third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change-async.html - Issue 2392773002: Reenable framebusting deprecation, change it to allow navigation if iframe has ever had a user gestu

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change-async.html

Issue 2392773002: Reenable framebusting deprecation, change it to allow navigation if iframe has ever had a user gestu (Closed)

Patch Set: Rebase Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/resources/iframe-that-performs-parent-navigation-async.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change-async-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <html>	1 <html>

2 <head>	2 <head>

3 <style>	3 <style>

4 iframe { width: 400px; height: 200px;}	4 iframe { width: 400px; height: 200px;}

5 </style>	5 </style>

6 <script>	6 <script>

7 if (window.testRunner) {	7 if (window.testRunner) {

8 testRunner.dumpAsText();	8 testRunner.dumpAsText();

9 testRunner.waitUntilDone();	9 testRunner.waitUntilDone();

10 }	10 }

11	11

12 function loaded()	12 function loaded()

13 {	13 {

14 document.getElementsByTagName('h4')[0].innerHTML = document.domain;	14 document.getElementsByTagName('h4')[0].innerHTML = document.domain;

15 var iframe = document.getElementById("i");	15 var iframe = document.getElementById("i");

16 // The iframe uses eventSender to emulate a user navigatation, which requires absolute coordinates.	16 // The iframe uses eventSender to emulate a user navigatation, which requires absolute coordinates.

17 // Because the iframe is cross-origin, it can't get the offsets itse lf, so leak them.	17 // Because the iframe is cross-origin, it can't get the offsets itse lf, so leak them.

18 frames[0].postMessage({x: iframe.offsetLeft, y: iframe.offsetTop}, " *");	18 frames[0].postMessage({x: iframe.offsetLeft, y: iframe.offsetTop}, " *");

19 }	19 }

20 </script>	20 </script>

21 </head>	21 </head>

22 <body onload="loaded();">	22 <body onload="loaded();">

23 <p>This tests that documents can navigate the location of any of it's parent -frames regardless of domain, if a	23 <p>This tests that documents can navigate the location of any of it's parent -frames regardless of domain, if a

24 user gesture is present.</p>	24 user gesture is present.</p>

25 <h4>DOMAIN</h4>	25 <h4>DOMAIN</h4>

26 <iframe id="i" src="http://localhost:8000/security/frameNavigation/resources /iframe-that-performs-parent-navigation.html"></iframe>	26 <iframe id="i" src="http://localhost:8000/security/frameNavigation/resources /iframe-that-performs-parent-navigation-async.html"></iframe>

27 </body>	27 </body>

28 </html>	28 </html>

OLD	NEW