Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(764)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/cross-frame-access-enumeration.html

Issue 14198015: Deny cross-origin access to 'window.history'. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: rebase Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« LayoutTests/fast/frames/sandboxed-iframe-history-denied-expected.txt ('K') | « LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt » ('j') | LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="resources/cross-frame-access.js"></script> 3 <script src="resources/cross-frame-access.js"></script>
4 <script> 4 <script>
5 window.onload = function() 5 window.onload = function()
6 { 6 {
7 if (window.testRunner) { 7 if (window.testRunner) {
8 testRunner.dumpAsText(); 8 testRunner.dumpAsText();
9 testRunner.waitUntilDone(); 9 testRunner.waitUntilDone();
10 } 10 }
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
52 } 52 }
53 log("PASS: Cross frame access by getting the keys of the window obje ct was denied."); 53 log("PASS: Cross frame access by getting the keys of the window obje ct was denied.");
54 54
55 var b_winPropertyNames = Object.getOwnPropertyNames(b_win); 55 var b_winPropertyNames = Object.getOwnPropertyNames(b_win);
56 if (b_winPropertyNames.indexOf("customWindowProperty") != -1) { 56 if (b_winPropertyNames.indexOf("customWindowProperty") != -1) {
57 log("FAIL: Cross frame access by getting the property names of t he window object was allowed."); 57 log("FAIL: Cross frame access by getting the property names of t he window object was allowed.");
58 return; 58 return;
59 } 59 }
60 log("PASS: Cross frame access by getting the property names of the w indow object was denied."); 60 log("PASS: Cross frame access by getting the property names of the w indow object was denied.");
61 61
62 // Test enumerating the History object
63 var b_win_history = b_win.history;
64 try {
65 for (var k in b_win_history) {
66 if (k == "customHistoryProperty") {
67 log("FAIL: Cross frame access by enumerating the History object was allowed.");
68 return;
69 }
70 }
71 } catch (e) {
72 }
73 log("PASS: Cross frame access by enumerating the History object was denied.");
74
75 var b_winHistoryKeys = Object.keys(b_win_history);
76 if (b_winHistoryKeys.indexOf("customHistoryProperty") != -1) {
77 log("FAIL: Cross frame access by getting the keys of the History object was allowed.");
78 return;
79 }
80 log("PASS: Cross frame access by getting the keys of the History obj ect was denied.");
81
82 var b_winHistoryPropertyNames = Object.getOwnPropertyNames(b_win_his tory);
83 if (b_winHistoryPropertyNames.indexOf("customHistoryProperty") != -1 ) {
84 log("FAIL: Cross frame access by getting the property names of t he History object was allowed.");
85 return;
86 }
87 log("PASS: Cross frame access by getting the property names of the H istory object was denied.");
88
89 // Test enumerating the Location object 62 // Test enumerating the Location object
90 var b_win_location = b_win.location; 63 var b_win_location = b_win.location;
91 try { 64 try {
92 for (var k in b_win_location) { 65 for (var k in b_win_location) {
93 if (k == "customLocationProperty") { 66 if (k == "customLocationProperty") {
94 log("FAIL: Cross frame access by enumerating the Locatio n object was allowed."); 67 log("FAIL: Cross frame access by enumerating the Locatio n object was allowed.");
95 return; 68 return;
96 } 69 }
97 } 70 }
98 } catch (e) { 71 } catch (e) {
(...skipping 15 matching lines...) Expand all
114 log("PASS: Cross frame access by getting the property names of the L ocation object was denied."); 87 log("PASS: Cross frame access by getting the property names of the L ocation object was denied.");
115 } 88 }
116 </script> 89 </script>
117 </head> 90 </head>
118 <body> 91 <body>
119 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p> 92 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p>
120 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe> 93 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe>
121 <pre id="console"></pre> 94 <pre id="console"></pre>
122 </body> 95 </body>
123 </html> 96 </html>
OLDNEW
« LayoutTests/fast/frames/sandboxed-iframe-history-denied-expected.txt ('K') | « LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt » ('j') | LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt » ('J')

Powered by Google App Engine
This is Rietveld 408576698