test_exportFunction.js

Enable keyboard shortcuts

function run_test() {

  var epsb = new Cu.Sandbox(["http://example.com", "http://example.org"], { wantExportHelpers: true });

  var subsb = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });

  var subsb2 = new Cu.Sandbox("http://example.com", { wantGlobalProperties: ["XMLHttpRequest"] });

  var xorigsb = new Cu.Sandbox("http://test.com", { wantGlobalProperties: ["XMLHttpRequest"] });

  epsb.subsb = subsb;

  epsb.xorigsb = xorigsb;

  epsb.ok = ok;

  epsb.equal = equal;

  subsb.ok = ok;

  subsb.equal = equal;

  // Exporting should work if prinicipal of the source sandbox

  // subsumes the principal of the target sandbox.

  Cu.evalInSandbox("(" + function() {

    var wasCalled = false;

    this.funToExport = function(expectedThis, a, obj, native, mixed, callback) {

      equal(arguments.callee.length, 6);

      equal(a, 42);

      equal(obj, subsb.tobecloned);

      equal(obj.cloned, "cloned");

      equal(native, subsb.native);

      equal(expectedThis, this);

      equal(mixed.xrayed, subsb.xrayed);

      equal(mixed.xrayed2, subsb.xrayed2);

      if (typeof callback == 'function') {

        equal(typeof subsb.callback, 'function');

        equal(callback, subsb.callback);

        callback();

      wasCalled = true;

};

    this.checkIfCalled = function() {

      ok(wasCalled);

      wasCalled = false;

    exportFunction(funToExport, subsb, { defineAs: "imported", allowCallbacks: true });

    exportFunction((x) => x, subsb, { defineAs: "echoAllowXO", allowCallbacks: true, allowCrossOriginArguments: true });

  }.toSource() + ")()", epsb);

  subsb.xrayed = Cu.evalInSandbox("(" + function () {

      return new XMLHttpRequest();

  }.toSource() + ")()", subsb2);

  // Exported function should be able to be call from the

  // target sandbox. Native arguments should be just wrapped

  // every other argument should be cloned.

  Cu.evalInSandbox("(" + function () {

    native = new XMLHttpRequest();

    xrayed2 = XPCNativeWrapper(new XMLHttpRequest());

    mixed = { xrayed: xrayed, xrayed2: xrayed2 };

    tobecloned = { cloned: "cloned" };

    invokedCallback = false;

    callback = function() { invokedCallback = true; };

    imported(this, 42, tobecloned, native, mixed, callback);

    equal(imported.length, 6);

    ok(invokedCallback);

  }.toSource() + ")()", subsb);

  // Invoking an exported function with cross-origin arguments should throw.

  subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);

  try {

    Cu.evalInSandbox('imported(this, xoNative)', subsb);

    Assert.ok(false);

  } catch (e) {

    Assert.ok(/denied|insecure/.test(e));

  // Callers can opt-out of the above.

  subsb.xoNative = Cu.evalInSandbox('new XMLHttpRequest()', xorigsb);

  try {

    Assert.equal(Cu.evalInSandbox('echoAllowXO(xoNative)', subsb), subsb.xoNative);

    Assert.ok(true);

  } catch (e) {

    Assert.ok(false);

  // Apply should work and |this| should carry over appropriately.

  Cu.evalInSandbox("(" + function() {

    var someThis = {};

    imported.apply(someThis, [someThis, 42, tobecloned, native, mixed]);

  }.toSource() + ")()", subsb);

  Cu.evalInSandbox("(" + function() {

    checkIfCalled();

  }.toSource() + ")()", epsb);

  // Exporting should throw if principal of the source sandbox does

  // not subsume the principal of the target.

  Cu.evalInSandbox("(" + function() {

    try{

      exportFunction(function() {}, this.xorigsb, { defineAs: "denied" });

      ok(false);

    } catch (e) {

      ok(e.toString().indexOf('Permission denied') > -1);

  }.toSource() + ")()", epsb);

  // Exporting should throw if the principal of the source sandbox does

  // not subsume the principal of the function.

  epsb.xo_function = new xorigsb.Function();

  Cu.evalInSandbox("(" + function() {

    try{

      exportFunction(xo_function, this.subsb, { defineAs: "denied" });

      ok(false);

    } catch (e) {

      dump('Exception: ' + e);

      ok(e.toString().indexOf('Permission denied') > -1);

  }.toSource() + ")()", epsb);

  // Let's create an object in the target scope and add privileged

  // function to it as a property.

  Cu.evalInSandbox("(" + function() {

    var newContentObject = createObjectIn(subsb, { defineAs: "importedObject" });

    exportFunction(funToExport, newContentObject, { defineAs: "privMethod" });

  }.toSource() + ")()", epsb);

  Cu.evalInSandbox("(" + function () {

    importedObject.privMethod(importedObject, 42, tobecloned, native, mixed);

  }.toSource() + ")()", subsb);

  Cu.evalInSandbox("(" + function() {

    checkIfCalled();

  }.toSource() + ")()", epsb);

  // exportFunction and createObjectIn should be available from Cu too.

  var newContentObject = Cu.createObjectIn(subsb, { defineAs: "importedObject2" });

  var wasCalled = false;

  Cu.exportFunction(function(arg) { wasCalled = arg.wasCalled; },

                    newContentObject, { defineAs: "privMethod" });

  Cu.evalInSandbox("(" + function () {

    importedObject2.privMethod({wasCalled: true});

  }.toSource() + ")()", subsb);

  // 3rd argument of exportFunction should be optional.

  Cu.evalInSandbox("(" + function() {

    subsb.imported2 = exportFunction(funToExport, subsb);

  }.toSource() + ")()", epsb);

  Cu.evalInSandbox("(" + function () {

    imported2(this, 42, tobecloned, native, mixed);

  }.toSource() + ")()", subsb);

  Cu.evalInSandbox("(" + function() {

    checkIfCalled();

  }.toSource() + ")()", epsb);

  Assert.ok(wasCalled);