OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <meta charset="utf-8"> |
| 3 <title>HTML Test: Window Security</title> |
| 4 <link rel="author" title="Intel" href="http://www.intel.com/" /> |
| 5 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/browsers
.html#the-window-object" /> |
| 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/timers.h
tml#timers" /> |
| 7 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/webappap
is.html#atob" /> |
| 8 <link rel="help" href="https://html.spec.whatwg.org/multipage/#windowsessionstor
age" /> |
| 9 <link rel="help" href="https://html.spec.whatwg.org/multipage/#windowlocalstorag
e" /> |
| 10 <link rel="help" href="https://html.spec.whatwg.org/multipage/multipage/browsers
.html#window" /> |
| 11 <link rel="help" href="http://dev.w3.org/csswg/cssom/#extensions-to-the-window-i
nterface" /> |
| 12 <link rel="help" href="http://dev.w3.org/csswg/cssom-view/#extensions-to-the-win
dow-interface" /> |
| 13 <script src="/resources/testharness.js"></script> |
| 14 <script src="/resources/testharnessreport.js"></script> |
| 15 <script src="/common/get-host-info.sub.js"></script> |
| 16 <div id="log"></div> |
| 17 <script> |
| 18 var t = async_test("Window Security testing"); |
| 19 |
| 20 function fr_load() { |
| 21 fr = document.getElementById("fr"); |
| 22 |
| 23 t.step(function () { |
| 24 //SecurityError should be thrown |
| 25 [ |
| 26 //attributes |
| 27 {name: "applicationCache"}, |
| 28 {name: "devicePixelRatio"}, |
| 29 {name: "document"}, |
| 30 {name: "external"}, |
| 31 {name: "frameElement"}, |
| 32 {name: "history"}, |
| 33 {name: "innerWidth"}, |
| 34 {name: "innerHeight"}, |
| 35 {name: "locationbar"}, |
| 36 {name: "localStorage"}, |
| 37 {name: "menubar"}, |
| 38 {name: "name"}, |
| 39 {name: "navigator"}, |
| 40 {name: "onabort"}, |
| 41 {name: "onafterprint"}, |
| 42 {name: "onbeforeprint"}, |
| 43 {name: "onbeforeunload"}, |
| 44 {name: "onblur"}, |
| 45 {name: "oncancel"}, |
| 46 {name: "oncanplay"}, |
| 47 {name: "oncanplaythrough"}, |
| 48 {name: "onchange"}, |
| 49 {name: "onclick"}, |
| 50 {name: "onclose"}, |
| 51 {name: "oncontextmenu"}, |
| 52 {name: "oncuechange"}, |
| 53 {name: "ondblclick"}, |
| 54 {name: "ondrag"}, |
| 55 {name: "ondragend"}, |
| 56 {name: "ondragenter"}, |
| 57 {name: "ondragleave"}, |
| 58 {name: "ondragover"}, |
| 59 {name: "ondragstart"}, |
| 60 {name: "ondrop"}, |
| 61 {name: "ondurationchange"}, |
| 62 {name: "onemptied"}, |
| 63 {name: "onended"}, |
| 64 {name: "onerror"}, |
| 65 {name: "onfocus"}, |
| 66 {name: "onhashchange"}, |
| 67 {name: "oninput"}, |
| 68 {name: "oninvalid"}, |
| 69 {name: "onkeydown"}, |
| 70 {name: "onkeypress"}, |
| 71 {name: "onkeyup"}, |
| 72 {name: "onload"}, |
| 73 {name: "onloadeddata"}, |
| 74 {name: "onloadedmetadata"}, |
| 75 {name: "onloadstart"}, |
| 76 {name: "onmessage"}, |
| 77 {name: "onmousedown"}, |
| 78 {name: "onmousemove"}, |
| 79 {name: "onmouseout"}, |
| 80 {name: "onmouseover"}, |
| 81 {name: "onmouseup"}, |
| 82 {name: "onmousewheel"}, |
| 83 {name: "onoffline"}, |
| 84 {name: "ononline"}, |
| 85 {name: "onpause"}, |
| 86 {name: "onplay"}, |
| 87 {name: "onplaying"}, |
| 88 {name: "onpagehide"}, |
| 89 {name: "onpageshow"}, |
| 90 {name: "onpopstate"}, |
| 91 {name: "onprogress"}, |
| 92 {name: "onratechange"}, |
| 93 {name: "onreset"}, |
| 94 {name: "onresize"}, |
| 95 {name: "onscroll"}, |
| 96 {name: "onseeked"}, |
| 97 {name: "onseeking"}, |
| 98 {name: "onselect"}, |
| 99 {name: "onshow"}, |
| 100 {name: "onstalled"}, |
| 101 {name: "onstorage"}, |
| 102 {name: "onsubmit"}, |
| 103 {name: "onsuspend"}, |
| 104 {name: "ontimeupdate"}, |
| 105 {name: "onunload"}, |
| 106 {name: "onvolumechange"}, |
| 107 {name: "onwaiting"}, |
