LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js - Issue 19095003: Throw 'SecurityError' upon cross-origin Location access. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(99)

My Issues | Starred Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js

Issue 19095003: Throw 'SecurityError' upon cross-origin Location access. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: rebaseline. Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt » ('j') | Source/bindings/v8/V8Initializer.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 if (window.testRunner) {	1 if (window.testRunner) {

2 testRunner.dumpAsText();	2 testRunner.dumpAsText();

3 testRunner.setXSSAuditorEnabled(true);	3 testRunner.setXSSAuditorEnabled(true);

4 testRunner.waitUntilDone();	4 testRunner.waitUntilDone();

5 }	5 }

6	6

7 function testMixedHeader(csp, xssProtection) {	7 function testMixedHeader(csp, xssProtection) {

8 var params = [	8 var params = [

9 'q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<' + '/script>'	9 'q=<script>alert(String.fromCharCode(0x58,0x53,0x53))<' + '/script>'

10 ];	10 ];

(...skipping 12 matching lines...) Expand all Loading...
23 var url = '/security/xssAuditor/resources/echo-intertag.pl?';	23 var url = '/security/xssAuditor/resources/echo-intertag.pl?';

24 url += params.join('&');	24 url += params.join('&');

25	25

26 document.write('<p>Testing behavior when "reflected-xss" is set to ' + csp + ', and "X-XSS-Protection" is set to ' + xssProtection + '.');	26 document.write('<p>Testing behavior when "reflected-xss" is set to ' + csp + ', and "X-XSS-Protection" is set to ' + xssProtection + '.');

27 document.write('<iframe src="' + url + '"></iframe>');	27 document.write('<iframe src="' + url + '"></iframe>');

28 }	28 }

29	29

30 function frameLoaded() {	30 function frameLoaded() {

31 var frame = document.querySelector('iframe');	31 var frame = document.querySelector('iframe');

32 try {	32 try {

33 alert('Loaded ' + frame.contentWindow.location + ' into the IFrame.');	33 alert('Loaded ' + frame.contentWindow.location.href + ' into the IFrame.') ;

34 } catch (e) {	34 } catch (e) {

35 alert('Loaded cross-origin frame.');	35 alert('Loaded cross-origin frame.');

36 }	36 }

37 testRunner.notifyDone();	37 testRunner.notifyDone();

38 }	38 }

39	39

40 window.onload = frameLoaded;	40 window.onload = frameLoaded;

OLD	NEW

« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt » ('j') | Source/bindings/v8/V8Initializer.cpp » ('J')

Powered by Google App Engine

This is Rietveld 408576698