OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <title>Validate that a frame can't change it's document.domain and enter the sub
origin</title> | 4 <title>Validate that a frame can't change it's document.domain and enter the sub
origin</title> |
5 <script src="/resources/testharness.js"></script> | 5 <script src="/resources/testharness.js"></script> |
6 <script src="/resources/testharnessreport.js"></script> | 6 <script src="/resources/testharnessreport.js"></script> |
7 </head> | 7 </head> |
8 <script> | 8 <script> |
9 document.domain = '127.0.0.1'; | 9 document.domain = '127.0.0.1'; |
10 window.secret = 'Unchanged'; | 10 window.secret = 'Unchanged'; |
11 window.onmessage = function(event) { | 11 window.onmessage = function(event) { |
12 assert_equals(secret, 'Unchanged', 'secret should not be touchable by the ch
ild in a suborigin.'); | 12 assert_equals(secret, 'Unchanged', 'secret should not be touchable by the ch
ild in a suborigin.'); |
13 assert_equals(event.data, 'SecurityError: Blocked a frame with origin \"http
://foobar_127.0.0.1:8000\" from accessing a cross-origin frame.'); | 13 assert_equals(event.data, 'SecurityError: Blocked a frame with origin \"http
-so://foobar.127.0.0.1:8000\" from accessing a cross-origin frame.'); |
14 done(); | 14 done(); |
15 }; | 15 }; |
16 </script> | 16 </script> |
17 <iframe src="resources/child-changes-document-domain.php?suborigin=foobar"></ifr
ame> | 17 <iframe src="resources/child-changes-document-domain.php?suborigin=foobar"></ifr
ame> |
18 </html> | 18 </html> |
OLD | NEW |