OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="/resources/js-test-pre.js"></script> | 4 <script src="/resources/js-test-pre.js"></script> |
5 <script> | 5 <script> |
6 if (window.testRunner) | 6 if (window.testRunner) |
7 testRunner.setXSSAuditorEnabled(true); | 7 testRunner.setXSSAuditorEnabled(true); |
8 | 8 |
9 window.jsTestIsAsync = true; | 9 window.jsTestIsAsync = true; |
10 | 10 |
11 function checkFrames() { | 11 function checkFrames() { |
12 shouldBeNull('xssed.contentDocument'); | 12 shouldBeNull('xssed.contentDocument'); |
13 shouldBe('xssed.contentDocument', 'crossorigin.contentDocument'); | 13 shouldBe('xssed.contentDocument', 'crossorigin.contentDocument'); |
14 shouldBeUndefined('xssed.contentWindow.location.href'); | 14 shouldThrow('xssed.contentWindow.location.href'); |
15 shouldBe('xssed.contentWindow.location.href', 'crossorigin.contentWi
ndow.location.href'); | |
16 finishJSTest(); | 15 finishJSTest(); |
17 } | 16 } |
18 | 17 |
19 var xssed; | 18 var xssed; |
20 var crossorigin; | 19 var crossorigin; |
21 window.onload = function () { | 20 window.onload = function () { |
22 xssed = document.getElementById('xssed'); | 21 xssed = document.getElementById('xssed'); |
23 crossorigin = document.getElementById('crossorigin'); | 22 crossorigin = document.getElementById('crossorigin'); |
24 xssed.onload = checkFrames; | 23 xssed.onload = checkFrames; |
25 xssed.src = 'http://localhost:8000/security/xssAuditor/resources/ech
o-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,
0x53));<' + '/script>'; | 24 xssed.src = 'http://localhost:8000/security/xssAuditor/resources/ech
o-intertag.pl?enable-full-block=1&q=<script>alert(String.fromCharCode(0x58,0x53,
0x53));<' + '/script>'; |
26 }; | 25 }; |
27 </script> | 26 </script> |
28 <script src='/resources/js-test-post.js'></script> | 27 <script src='/resources/js-test-post.js'></script> |
29 </head> | 28 </head> |
30 <body> | 29 <body> |
31 <iframe id='xssed'></iframe> | 30 <iframe id='xssed'></iframe> |
32 <iframe id='crossorigin' src='http://localhost:8000/security/resources/innoc
ent-victim.html'></iframe> | 31 <iframe id='crossorigin' src='http://localhost:8000/security/resources/innoc
ent-victim.html'></iframe> |
33 </body> | 32 </body> |
34 </html> | 33 </html> |
OLD | NEW |