Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Side by Side Diff: LayoutTests/http/tests/security/xssAuditor/block-does-not-leak-location.html

Issue 19095003: Throw 'SecurityError' upon cross-origin Location access. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: rebaseline. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <script src="/resources/js-test-pre.js"></script> 4 <script src="/resources/js-test-pre.js"></script>
5 <script> 5 <script>
6 if (window.testRunner) 6 if (window.testRunner)
7 testRunner.setXSSAuditorEnabled(true); 7 testRunner.setXSSAuditorEnabled(true);
8 8
9 window.jsTestIsAsync = true; 9 window.jsTestIsAsync = true;
10 10
11 function checkFrames() { 11 function checkFrames() {
12 shouldBeNull('xssed.contentDocument'); 12 shouldBeNull('xssed.contentDocument');
13 shouldBe('xssed.contentDocument', 'crossorigin.contentDocument'); 13 shouldBe('xssed.contentDocument', 'crossorigin.contentDocument');
14 shouldBeUndefined('xssed.contentWindow.location.href'); 14 shouldThrow('xssed.contentWindow.location.href');
15 shouldBe('xssed.contentWindow.location.href', 'crossorigin.contentWi ndow.location.href');
16 finishJSTest(); 15 finishJSTest();
17 } 16 }
18 17
19 var xssed; 18 var xssed;
20 var crossorigin; 19 var crossorigin;
21 window.onload = function () { 20 window.onload = function () {
22 xssed = document.getElementById('xssed'); 21 xssed = document.getElementById('xssed');
23 crossorigin = document.getElementById('crossorigin'); 22 crossorigin = document.getElementById('crossorigin');
24 xssed.onload = checkFrames; 23 xssed.onload = checkFrames;
25 xssed.src = 'http://localhost:8000/security/xssAuditor/resources/ech o-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53, 0x53));<' + '/script>'; 24 xssed.src = 'http://localhost:8000/security/xssAuditor/resources/ech o-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53, 0x53));<' + '/script>';
26 }; 25 };
27 </script> 26 </script>
28 <script src='/resources/js-test-post.js'></script> 27 <script src='/resources/js-test-post.js'></script>
29 </head> 28 </head>
30 <body> 29 <body>
31 <iframe id='xssed'></iframe> 30 <iframe id='xssed'></iframe>
32 <iframe id='crossorigin' src='http://localhost:8000/security/resources/innoc ent-victim.html'></iframe> 31 <iframe id='crossorigin' src='http://localhost:8000/security/resources/innoc ent-victim.html'></iframe>
33 </body> 32 </body>
34 </html> 33 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698