"use strict";

const { Cc, Ci, Cu } = require('chrome');
function makeWindow() {
  let html = '<html><head><title></title></head><body>' +
             "<script>" + 
             "window.documentGlobal = true;" +
             "window.document.getElementsByTagName = function () {return 'evil';};" +
             "window.addEventListener('DOMContentLoaded', function () {" +
             "  document.body.onkeyup = function () {return 'evil';};" +
             "  document.body.attachedObject = 'doc object';" +
             "  window.lateDocumentGlobal = true;" +
             "}, false);" +
             "</script>" + 
             '<form name="kk"></form>' +
             '<iframe id="iframe" src="data:text/html,<script>var jsAttr=true;</script>" />' +
             "</body></html>";
  
  let content =
    '<?xml version="1.0"?>' +
    '<window ' +
    'xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">' +
    '<iframe id="content" type="content" src="data:text/html,' + 
      encodeURIComponent(html) + '"/>' +
    '</window>';
  var url = "data:application/vnd.mozilla.xul+xml," +
            encodeURIComponent(content);
  var features = ["chrome", "width=1000", "height=1000"];

  return Cc["@mozilla.org/embedcomp/window-watcher;1"].
         getService(Ci.nsIWindowWatcher).
         openWindow(null, url, null, features.join(","), null);
}

function testSandbox(test, createSandbox) {
  let chromeWindow = makeWindow();
  test.waitUntilDone();
  
  // We need to wait for the load/unload of temporary about:blank
  // or our worker is going to be automatically destroyed
  chromeWindow.addEventListener("load", function onload() {
    chromeWindow.removeEventListener("load", onload, true);
    
    let contentWin = chromeWindow.document.getElementById("content").contentWindow.wrappedJSObject;
    
    let sandbox = createSandbox(contentWin);
    
    executeTestAgainstSandbox(test, contentWin, sandbox);
    
    //chromeWindow.close();
    test.done();
    
  }, true);
}

function executeTestAgainstSandbox(test, win, sandbox) {
  function evalInSandbox(script) {
    return Cu.evalInSandbox(script, sandbox);
  }
  
  // First confirm that in our unit test, `win` object is an unwrapped one
  test.assertEqual("documentGlobal" in win, true,
                     "`win` object behaves correctly");
  
  // Check if we have access to document globals (should not)
  test.assertEqual(evalInSandbox('window.documentGlobal'), null, 
                   "Does not have access to early document globals");
  test.assertEqual(evalInSandbox('window.lateDocumentGlobal'), null, 
                   "Does not have access to late document globals");
  
  
  // Check content script globals visibility (should not pollute document)
  evalInSandbox('var scriptGlobal = true;');
  test.assertEqual("scriptGlobal" in win, false,
                   "content script globals doesn't pollute document globals");
  test.assertEqual(evalInSandbox('window.scriptGlobal'), true, 
                   "`window` attributes and globals are the same");
  
  // Check that content script can't pollute document
  evalInSandbox('window.injectThroughWindow = true;');
  test.assertEqual("injectThroughWindow" in win, false,
                   "we are not able to inject globals throught `window`");
  
  
  // Find a way to inject JS from the content script to the document
  evalInSandbox('if (typeof unsafeWindow == "object")' +
                '  unsafeWindow.injectThroughWrappedJSWindow = true;' + 
                'else if (window.wrappedJSObject)' +
                '  window.wrappedJSObject.injectThroughWrappedJSWindow = true;' +
                'else if (window.window)' +
                '  window.window.injectThroughWrappedJSWindow = true;' +
                'document.defaultView.injectThroughWrappedJSWindow = true;'
                );
  test.assertEqual("injectThroughWrappedJSWindow" in win, true,
                   "we can inject globals through `window.wrappedJSObject`, " +
                   "`window.window` or `document.defaultView'");
  
  // Check that forms are directly accessible in `document`
  test.assertEqual(evalInSandbox("typeof document.kk"), "object", 
                   "<form> are accessible directly through `document[formName]`");
  
  // Check that mozMatchesSelector works correctly
  test.assertEqual(evalInSandbox("document.body.mozMatchesSelector('body');"), true, 
                   "`mozMatchesSelector` works");
  test.assertEqual(evalInSandbox("document.documentElement.mozMatchesSelector.call(document.body, 'body');"), true, 
                   "`mozMatchesSelector.call` works");
  
