scriptscat · CodFrm · May 24, 2026 · May 23, 2026 · May 23, 2026 · May 23, 2026
diff --git a/e2e/gm-api.spec.ts b/e2e/gm-api.spec.ts
@@ -196,4 +196,21 @@ test.describe("GM API", () => {
     expect(failed, "Some content inject tests failed").toBe(0);
     expect(passed, "No test results found - script may not have run").toBeGreaterThan(0);
   });
+
+  test("Sandbox Test (sandbox_test.js)", async ({ context, extensionId }) => {
+    const { passed, failed, logs } = await runTestScript(
+      context,
+      extensionId,
+      "sandbox_test.js",
+      `${TARGET_URL}?SANDBOX_TEST_SC`,
+      8_000
+    );
+
+    console.log(`[sandbox_test] passed=${passed}, failed=${failed}`);
+    if (failed !== 0) {
+      console.log("[sandbox_test] logs:", logs.join("\n"));
+    }
+    expect(failed, "Some tests failed").toBe(0);
+    expect(passed, "No test results found - script may not have run").toBeGreaterThan(0);
+  });
 });
diff --git a/example/tests/sandbox_test.js b/example/tests/sandbox_test.js
@@ -22,6 +22,11 @@
 // @run-at       document-end
 // ==/UserScript==
 
+var testVar1001 = 1001;
+const mpt = document.body.appendChild(document.createElement("test-element-1002"));
+mpt.id = "test-element-1002";
+mpt.name = "test-element-1002";
+
 (async function () {
   "use strict";
 
@@ -145,6 +150,16 @@
 
   section("沙盒全局身份");
 
+  await test("检测全局 testVar1001 会否跳出沙盒", () => {
+    assertSame(undefined, window["testVar1001"], "全局 testVar1001 不应跳出沙盒");
+    assertSame(undefined, unsafeWindow["testVar1001"], "全局 testVar1001 不应跳出沙盒");
+  });
+
+  await test("检测全局 test-element-1002", () => {
+    assertSame("test-element-1002", unsafeWindow["test-element-1002"]?.id, "全局 test-element-1002");
+    assertSame(undefined, window["test-element-1002"]?.id, "半沙盒无法检测 test-element-1002");
+  });
+
   await test("window/self/globalThis/top/parent/frames 均指向沙盒对象", () => {
     assertSame("object", typeof unsafeWindow, "unsafeWindow 应存在");
     assertNotSame(
@@ -893,13 +908,19 @@
       () => {},
     ));
 
-  await test("eval 保持可用，并在当前沙盒内解析全局", () => {
-    const key = `${markerPrefix}_eval`;
-    eval(`window["${key}"] = "from-eval";`);
-    assertSame("from-eval", window[key], "eval 应能写入沙盒 window");
-    assertSame(undefined, unsafeWindow[key], "eval 写入不应穿透页面 window");
-    delete window[key];
-  });
+  if (location.origin.includes("content-security-policy")) {
+    // CSP 不测试 eval
+  } else {
+    // eval 不一定能通过
+    // 这跟沙盒无关。不应进行此测试
+    await test("eval 保持可用，并在当前沙盒内解析全局", () => {
+      const key = `${markerPrefix}_eval`;
+      eval(`window["${key}"] = "from-eval";`);
+      assertSame("from-eval", window[key], "eval 应能写入沙盒 window");
+      assertSame(undefined, unsafeWindow[key], "eval 写入不应穿透页面 window");
+      delete window[key];
+    });
+  }
 
   console.log(
     "\n%c=== 测试完成 ===",