OLD | NEW |
1 <html> | 1 <html> |
2 <head> | 2 <head> |
3 <script src="resources/cross-frame-access.js"></script> | 3 <script src="resources/cross-frame-access.js"></script> |
4 <script> | 4 <script> |
5 window.onload = function() | 5 window.onload = function() |
6 { | 6 { |
7 if (window.testRunner) { | 7 if (window.testRunner) { |
8 testRunner.dumpAsText(); | 8 testRunner.dumpAsText(); |
9 testRunner.waitUntilDone(); | 9 testRunner.waitUntilDone(); |
10 } | 10 } |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 | 54 |
55 // Test enumerating the Location object | 55 // Test enumerating the Location object |
56 var b_win_location = b_win.location; | 56 var b_win_location = b_win.location; |
57 for (var k in b_win_location) { | 57 for (var k in b_win_location) { |
58 log("FAIL: Cross frame access by enumerating the Location object
was allowed."); | 58 log("FAIL: Cross frame access by enumerating the Location object
was allowed."); |
59 return; | 59 return; |
60 } | 60 } |
61 log("PASS: Cross frame access by enumerating the Location object rev
ealed no properties."); | 61 log("PASS: Cross frame access by enumerating the Location object rev
ealed no properties."); |
62 | 62 |
63 var b_winLocationKeys = Object.keys(b_win_location); | 63 var b_winLocationKeys = Object.keys(b_win_location); |
64 if (b_winLocationKeys.length != 0) { | 64 var keys_failure = false; |
65 log("FAIL: Cross frame access by getting the keys of the Locatio
n object was allowed."); | 65 for (var i = 0; i < b_winLocationKeys.length; i++) { |
66 return; | 66 var k = b_winLocationKeys[i]; |
| 67 // See also cross-frame-access-location-get.html for the list of
accessible keys. |
| 68 if (k !== "assign" && k !== "replace") { |
| 69 log("FAIL: Cross frame access by getting the keys of the Loc
ation object returned non-whitelisted key: " + k); |
| 70 keys_failure = true; |
| 71 } |
67 } | 72 } |
68 log("PASS: Cross frame access by getting the keys of the Location ob
ject revealed no keys."); | 73 if (!keys_failure) { |
| 74 log("PASS: Cross frame access by getting the keys of the Locatio
n object revealed only whitelisted keys."); |
| 75 } |
69 | 76 |
70 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_lo
cation); | 77 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_lo
cation); |
71 if (b_winLocationPropertyNames.indexOf("customLocationProperty") !=
-1) { | 78 if (b_winLocationPropertyNames.indexOf("customLocationProperty") !=
-1) { |
72 log("FAIL: Cross frame access by getting the property names of t
he Location object was allowed."); | 79 log("FAIL: Cross frame access by getting the property names of t
he Location object was allowed."); |
73 return; | 80 return; |
74 } | 81 } |
75 log("PASS: Cross frame access by getting the property names of the L
ocation object revealed no custom properties."); | 82 log("PASS: Cross frame access by getting the property names of the L
ocation object revealed no custom properties."); |
76 } | 83 } |
77 </script> | 84 </script> |
78 </head> | 85 </head> |
79 <body> | 86 <body> |
80 <p>This tests that variable names can't be enumerated cross domain (see http
://bugs.webkit.org/show_bug.cgi?id=16387)</p> | 87 <p>This tests that variable names can't be enumerated cross domain (see http
://bugs.webkit.org/show_bug.cgi?id=16387)</p> |
81 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for
-enumeration-test.html"></iframe> | 88 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for
-enumeration-test.html"></iframe> |
82 <pre id="console"></pre> | 89 <pre id="console"></pre> |
83 </body> | 90 </body> |
84 </html> | 91 </html> |
OLD | NEW |