Index: third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html b/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html |
index 3cd0b9e804b307c488b72cc17b1ce4f4e78351cf..7d9de1fc51cf9307ba2d500ed5d2e3405f61bee5 100644 |
--- a/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html |
@@ -12,12 +12,17 @@ |
function loaded() |
{ |
document.getElementsByTagName('h4')[0].innerHTML = document.domain; |
+ var iframe = document.getElementById("i"); |
+ // The iframe uses eventSender to emulate a user navigatation, which requires absolute coordinates. |
+ // Because the iframe is cross-origin, it can't get the offsets itself, so leak them. |
+ frames[0].postMessage({x: iframe.offsetLeft, y: iframe.offsetTop}, "*"); |
} |
</script> |
</head> |
<body onload="loaded();"> |
- <p>This tests that documents can navigate the location of any of it's parent-frames regardless of domain.</p> |
+ <p>This tests that documents can navigate the location of any of it's parent-frames regardless of domain, if a |
+ user gesture is present.</p> |
<h4>DOMAIN</h4> |
- <iframe src="http://localhost:8000/security/frameNavigation/resources/iframe-that-performs-parent-navigation.html"></iframe> |
+ <iframe id="i" src="http://localhost:8000/security/frameNavigation/resources/iframe-that-performs-parent-navigation.html"></iframe> |
</body> |
</html> |