third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html - Issue 2702503002: Block renderer-initiated main frame navigations to data URLs

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)

Patch Set: Fix Android PDF tests where PDFs should be downloaded Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 <html>

2 <head>

3 <script src="../resources/cross-frame-access.js"></script>

4 <script>

5 if (window.testRunner) {

6 testRunner.dumpAsText();

7 testRunner.setCanOpenWindows();

8 testRunner.waitUntilDone();

9 }

10 function loaded() {

11 var url = "data:text/html,<html>"

12 + "<head>"

13 + "<scr" + "ipt>"

14 + "function test() {"

15 + "try {"

16 + "opener.document.getElementById(\"accessMe\"). innerHTML = \"FAIL: Access from a window opened with a data: URL was allowed!\"; "

17 + "} catch (e) {"

18 + "}"

19 + "window.opener.postMessage('done', '*');"

20 + "}"

21 + "</scri" + "pt>"

22 + "</head>"

23 + "<body onload=\"test();\">"

24 + "<p>Opened Frame.</p>"

25 + "</body>"

26 + "</html>";

27

28 window.addEventListener('message', function () {

29 closeWindowAndNotifyDone(openedWindow);

30 });

31 var openedWindow = window.open(url);

32 }

33 </script>

34 </head>

35 <body onload="loaded();">

36 <p>Opener Frame</p>

37 <p id='accessMe'>PASS: Access from a window opened with a data: URL was deni ed.</p>

38 </body>

39 </html>

OLD	NEW