Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(401)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/cross-frame-access-enumeration.html

Issue 19095003: Throw 'SecurityError' upon cross-origin Location access. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: rebaseline. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt » ('j') | Source/bindings/v8/V8Initializer.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="resources/cross-frame-access.js"></script> 3 <script src="resources/cross-frame-access.js"></script>
4 <script> 4 <script>
5 window.onload = function() 5 window.onload = function()
6 { 6 {
7 if (window.testRunner) { 7 if (window.testRunner) {
8 testRunner.dumpAsText(); 8 testRunner.dumpAsText();
9 testRunner.waitUntilDone(); 9 testRunner.waitUntilDone();
10 } 10 }
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 61
62 // Test enumerating the Location object 62 // Test enumerating the Location object
63 var b_win_location = b_win.location; 63 var b_win_location = b_win.location;
64 try { 64 try {
65 for (var k in b_win_location) { 65 for (var k in b_win_location) {
66 if (k == "customLocationProperty") { 66 if (k == "customLocationProperty") {
67 log("FAIL: Cross frame access by enumerating the Locatio n object was allowed."); 67 log("FAIL: Cross frame access by enumerating the Locatio n object was allowed.");
68 return; 68 return;
69 } 69 }
70 } 70 }
71 log("FAIL: Cross frame access to Location object didn't throw an exception.");
71 } catch (e) { 72 } catch (e) {
73 log("PASS: Cross frame access by enumerating the Location object was denied.");
72 } 74 }
73 log("PASS: Cross frame access by enumerating the Location object was denied.");
74 75
75 var b_winLocationKeys = Object.keys(b_win_location); 76 try {
76 if (b_winLocationKeys.indexOf("customLocationProperty") != -1) { 77 var b_winLocationKeys = Object.keys(b_win_location);
77 log("FAIL: Cross frame access by getting the keys of the Locatio n object was allowed."); 78 log("FAIL: Cross frame access to Location object didn't throw an exception.");
78 return; 79 if (b_winLocationKeys.indexOf("customLocationProperty") != -1) {
80 log("FAIL: Cross frame access by getting the keys of the Loc ation object was allowed.");
81 return;
82 }
83 } catch (e) {
84 log("PASS: Cross frame access by getting the keys of the Locatio n object was denied.");
79 } 85 }
80 log("PASS: Cross frame access by getting the keys of the Location ob ject was denied.");
81 86
82 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_win_lo cation); 87 try {
83 if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) { 88 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_wi n_location);
84 log("FAIL: Cross frame access by getting the property names of t he Location object was allowed."); 89 log("FAIL: Cross frame access to Location object didn't throw an exception.");
85 return; 90 if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) {
91 log("FAIL: Cross frame access by getting the property names of the Location object was allowed.");
92 return;
93 }
94 } catch (e) {
95 log("PASS: Cross frame access by getting the keys of the Locatio n object was denied.");
86 } 96 }
87 log("PASS: Cross frame access by getting the property names of the L ocation object was denied."); 97 log("PASS: Cross frame access by getting the property names of the L ocation object was denied.");
88 } 98 }
89 </script> 99 </script>
90 </head> 100 </head>
91 <body> 101 <body>
92 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p> 102 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p>
93 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe> 103 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe>
94 <pre id="console"></pre> 104 <pre id="console"></pre>
95 </body> 105 </body>
96 </html> 106 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt » ('j') | Source/bindings/v8/V8Initializer.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698