We have a number of Mochitests that rely on violating cross-origin checks. For example: These all use the feed parser, which apparently winds up not same-origin: http://mxr.mozilla.org/mozilla-central/source/browser/base/content/test/test_bug364677.html?force=1 http://mxr.mozilla.org/mozilla-central/source/browser/base/content/test/test_bug395533.html?force=1 http://mxr.mozilla.org/mozilla-central/source/browser/base/content/test/test_bug395533.html?force=1 http://mxr.mozilla.org/mozilla-central/source/browser/components/feeds/test/test_bug408328.html?force=1 http://mxr.mozilla.org/mozilla-central/source/browser/components/feeds/test/test_bug494328.html?force=1 Cross origin XHR: http://mxr.mozilla.org/mozilla-central/source/content/base/test/test_bug431701.html?force=1 I don't know if there's an easy way to translate these to using a SpecialPowers API, or if they should just all wind up as chrome Mochitests.
Depends on: 641706
Jonas: bug 641706 should fix the XHR issues (which I think will be very useful). A bunch of these other tests want to touch the DOM of a cross-origin document. Is that something we can fix, or should we just be moving these tests into mochitest-chrome?
Oh, the XPath idea sounds like a good one! I'm not terribly familiar with XPath, but I feel like all the feedparser tests could certainly be switched to use that. It feels like a fair tradeoff that doesn't require us to implement complex security checks, but still exposes a pretty flexible API.
Blake says we can probably write a JS proxy that can be requested through SpecialPowers, which can then give access to whatever the page normally doesn't have access to, etc. He'll write something up and we'll see if that covers all we need here...
Assignee: nobody → mrbkap
This was fixed by bholley a while ago.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.