Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-user-gesture-in-parent.html

Issue 2392773002: Reenable framebusting deprecation, change it to allow navigation if iframe has ever had a user gestu (Closed)
Patch Set: Rebase Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-user-gesture-in-parent.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html b/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-user-gesture-in-parent.html
similarity index 62%
copy from third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html
copy to third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-user-gesture-in-parent.html
index a2cdc9496450a459d055e4355f2145b35765ef50..c661318f3f28d53bb46cb3040828871de6d98e09 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-user-gesture-in-parent.html
@@ -1,16 +1,19 @@
<html>
-<head>
+<body>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFramesAsText();
testRunner.setDumpConsoleMessages(false);
}
-if (window.internals)
- internals.runtimeFlags.setFramebustingNeedsSameOriginOrUserGesture(true);
+
+// Ensure a user gesture happened in the main frame, but not in the iframe.
+if (window.eventSender) {
+ eventSender.mouseMoveTo(0, 0);
+ eventSender.mouseDown(0, 0);
+ eventSender.mouseUp(0, 0);
+}
</script>
-</head>
-<body>
<iframe src="http://localhost:8000/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html"></iframe>
</body>
</html>

Powered by Google App Engine
This is Rietveld 408576698