Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(976)

Side by Side Diff: LayoutTests/http/tests/security/suborigins/suborigin-invalid-names.html

Issue 1180923003: Add window access checks for Suborigins (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fix tests on Windows Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <title>Invalid suborigin names</title> 4 <title>Invalid suborigin names</title>
5 <script src="/resources/testharness.js"></script>
6 <script src="/resources/testharnessreport.js"></script>
7 </head> 5 </head>
8 6
9 <script> 7 <script>
8 if (window.testRunner) {
9 testRunner.dumpAsText();
10 testRunner.waitUntilDone();
11 }
12
13 function finish() {
14 if (window.testRunner)
15 testRunner.notifyDone();
16 }
17
10 var test_suborigin_names = [ 18 var test_suborigin_names = [
11 "", 19 "",
12 "'foobar'", 20 "'foobar'",
13 "'foobar", 21 "'foobar",
14 "foobar'", 22 "foobar'",
15 "foo'bar", 23 "foo'bar",
16 "foob@r", 24 "foob@r",
17 "foo bar", 25 "foo bar",
18 ]; 26 ];
19 27
20 var iframe; 28 var iframe;
21 var i = 0; 29 var i = 0;
22 function next() { 30 function next() {
23 name = test_suborigin_names[i]; 31 if (i >= test_suborigin_names.length)
32 finish();
33 document.getElementById('iframe').src = "resources/reach-into-iframe.php?chi ldsuborigin=" + test_suborigin_names[i];
24 i++; 34 i++;
25 iframe.src = "resources/childsuborigin.php?suborigin=" + name;
26 } 35 }
27 36
28 window.onmessage = function() { 37 window.onmessage = function(event) {
29 if (i > test_suborigin_names.length) 38 alert(event.data);
30 done();
31
32 var secret = '';
33 try {
34 secret = iframe.contentWindow.secret;
35 assert_equals(secret, "I am a secret", "The parent frame should always b e able to get the secret value from the child iframe.");
36 } catch(e) {
37 assert_unreached();
38 };
39 next(); 39 next();
40 }; 40 };
41 41
42 window.onload = function() {; 42 window.onload = function() {;
43 iframe = document.getElementById('iframe');
44 next(); 43 next();
45 }; 44 };
46 </script> 45 </script>
47 <iframe id="iframe"></iframe> 46 <iframe id="iframe"></iframe>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698