| OLD | NEW |
|---|
| 1 <!doctype html> | 1 <!doctype html> |
| 2 <html> | 2 <html> |
| 3 <head> | 3 <head> |
| 4 <script> | 4 <script> |
| 5 if (window.testRunner) { | 5 if (window.testRunner) { |
| 6 testRunner.dumpAsText(); | 6 testRunner.dumpAsText(); |
| 7 testRunner.dumpChildFramesAsText(); | 7 testRunner.dumpChildFramesAsText(); |
| 8 } | 8 } |
| 9 | 9 |
| 10 function test() { | 10 function test() { |
| 11 var test = document.getElementById('testframe'); | 11 var test = document.getElementById('testframe'); |
| 12 var location = test.contentWindow.location.href; | 12 try { |
| 13 var location = test.contentWindow.location.href; |
| 14 } catch (e) { |
| 15 alert("PASS: Cross-origin access to the Location object threw an
exception."); |
| 16 } |
| 13 } | 17 } |
| 14 </script> | 18 </script> |
| 15 </head> | 19 </head> |
| 16 | 20 |
| 17 <body> | 21 <body> |
| 18 <p>Sandboxing a frame puts it into a unique origin by default, which the | 22 <p>Sandboxing a frame puts it into a unique origin by default, which the |
| 19 containing document shouldn't have script access to. This test passes if a | 23 containing document shouldn't have script access to. This test passes if an |
| 20 console warning is generated, noting the access violation.</p> | 24 exception is thrown upon the access violation.</p> |
| 21 | 25 |
| 22 <iframe src="resources/blank.html" id="testframe" sandbox onload="test();"><
/iframe> | 26 <iframe src="resources/blank.html" id="testframe" sandbox onload="test();"><
/iframe> |
| 23 </body> | 27 </body> |
| 24 </html> | 28 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19095003:
Throw 'SecurityError' upon cross-origin Location access. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk