Index: third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-enumeration.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-enumeration.html b/third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-enumeration.html |
index 331798c06e64f2a4e5a9d6be82ba49ff07502f4b..b387fdc8d6fc276ebb44cd89e0127695480615af 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-enumeration.html |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/cross-frame-access-enumeration.html |
@@ -61,16 +61,23 @@ |
log("PASS: Cross frame access by enumerating the Location object revealed no properties."); |
var b_winLocationKeys = Object.keys(b_win_location); |
- if (b_winLocationKeys.length != 0) { |
- log("FAIL: Cross frame access by getting the keys of the Location object was allowed."); |
- return; |
+ var keys_failure = false; |
+ for (var i = 0; i < b_winLocationKeys.length; i++) { |
+ var k = b_winLocationKeys[i]; |
+ // See also cross-frame-access-location-get.html for the list of accessible keys. |
+ if (k !== "assign" && k !== "replace") { |
+ log("FAIL: Cross frame access by getting the keys of the Location object returned non-whitelisted key: " + k); |
+ keys_failure = true; |
+ } |
+ } |
+ if (!keys_failure) { |
+ log("PASS: Cross frame access by getting the keys of the Location object revealed only whitelisted keys."); |
} |
- log("PASS: Cross frame access by getting the keys of the Location object revealed no keys."); |
var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_location); |
if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) { |
log("FAIL: Cross frame access by getting the property names of the Location object was allowed."); |
- return; |
+ return; |
} |
log("PASS: Cross frame access by getting the property names of the Location object revealed no custom properties."); |
} |