Figure out what to do with Mochitests using cross-origin violations



7 years ago
5 years ago


(Reporter: ted, Assigned: mrbkap)


(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)



Comment 1

7 years ago
Jonas: bug 641706 should fix the XHR issues (which I think will be very useful). A bunch of these other tests want to touch the DOM of a cross-origin document. Is that something we can fix, or should we just be moving these tests into mochitest-chrome?
We could add a bunch of SpecialPowers APIs which allow poking at various cross-site nodes.

However I suspect the solution would be fairly complex if we want to expose arbitrary poking. So if we can rewrite to use mochitest-chrome then that might be better.

One alternative would be to allow running XPath expressions that return non-nodes. Something like

SpecialPowers = {


  runXPathExpression(expr, window) {
    res = window.document.evaluate(expr, window.document, null,
                                   window.XPathResult.ANY_TYPE, null);
    switch(res.resultType) {
      case res.NUMBER_TYPE:
        return res.numberValue;
      case res.STRING_TYPE:
        return res.stringValue;
      cast res.BOOLEAN_TYPE:
        return res.booleanValue;
        throw "Wrong Type";



It *should* also be possible to use javascript proxies in combination with wrapper magic to create a wrapper which allows exposing the full DOM cross site. If someone wants to look into that then that is an option.

Comment 3

7 years ago
Oh, the XPath idea sounds like a good one! I'm not terribly familiar with XPath, but I feel like all the feedparser tests could certainly be switched to use that. It feels like a fair tradeoff that doesn't require us to implement complex security checks, but still exposes a pretty flexible API.
Blake says we can probably write a JS proxy that can be requested through SpecialPowers, which can then give access to whatever the page normally doesn't have access to, etc. He'll write something up and we'll see if that covers all we need here...
Assignee: nobody → mrbkap

Comment 5

5 years ago
This was fixed by bholley a while ago.
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.