Add test to ensure Net.* remains unimplemented Also do the same for other "dangerous" objects. Bug: chromium:853237 Change-Id: I99ba5037f76e91d386f9b13a614b02101b50499a Reviewed-on: https://pdfium-review.googlesource.com/c/50850 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/testing/resources/javascript/unsupported.in b/testing/resources/javascript/unsupported.in new file mode 100644 index 0000000..4d1ad5e --- /dev/null +++ b/testing/resources/javascript/unsupported.in
@@ -0,0 +1,62 @@ +{{header}} +{{object 1 0}} << + /Type /Catalog + /Pages 2 0 R + /OpenAction 10 0 R +>> +endobj +{{object 2 0}} << + /Type /Pages + /Count 1 + /Kids [ + 3 0 R + ] +>> +endobj +% Page number 0. +{{object 3 0}} << + /Type /Page + /Parent 2 0 R + /MediaBox [0 0 612 792] +>> +% OpenAction action +{{object 10 0}} << + /Type /Action + /S /JavaScript + /JS 11 0 R +>> +endobj +% JS program to exexute +{{object 11 0}} << + {{streamlen}} +>> +stream +function expectUnsupportedDangerousFeature(what) { + try { + var result = eval("typeof " + what); + if (result == "undefined") { + app.alert('PASS: ' + what + ' is not implemented'); + } else { + app.alert('FAIL: ' + what + ' is implemented, probably a bad idea.'); + app.alert('FAIL: see https://crbug.com/853237'); + } + } catch (e) { + app.alert('Unexpected error ' + e.toString()); + } +} + +try { + expectUnsupportedDangerousFeature("ADBC"); + expectUnsupportedDangerousFeature("Directory"); + expectUnsupportedDangerousFeature("Net"); + expectUnsupportedDangerousFeature("dbg"); + expectUnsupportedDangerousFeature("security"); +} catch (e) { + app.alert('Truly unexpected error: ' + e); +} +endstream +endobj +{{xref}} +{{trailer}} +{{startxref}} +%%EOF
diff --git a/testing/resources/javascript/unsupported_expected.txt b/testing/resources/javascript/unsupported_expected.txt new file mode 100644 index 0000000..c9cb77b --- /dev/null +++ b/testing/resources/javascript/unsupported_expected.txt
@@ -0,0 +1,5 @@ +Alert: PASS: ADBC is not implemented +Alert: PASS: Directory is not implemented +Alert: PASS: Net is not implemented +Alert: PASS: dbg is not implemented +Alert: PASS: security is not implemented