| 108 {name: "pageXOffset"}, |
| 109 {name: "pageYOffset"}, |
| 110 {name: "personalbar"}, |
| 111 {name: "screen"}, |
| 112 {name: "scrollbars"}, |
| 113 {name: "statusbar"}, |
| 114 {name: "status"}, |
| 115 {name: "screenX"}, |
| 116 {name: "screenY"}, |
| 117 {name: "sessionStorage"}, |
| 118 {name: "toolbar"}, |
| 119 //methods |
| 120 {name: "alert", isMethod: true}, |
| 121 {name: "clearInterval", isMethod: true, args:[1]}, |
| 122 {name: "clearTimeout", isMethod: true, args:[function () {}, 1]}, |
| 123 {name: "confirm", isMethod: true}, |
| 124 {name: "getComputedStyle", isMethod: true, args:[document.body, null]}, |
| 125 {name: "getSelection", isMethod: true}, |
| 126 {name: "matchMedia", isMethod: true, args:["(min-width:50px)"]}, |
| 127 {name: "moveBy", isMethod: true, args:[10, 10]}, |
| 128 {name: "moveTo", isMethod: true, args:[10, 10]}, |
| 129 {name: "open", isMethod: true}, |
| 130 {name: "print", isMethod: true}, |
| 131 {name: "prompt", isMethod: true}, |
| 132 {name: "resizeTo", isMethod: true, args:[10, 10]}, |
| 133 {name: "resizeBy", isMethod: true, args:[10, 10]}, |
| 134 {name: "scroll", isMethod: true, args:[10, 10]}, |
| 135 {name: "scrollTo", isMethod: true, args:[10, 10]}, |
| 136 {name: "scrollBy", isMethod: true, args:[10, 10]}, |
| 137 {name: "setInterval", isMethod: true, args:[function () {}, 1]}, |
| 138 {name: "setTimeout", isMethod: true, args:[function () {}, 1]}, |
| 139 {name: "showModalDialog", isMethod: true, args:["auto:blank", "dialog"]}, |
| 140 {name: "stop", isMethod: true}, |
| 141 ].forEach(function (item) { |
| 142 test(function () { |
| 143 assert_true(item.name in window, "window." + item.name + " should exist.
"); |
| 144 assert_throws("SecurityError", function () { |
| 145 if (item.isMethod) |
| 146 if (item.args) |
| 147 fr.contentWindow[item.name](item.args[0], item.args[1]); |
| 148 else |
| 149 fr.contentWindow[item.name](); |
| 150 else |
| 151 fr.contentWindow[item.name]; |
| 152 }, "A SecurityError exception should be thrown."); |
| 153 }, "A SecurityError exception must be thrown when window." + item.name + "
is accessed from a different origin."); |
| 154 }); |
| 155 |
| 156 //SecurityError should not be thrown |
| 157 [ |
| 158 //attributes |
| 159 {name: "closed"}, |
| 160 {name: "frames"}, |
| 161 {name: "length"}, |
| 162 {name: "location"}, |
| 163 {name: "opener"}, |
| 164 {name: "parent"}, |
| 165 {name: "self"}, |
| 166 {name: "top"}, |
| 167 {name: "window"}, |
| 168 //methods |
| 169 {name: "blur", isMethod: true}, |
| 170 {name: "close", isMethod: true}, |
| 171 {name: "focus", isMethod: true}, |
| 172 {name: "postMessage", isMethod: true, args: [{msg: 'foo'}, "*"]} |
| 173 ].forEach(function (item) { |
| 174 test(function () { |
| 175 assert_true(item.name in window, "window." + item.name + " should exist.
"); |
| 176 try { |
| 177 if (item.isMethod) |
| 178 if (item.args) |
| 179 fr.contentWindow[item.name](item.args[0], item.args[1]); |
| 180 else |
| 181 fr.contentWindow[item.name](); |
| 182 else |
| 183 fr.contentWindow[item.name]; |
| 184 } catch (e) { |
| 185 assert_unreached("An unexpected exception was thrown."); |
| 186 } |
| 187 }, "A SecurityError exception should not be thrown when window." + item.na
me + " is accessed from a different origin."); |
| 188 }); |
| 189 }); |
| 190 t.done(); |
| 191 } |
| 192 |
| 193 </script> |
| 194 <script> |
| 195 onload = function() { |
| 196 var frame = document.createElement('iframe'); |
| 197 frame.id = "fr"; |
| 198 frame.setAttribute("style", "display:none"); |
| 199 frame.setAttribute('src', get_host_info().HTTP_REMOTE_ORIGIN + "/"); |
| 200 frame.setAttribute("onload", "fr_load()"); |
| 201 document.body.appendChild(frame); |
| 202 } |
| 203 </script> |
OLD | NEW |