Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(174)

Side by Side Diff: LayoutTests/http/tests/plugins/resources/cross-frame-object-access.html

Issue 19095003: Throw 'SecurityError' upon cross-origin Location access. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script> 3 <script>
4 function debug(str) { 4 function debug(str) {
5 var li = document.createElement('li'); 5 var li = document.createElement('li');
6 li.appendChild(document.createTextNode(str)); 6 li.appendChild(document.createTextNode(str));
7 document.getElementById('console').appendChild(li) 7 document.getElementById('console').appendChild(li)
8 } 8 }
9 9
10 function checkLocationObject(l) 10 function checkLocationObject(l)
11 { 11 {
12 if (!l) { 12 if (!l) {
13 debug('could not access top.location'); 13 debug('could not access top.location');
14 return false; 14 return false;
15 } 15 }
16 16
17 if (l.href) { 17 try {
18 debug('could access top.location.href'); 18 if (l.href) {
19 return false; 19 debug('could access top.location.href');
20 return false;
21 }
22 } catch (e) {
23 return true;
20 } 24 }
21
22 return true; 25 return true;
23 } 26 }
24 27
25 function runTest() { 28 function runTest() {
26 var numErrors = 0; 29 var numErrors = 0;
27 30
28 // Try accessing childFrame.location using NPN_Evaluate 31 // Try accessing childFrame.location using NPN_Evaluate
29 var l = document.plugin.testEvaluate('top.location') 32 var l = document.plugin.testEvaluate('top.location')
30 if (!checkLocationObject(l)) 33 if (!checkLocationObject(l))
31 numErrors++; 34 numErrors++;
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
69 </script> 72 </script>
70 </head> 73 </head>
71 <body onload="runTest()"> 74 <body onload="runTest()">
72 <embed name="plugin" type="application/x-webkit-test-netscape"></embed> 75 <embed name="plugin" type="application/x-webkit-test-netscape"></embed>
73 <div>This tests that plug-ins can access objects in other frames as allowed by t he security model enforced in WebCore.</div> 76 <div>This tests that plug-ins can access objects in other frames as allowed by t he security model enforced in WebCore.</div>
74 <ul id="console"> 77 <ul id="console">
75 </ul> 78 </ul>
76 <div id="result">FAILURE</div> 79 <div id="result">FAILURE</div>
77 </body> 80 </body>
78 </html> 81 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698