Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(448)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html

Issue 2651943002: Block subresource requests whose URLs include credentials. (Closed)
Patch Set: Test. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <!DOCTYPE HTML> 1 <!DOCTYPE HTML>
2 <html> 2 <html>
3 <head> 3 <head>
4 <script> 4 <script>
5 window.onload = function() 5 window.onload = function()
6 { 6 {
7 if (window.testRunner) 7 if (window.testRunner)
8 { 8 {
9 testRunner.dumpAsText(); 9 testRunner.dumpAsText();
10 testRunner.waitUntilDone(); 10 testRunner.waitUntilDone();
11 testRunner.setCanOpenWindows(true);
11 } 12 }
12 13
13 var div = document.getElementById('div1'); 14 window.addEventListener("message", e => {
14 var frame = document.createElement('iframe'); 15 var href = e.data.location;
15 frame.setAttribute('src', 'http://_username:_password@'
16 + location.host + '/security/resources/blank.html');
17 document.body.appendChild(frame);
18
19 frame.onload = function() {
20 var href = frame.contentWindow.location.href;
21 if (href.indexOf('_username') === -1 && 16 if (href.indexOf('_username') === -1 &&
22 href.indexOf('_password') === -1) { 17 href.indexOf('_password') === -1) {
23 alert('PASS'); 18 alert('PASS');
24 } 19 }
25 if (window.testRunner) 20 if (window.testRunner)
26 testRunner.notifyDone(); 21 testRunner.notifyDone();
27 } 22 });
23
24 var w = window.open('http://_username:_password@127.0.0.1:8000/security/reso urces/post-location-to-opener.html');
28 } 25 }
29 </script> 26 </script>
30 </head> 27 </head>
31 <body>This test passes if it alerts the string "PASS".<br/></body> 28 <body>This test passes if it alerts the string "PASS".<br/></body>
32 </html> 29 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698