/toolkit/skin/classic/mozapps/extensions/extensionGeneric.svg";
71 var imgTests
= [[img_global
, "success"],
72 [img_mozapps
, "fail"],
73 [res_mozapps
, "success"]];
77 function runImgTest() {
78 var test
= imgTests
[curImgTest
++];
79 var callback
= curImgTest
== imgTests
.length
? finishTest
: runImgTest
;
80 loadImage(test
[0], test
[1], callback
);
83 function finishTest() {
87 function fail(event
) {
88 is("fail", event
.target
.expected
,
89 "content should not be allowed to load " + event
.target
.src
);
90 if (event
.target
.callback
)
91 event
.target
.callback();
94 function success(event
) {
95 is("success", event
.target
.expected
,
96 "content should be able to load " + event
.target
.src
);
97 if (event
.target
.callback
)
98 event
.target
.callback();
101 function loadImage(uri
, expect
, callback
) {
102 var img
= document
.createElement("img");
104 img
.onload
= success
;
105 img
.expected
= expect
;
106 img
.callback
= callback
;
108 // document.getElementById("content").appendChild(img);
111 // Start off the script src test, and have it start the img tests when complete.
112 // Temporarily allow content to access all resource:// URIs.
113 SpecialPowers
.pushPrefEnv({
115 ["security.all_resource_uri_content_accessible", true],
117 }, () => testScriptSrc(runImgTest
));