third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html - Issue 2092293002: Block framebusts without a user gesture

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html

Issue 2092293002: Block framebusts without a user gesture (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: better flag description Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <html>	1 <html>

2 <head>	2 <head>

3 <style>	3 <style>

4 iframe { width: 400px; height: 200px;}	4 iframe { width: 400px; height: 200px;}

5 </style>	5 </style>

6 <script>	6 <script>

7 if (window.testRunner) {	7 if (window.testRunner) {

8 testRunner.dumpAsText();	8 testRunner.dumpAsText();

9 testRunner.waitUntilDone();	9 testRunner.waitUntilDone();

10 }	10 }

11	11

12 function loaded()	12 function loaded()

13 {	13 {

14 document.getElementsByTagName('h4')[0].innerHTML = document.domain;	14 document.getElementsByTagName('h4')[0].innerHTML = document.domain;

	15 var iframe = document.getElementById("i");

	16 // The iframe uses eventSender to emulate a user navigatation, which requires absolute coordinates.

	17 // Because the iframe is cross-origin, it can't get the offsets itse lf, so leak them.

	18 frames[0].postMessage({x: iframe.offsetLeft, y: iframe.offsetTop}, " *");

15 }	19 }

16 </script>	20 </script>

17 </head>	21 </head>

18 <body onload="loaded();">	22 <body onload="loaded();">

19 <p>This tests that documents can navigate the location of any of it's parent -frames regardless of domain.</p>	23 <p>This tests that documents can navigate the location of any of it's parent -frames regardless of domain, if a

	24 user gesture is present.</p>

20 <h4>DOMAIN</h4>	25 <h4>DOMAIN</h4>

21 <iframe src="http://localhost:8000/security/frameNavigation/resources/iframe -that-performs-parent-navigation.html"></iframe>	26 <iframe id="i" src="http://localhost:8000/security/frameNavigation/resources /iframe-that-performs-parent-navigation.html"></iframe>

22 </body>	27 </body>

23 </html>	28 </html>

OLD	NEW