Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(272)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/plugins/resources/cross-frame-object-access.html

Issue 19095003: Throw 'SecurityError' upon cross-origin Location access. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: rebaseline. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/plugins/cross-frame-object-access-expected.txt ('k') | LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny.html » ('j') | Source/bindings/v8/V8Initializer.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script> 3 <script>
4 function debug(str) { 4 function debug(str) {
5 var li = document.createElement('li'); 5 var li = document.createElement('li');
6 li.appendChild(document.createTextNode(str)); 6 li.appendChild(document.createTextNode(str));
7 document.getElementById('console').appendChild(li) 7 document.getElementById('console').appendChild(li)
8 } 8 }
9 9
10 function checkLocationObject(l) 10 function checkLocationObject(l)
11 { 11 {
12 if (!l) { 12 if (!l) {
13 debug('could not access top.location'); 13 debug('could not access top.location');
14 return false; 14 return false;
15 } 15 }
16 16
17 if (l.href) { 17 try {
18 debug('could access top.location.href'); 18 if (l.href) {
19 return false; 19 debug('could access top.location.href');
20 return false;
21 }
22 } catch (e) {
23 return true;
20 } 24 }
21
22 return true; 25 return true;
23 } 26 }
24 27
25 function runTest() { 28 function runTest() {
26 var numErrors = 0; 29 var numErrors = 0;
27 30
28 // Try accessing childFrame.location using NPN_Evaluate 31 // Try accessing childFrame.location using NPN_Evaluate
29 var l = document.plugin.testEvaluate('top.location') 32 var l = document.plugin.testEvaluate('top.location')
30 if (!checkLocationObject(l)) 33 if (!checkLocationObject(l))
31 numErrors++; 34 numErrors++;
32 35
33 // Try getting childFrame.location.href using NPN_Evaluate 36 // Try getting childFrame.location.href using NPN_Evaluate
34 var href = document.plugin.testEvaluate('top.location.href'); 37 try {
38 var href = document.plugin.testEvaluate('top.location.href');
39 } catch (e) {}
35 if (href) { 40 if (href) {
36 debug("could access top.location.href") 41 debug("could access top.location.href")
37 numErrors++; 42 numErrors++;
38 } 43 }
39 44
40 // Try accessing childFrame.location using NPN_GetProperty 45 // Try accessing childFrame.location using NPN_GetProperty
41 var l = document.plugin.testGetProperty('top', 'location'); 46 var l = document.plugin.testGetProperty('top', 'location');
42 if (!checkLocationObject(l)) 47 if (!checkLocationObject(l))
43 numErrors++; 48 numErrors++;
44 49
45 var href = document.plugin.testGetProperty('top', 'location', 'href'); 50 try {
51 var href = document.plugin.testGetProperty('top', 'location', 'href');
52 } catch (e) {}
46 if (href) { 53 if (href) {
47 debug("could access top.location.href") 54 debug("could access top.location.href")
48 numErrors++; 55 numErrors++;
49 } 56 }
50 57
51 // Try accessing top.document using NPN_EVALUATE 58 // Try accessing top.document using NPN_EVALUATE
52 var l = document.plugin.testEvaluate('top.document') 59 var l = document.plugin.testEvaluate('top.document')
53 if (l) { 60 if (l) {
54 debug('could access top.document'); 61 debug('could access top.document');
55 numErrors++; 62 numErrors++;
56 } 63 }
57 64
58 // Try accessing top.document using NPN_GetProperty 65 // Try accessing top.document using NPN_GetProperty
59 var l = document.plugin.testGetProperty('top', 'document') 66 var l = document.plugin.testGetProperty('top', 'document')
60 if (l) { 67 if (l) {
61 debug('could access top.document'); 68 debug('could access top.document');
62 numErrors++; 69 numErrors++;
63 } 70 }
64 71
65 if (numErrors == 0) 72 if (numErrors == 0)
66 document.getElementById('result').innerHTML = 'SUCCESS'; 73 document.getElementById('result').innerHTML = 'SUCCESS';
67 } 74 }
68 75
69 </script> 76 </script>
70 </head> 77 </head>
71 <body onload="runTest()"> 78 <body onload="runTest()">
72 <embed name="plugin" type="application/x-webkit-test-netscape"></embed> 79 <embed name="plugin" type="application/x-webkit-test-netscape"></embed>
73 <div>This tests that plug-ins can access objects in other frames as allowed by t he security model enforced in WebCore.</div> 80 <div>This tests that plug-ins can access objects in other frames as allowed by t he security model enforced in WebCore.</div>
74 <ul id="console"> 81 <ul id="console">
75 </ul> 82 </ul>
76 <div id="result">FAILURE</div> 83 <div id="result">FAILURE</div>
77 </body> 84 </body>
78 </html> 85 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/plugins/cross-frame-object-access-expected.txt ('k') | LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny.html » ('j') | Source/bindings/v8/V8Initializer.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698