Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(70)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-enumeration.html

Issue 1503453002: LayoutTests: fix cross-frame-access-enumeration (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="resources/cross-frame-access.js"></script> 3 <script src="resources/cross-frame-access.js"></script>
4 <script> 4 <script>
5 window.onload = function() 5 window.onload = function()
6 { 6 {
7 if (window.testRunner) { 7 if (window.testRunner) {
8 testRunner.dumpAsText(); 8 testRunner.dumpAsText();
9 testRunner.waitUntilDone(); 9 testRunner.waitUntilDone();
10 } 10 }
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
54 54
55 // Test enumerating the Location object 55 // Test enumerating the Location object
56 var b_win_location = b_win.location; 56 var b_win_location = b_win.location;
57 for (var k in b_win_location) { 57 for (var k in b_win_location) {
58 log("FAIL: Cross frame access by enumerating the Location object was allowed."); 58 log("FAIL: Cross frame access by enumerating the Location object was allowed.");
59 return; 59 return;
60 } 60 }
61 log("PASS: Cross frame access by enumerating the Location object rev ealed no properties."); 61 log("PASS: Cross frame access by enumerating the Location object rev ealed no properties.");
62 62
63 var b_winLocationKeys = Object.keys(b_win_location); 63 var b_winLocationKeys = Object.keys(b_win_location);
64 if (b_winLocationKeys.length != 0) { 64 var keys_failure = false;
65 log("FAIL: Cross frame access by getting the keys of the Locatio n object was allowed."); 65 for (var i = 0; i < b_winLocationKeys.length; i++) {
66 return; 66 var k = b_winLocationKeys[i];
67 // See also cross-frame-access-location-get.html for the list of accessible keys.
68 if (k !== "assign" && k !== "replace") {
69 log("FAIL: Cross frame access by getting the keys of the Loc ation object returned non-whitelisted key: " + k);
70 keys_failure = true;
71 }
67 } 72 }
68 log("PASS: Cross frame access by getting the keys of the Location ob ject revealed no keys."); 73 if (!keys_failure) {
74 log("PASS: Cross frame access by getting the keys of the Locatio n object revealed only whitelisted keys.");
75 }
69 76
70 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_lo cation); 77 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_lo cation);
71 if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) { 78 if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) {
72 log("FAIL: Cross frame access by getting the property names of t he Location object was allowed."); 79 log("FAIL: Cross frame access by getting the property names of t he Location object was allowed.");
73 return; 80 return;
74 } 81 }
75 log("PASS: Cross frame access by getting the property names of the L ocation object revealed no custom properties."); 82 log("PASS: Cross frame access by getting the property names of the L ocation object revealed no custom properties.");
76 } 83 }
77 </script> 84 </script>
78 </head> 85 </head>
79 <body> 86 <body>
80 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p> 87 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p>
81 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe> 88 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe>
82 <pre id="console"></pre> 89 <pre id="console"></pre>
83 </body> 90 </body>
84 </html> 91 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698