  // Check native overload
  evalInSandbox("document.body.removeEventListener = function () {return 'ok';};")
  test.assertEqual(evalInSandbox("document.body.removeEventListener('test', function(){}, false);"), 'ok', 
                   "overloading nativre DOM function is possible.");
  
  // Check iframe.contentWindow
  test.assertEqual(evalInSandbox("document.getElementById('iframe').contentWindow.jsAttr;"), true, 
                   "iframe.contentWindow is not wrapped");
  //test.assertEqual(evalInSandbox("document.getElementById('iframe').contentWindow.wrappedJSObject.jsAttr;"), true, 
  //                 "iframe.contentWindow is wrapped");
  
  // Check HTML elements prototype hacking
  test.assertNotEqual(evalInSandbox("window.HTMLDivElement.prototype"), null, 
                   "Have access to HTMLDivElement.prototype");
  
  // Check simple security hole
  win.XMLHttpRequest = function () {
    return this.postMessage();
  };
  test.assertNotEqual(evalInSandbox("window.XMLHttpRequest()"), "pwnd", 
                   "is not tricked by an XMLHttpRequest overload");
  
  // Check document overload visibility (should not be visible)
  test.assertNotEqual(evalInSandbox('document.getElementsByTagName("body")'), "evil", 
                     "`document.getElementsByTagName` is the native one");
  test.assertEqual(evalInSandbox('document.body.attachedObject'), null, 
                   "`document.body.attachedObject` is not shared");
  try {
    test.assertEqual(evalInSandbox('document.body.onkeyup'), null, 
                     "`document.body.onkeyup` is not shared");
  }
  catch(e) {
    test.fail("document.body.onkeyup throws an exception from content script");
  }
}

exports.testWithWindowPrototype = function testWithWindowPrototype(test) {
  
  testSandbox(test, function (win) {
    let sandbox = new Cu.Sandbox(win, {
      wantXrays: false
    });
    sandbox.__proto__ = win;
    sandbox.postMessage = function () {return "pwnd"};
    Object.defineProperties(sandbox, {
      window: { get: function() sandbox },
    });
    return sandbox;
  });
  
}

exports.testWithXPCWrapper = function testWithXPCWrapper(test) {
  
  testSandbox(test, function (win) {
    let wrappedWin = new XPCNativeWrapper(win);
    let sandbox = new Cu.Sandbox(win, {
      sandboxPrototype: wrappedWin,
      wantXrays: true
    });
    sandbox.unsafeWindow = win;
    sandbox.postMessage = function () {return "pwnd"};
    Object.defineProperties(sandbox, {
      window: { get: function() sandbox },
    });
    return sandbox;
  });
  
}
/*
exports.testWithProxy = function testWithProxy(test) {
  return;
  function handlerMaker(obj) {
    return {
      delete:       function(name) { return delete obj[name]; },
      has:          function(name) {
        return name in obj;
      },
      hasOwn:       function(name) { return Object.prototype.hasOwnProperty.call(obj, name); },
      get:          function(receiver, name) {
        let o;
        //if (name == "window")
        //  return receiver;
        if ("nodeType" in obj && obj.nodeType === 1 && name.indexOf("on")==0)
          return null;
        else
          o = obj[name];
        if (typeof o == "object") {
          return Proxy.create(handlerMaker(o));
        } else if (typeof o == "function") {
          return o.bind(obj);
        }
        return o;
      },
      set:          function(receiver, name, val) { 
        console.log("set : "+name);
        obj[name] = val; return true;
      }, // bad behavior when set fails in non-strict mode
      enumerate:    function() {
        var result = [];
        for (name in obj) { result.push(name); };
        return result;
      },
      keys: function() { return Object.keys(obj) }
    };
  };
  
  testSandbox(test, function (win) {
    let copy = new XPCNativeWrapper(win);
    let wrappedWindow = Proxy.create(handlerMaker(copy));
    
    let sandbox = new Cu.Sandbox(win, {
      wantXrays: false
    });
    sandbox.__proto__ = wrappedWindow;
    Object.defineProperties(sandbox, {
      window: { get: function() sandbox },
    });
    return sandbox;
  });
  
}

*/