Index: LayoutTests/dart/security/cross-frame-access.html |
diff --git a/LayoutTests/dart/security/cross-frame-access.html b/LayoutTests/dart/security/cross-frame-access.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..482d8eebf59f5e4a5f080e85bbe62b168a068f63 |
--- /dev/null |
+++ b/LayoutTests/dart/security/cross-frame-access.html |
@@ -0,0 +1,118 @@ |
+<html> |
+<body> |
+<script type='application/javascript' src='../../../../../dart/pkg/unittest/lib/test_controller.js'></script> |
+<script type=application/dart> |
+import 'package:unittest/unittest.dart'; |
+import 'package:unittest/html_config.dart'; |
+import 'dart:async'; |
+import 'dart:html'; |
+ |
+main() { |
+ useHtmlConfiguration(true); |
+ |
+ final sameOriginIFrame = new Element.tag('iframe'); |
+ sameOriginIFrame.src = 'resources/cross-frame-access-iframe.html'; |
+ |
+ final crossOriginIFrame = new Element.tag('iframe'); |
+ crossOriginIFrame.src = 'data:text/html, <p>test iframe</p>'; |
+ |
+ test('WaitForFramesLoad', () { |
+ var sub1 = null; |
+ var sub2 = null; |
+ var frameLoaded1 = expectAsync((Event e) { sub1.cancel(); }); |
+ var frameLoaded2 = expectAsync((Event e) { sub2.cancel(); }); |
+ sub1 = sameOriginIFrame.onLoad.listen(frameLoaded1); |
+ document.body.nodes.add(sameOriginIFrame); |
+ sub2 = crossOriginIFrame.onLoad.listen(frameLoaded2); |
+ document.body.nodes.add(crossOriginIFrame); |
+ }); |
+ |
+ test('Window', () { |
+ testWindow(sameOriginIFrame.contentWindow); |
+ testWindow(crossOriginIFrame.contentWindow); |
+ }); |
+ |
+ test('History', () { |
+ testHistory(sameOriginIFrame.contentWindow.history); |
+ testHistory(crossOriginIFrame.contentWindow.history); |
+ }); |
+ |
+ test('Location', () { |
+ testLocation(sameOriginIFrame.contentWindow.location); |
+ testLocation(crossOriginIFrame.contentWindow.location); |
+ }); |
+ |
+ test('IFrameElement', () { |
+ testIFrameElement(sameOriginIFrame); |
+ testIFrameElement(crossOriginIFrame); |
+ }); |
+} |
+ |
+testWindow(WindowBase targetWindow) { |
+ // Not allowed methods. |
+ expect(() => targetWindow.alert('test'), throws); |
+ expect(() => targetWindow.onLoad.listen((Event e) {}), throws); |
+ expect(() => |
+ targetWindow.find('test', true, true, true, true, true, true), throws); |
+ |
+ // Not allowed properties. |
+ expect(() => targetWindow.contentDocument, throws); |
+ expect(() => targetWindow.frameElement, throws); |
+ expect(() => targetWindow.localStorage, throws); |
+ expect(() => targetWindow.console, throws); |
+ |
+ // Allowed methods. |
+ targetWindow.close(); |
+ |
+ // Allowed properties. |
+ expect(targetWindow.location, isNotNull); |
+ expect(targetWindow.history, isNotNull); |
+ expect(targetWindow.parent, isNotNull); |
+} |
+ |
+testHistory(HistoryBase history) { |
+ // Not allowed properties. |
+ expect(() => history.length, throws); |
+ |
+ // Not allowed methods. |
+ window.history.pushState('test', 'test', 'test'); |
+ expect(() => history.pushState('test', 'test', 'test'), throws); |
+ window.history.replaceState('test', 'test', 'test'); |
+ expect(() => history.replaceState('test', 'test', 'test'), throws); |
+ |
+ // Allowed method. |
+ history.back(); |
+ history.forward(); |
+ history.go(-1); |
+} |
+ |
+testLocation(LocationBase location) { |
+ // Not allowed properties. |
+ expect(() => location.href, throws); |
+ expect(() => location.protocol, throws); |
+ expect(() => location.host = 'test', throws); |
+ expect(() => location.origin, throws); |
+ |
+ // Not allowed methods. |
+ expect(() => location.assign('http://www.webkit.org'), throws); |
+ expect(() => location.reload(), throws); |
+ expect(() => location.getParameter('test'), throws); |
+ |
+ // Allowed properties. |
+ var subscription = null; |
+ subscription = window.onMessage.listen(expectAsync((Event e) { |
+ subscription.cancel(); |
+ expect(e.data, equals('navigated')); |
+ Timer.run(expectAsync((){})); |
+ })); |
+ location.href = 'data:text/html, <script>parent.postMessage("navigated", "*")<${"/script>"}'; |
+} |
+ |
+testIFrameElement(IFrameElement iframe) { |
+ expect(() => iframe.contentDocument, throws); |
+ expect(() => iframe.getSVGDocument(), throws); |
+} |
+</script> |
+ |
+</body> |
+</html> |