DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (fddffdeab170)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=292789
-->
<head>
  <title>Test for Bug 292789</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=292789">Mozilla Bug 292789</a>
<p id="display"></p>
<div id="content" style="display: none">
  <script src="chrome://global/content/treeUtils.js"></script>
  <script type="application/javascript;version=1.8" src="chrome://mozapps/content/xpinstall/xpinstallConfirm.js"></script>
  <script id="resjs" type="application/javascript;version=1.8"></script>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">

/** Test for Bug 292789
 **
 ** Selectively allow access to whitelisted chrome packages
 ** even for ALLOW_CHROME mechanisms (<script>, <img> etc)
 **/

SimpleTest.waitForExplicitFinish();

/** <script src=""> test **/
function testScriptSrc(aCallback) {
    is(typeof gTreeUtils.sort, "function",
       "content can still load <script> from chrome://global");
    is(typeof XPInstallConfirm, "undefined",
       "content should not be able to load <script> from chrome://mozapps");

    /** make sure the last one didn't pass because someone
     ** moved the resource
     **/
    var resjs = document.getElementById("resjs");
    resjs.onload = scriptOnload;
    resjs.src = "resource://gre/chrome/toolkit/content/mozapps/xpinstall/xpinstallConfirm.js";
    document.getElementById("content").appendChild(resjs);

    function scriptOnload() {
      is(typeof XPInstallConfirm, "object",
         "xpinstallConfirm.js has not moved unexpectedly");

      // trigger the callback
      if (aCallback)
        aCallback();
    }
}

/** <img src=""> tests **/
var img_global = "chrome://global/skin/icons/Error.png";
var img_mozapps = "chrome://mozapps/skin/passwordmgr/key.png";
var res_mozapps = "resource://gre/chrome/toolkit/skin/classic/mozapps/passwordmgr/key.png";

var imgTests = [[img_global, "success"],
                [img_mozapps, "fail"],
                [res_mozapps, "success"]];

var curImgTest = 0;

function runImgTest() {
    var test = imgTests[curImgTest++];
    var callback = curImgTest == imgTests.length ? finishTest : runImgTest;
    loadImage(test[0], test[1], callback);
}

function finishTest() {
  SimpleTest.finish();
}

function fail(event) {
    is(event.target.expected, "fail",
       "content should not be allowed to load "+event.target.src);
    if (event.target.callback)
      event.target.callback();
}

function success(event) {
    is(event.target.expected, "success",
       "content should be able to load "+event.target.src);
    if (event.target.callback)
      event.target.callback();
}

function loadImage(uri, expect, callback) {
    var img = document.createElement("img");
    img.onerror = fail;
    img.onload = success;
    img.expected = expect;
    img.callback = callback;
    img.src = uri;
    //document.getElementById("content").appendChild(img);
}

// Start off the script src test, and have it start the img tests when complete.
testScriptSrc(runImgTest);
</script>
</pre>
</body>
</html>