| OLD | NEW |
|---|
| 1 <html> | 1 <html> |
| 2 <head> | 2 <head> |
| 3 <script src="resources/cross-frame-access.js"></script> | 3 <script src="resources/cross-frame-access.js"></script> |
| 4 <script> | 4 <script> |
| 5 window.onload = function() | 5 window.onload = function() |
| 6 { | 6 { |
| 7 if (window.testRunner) { | 7 if (window.testRunner) { |
| 8 testRunner.dumpAsText(); | 8 testRunner.dumpAsText(); |
| 9 testRunner.waitUntilDone(); | 9 testRunner.waitUntilDone(); |
| 10 } | 10 } |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 54 | 54 |
| 55 // Test enumerating the Location object | 55 // Test enumerating the Location object |
| 56 var b_win_location = b_win.location; | 56 var b_win_location = b_win.location; |
| 57 for (var k in b_win_location) { | 57 for (var k in b_win_location) { |
| 58 log("FAIL: Cross frame access by enumerating the Location object
was allowed."); | 58 log("FAIL: Cross frame access by enumerating the Location object
was allowed."); |
| 59 return; | 59 return; |
| 60 } | 60 } |
| 61 log("PASS: Cross frame access by enumerating the Location object rev
ealed no properties."); | 61 log("PASS: Cross frame access by enumerating the Location object rev
ealed no properties."); |
| 62 | 62 |
| 63 var b_winLocationKeys = Object.keys(b_win_location); | 63 var b_winLocationKeys = Object.keys(b_win_location); |
| 64 if (b_winLocationKeys.length != 0) { | 64 var keys_failure = false; |
| 65 log("FAIL: Cross frame access by getting the keys of the Locatio
n object was allowed."); | 65 for (var i = 0; i < b_winLocationKeys.length; i++) { |
| 66 return; | 66 var k = b_winLocationKeys[i]; |
| 67 // See also cross-frame-access-location-get.html for the list of
accessible keys. |
| 68 if (k !== "assign" && k !== "replace") { |
| 69 log("FAIL: Cross frame access by getting the keys of the Loc
ation object returned non-whitelisted key: " + k); |
| 70 keys_failure = true; |
| 71 } |
| 67 } | 72 } |
| 68 log("PASS: Cross frame access by getting the keys of the Location ob
ject revealed no keys."); | 73 if (!keys_failure) { |
| 74 log("PASS: Cross frame access by getting the keys of the Locatio
n object revealed only whitelisted keys."); |
| 75 } |
| 69 | 76 |
| 70 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_lo
cation); | 77 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_lo
cation); |
| 71 if (b_winLocationPropertyNames.indexOf("customLocationProperty") !=
-1) { | 78 if (b_winLocationPropertyNames.indexOf("customLocationProperty") !=
-1) { |
| 72 log("FAIL: Cross frame access by getting the property names of t
he Location object was allowed."); | 79 log("FAIL: Cross frame access by getting the property names of t
he Location object was allowed."); |
| 73 return; | 80 return; |
| 74 } | 81 } |
| 75 log("PASS: Cross frame access by getting the property names of the L
ocation object revealed no custom properties."); | 82 log("PASS: Cross frame access by getting the property names of the L
ocation object revealed no custom properties."); |
| 76 } | 83 } |
| 77 </script> | 84 </script> |
| 78 </head> | 85 </head> |
| 79 <body> | 86 <body> |
| 80 <p>This tests that variable names can't be enumerated cross domain (see http
://bugs.webkit.org/show_bug.cgi?id=16387)</p> | 87 <p>This tests that variable names can't be enumerated cross domain (see http
://bugs.webkit.org/show_bug.cgi?id=16387)</p> |
| 81 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for
-enumeration-test.html"></iframe> | 88 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for
-enumeration-test.html"></iframe> |
| 82 <pre id="console"></pre> | 89 <pre id="console"></pre> |
| 83 </body> | 90 </body> |
| 84 </html> | 91 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1503453002:
LayoutTests: fix cross-frame-access-enumeration (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master