Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(218)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/dart/security/cross-frame-access.html

Issue 1532413002: Added Dartium changes onto 45.0.2454.104 (Closed) Base URL: http://src.chromium.org/blink/branches/chromium/2454
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/dart/script-onerror-expected.txt ('k') | LayoutTests/dart/security/cross-frame-access-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/dart/security/cross-frame-access.html
diff --git a/LayoutTests/dart/security/cross-frame-access.html b/LayoutTests/dart/security/cross-frame-access.html
new file mode 100644
index 0000000000000000000000000000000000000000..482d8eebf59f5e4a5f080e85bbe62b168a068f63
--- /dev/null
+++ b/LayoutTests/dart/security/cross-frame-access.html
@@ -0,0 +1,118 @@
+<html>
+<body>
+<script type='application/javascript' src='../../../../../dart/pkg/unittest/lib/test_controller.js'></script>
+<script type=application/dart>
+import 'package:unittest/unittest.dart';
+import 'package:unittest/html_config.dart';
+import 'dart:async';
+import 'dart:html';
+
+main() {
+ useHtmlConfiguration(true);
+
+ final sameOriginIFrame = new Element.tag('iframe');
+ sameOriginIFrame.src = 'resources/cross-frame-access-iframe.html';
+
+ final crossOriginIFrame = new Element.tag('iframe');
+ crossOriginIFrame.src = 'data:text/html, <p>test iframe</p>';
+
+ test('WaitForFramesLoad', () {
+ var sub1 = null;
+ var sub2 = null;
+ var frameLoaded1 = expectAsync((Event e) { sub1.cancel(); });
+ var frameLoaded2 = expectAsync((Event e) { sub2.cancel(); });
+ sub1 = sameOriginIFrame.onLoad.listen(frameLoaded1);
+ document.body.nodes.add(sameOriginIFrame);
+ sub2 = crossOriginIFrame.onLoad.listen(frameLoaded2);
+ document.body.nodes.add(crossOriginIFrame);
+ });
+
+ test('Window', () {
+ testWindow(sameOriginIFrame.contentWindow);
+ testWindow(crossOriginIFrame.contentWindow);
+ });
+
+ test('History', () {
+ testHistory(sameOriginIFrame.contentWindow.history);
+ testHistory(crossOriginIFrame.contentWindow.history);
+ });
+
+ test('Location', () {
+ testLocation(sameOriginIFrame.contentWindow.location);
+ testLocation(crossOriginIFrame.contentWindow.location);
+ });
+
+ test('IFrameElement', () {
+ testIFrameElement(sameOriginIFrame);
+ testIFrameElement(crossOriginIFrame);
+ });
+}
+
+testWindow(WindowBase targetWindow) {
+ // Not allowed methods.
+ expect(() => targetWindow.alert('test'), throws);
+ expect(() => targetWindow.onLoad.listen((Event e) {}), throws);
+ expect(() =>
+ targetWindow.find('test', true, true, true, true, true, true), throws);
+
+ // Not allowed properties.
+ expect(() => targetWindow.contentDocument, throws);
+ expect(() => targetWindow.frameElement, throws);
+ expect(() => targetWindow.localStorage, throws);
+ expect(() => targetWindow.console, throws);
+
+ // Allowed methods.
+ targetWindow.close();
+
+ // Allowed properties.
+ expect(targetWindow.location, isNotNull);
+ expect(targetWindow.history, isNotNull);
+ expect(targetWindow.parent, isNotNull);
+}
+
+testHistory(HistoryBase history) {
+ // Not allowed properties.
+ expect(() => history.length, throws);
+
+ // Not allowed methods.
+ window.history.pushState('test', 'test', 'test');
+ expect(() => history.pushState('test', 'test', 'test'), throws);
+ window.history.replaceState('test', 'test', 'test');
+ expect(() => history.replaceState('test', 'test', 'test'), throws);
+
+ // Allowed method.
+ history.back();
+ history.forward();
+ history.go(-1);
+}
+
+testLocation(LocationBase location) {
+ // Not allowed properties.
+ expect(() => location.href, throws);
+ expect(() => location.protocol, throws);
+ expect(() => location.host = 'test', throws);
+ expect(() => location.origin, throws);
+
+ // Not allowed methods.
+ expect(() => location.assign('http://www.webkit.org'), throws);
+ expect(() => location.reload(), throws);
+ expect(() => location.getParameter('test'), throws);
+
+ // Allowed properties.
+ var subscription = null;
+ subscription = window.onMessage.listen(expectAsync((Event e) {
+ subscription.cancel();
+ expect(e.data, equals('navigated'));
+ Timer.run(expectAsync((){}));
+ }));
+ location.href = 'data:text/html, <script>parent.postMessage("navigated", "*")<${"/script>"}';
+}
+
+testIFrameElement(IFrameElement iframe) {
+ expect(() => iframe.contentDocument, throws);
+ expect(() => iframe.getSVGDocument(), throws);
+}
+</script>
+
+</body>
+</html>
« no previous file with comments | « LayoutTests/dart/script-onerror-expected.txt ('k') | LayoutTests/dart/security/cross-frame-access-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698