third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open.html - Issue 2702503002: Block renderer-initiated main frame navigations to data URLs

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open.html

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)

Patch Set: Fix Android PDF tests where PDFs should be downloaded Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 <html>

2 <head>

3 <script src="../resources/cross-frame-access.js"></script>

4 <script>

5 if (window.testRunner) {

6 testRunner.dumpAsText();

7 testRunner.waitUntilDone();

8 testRunner.setCanOpenWindows();

9 }

10

11 var openedWindow;

12

13 function loaded() {

14 var url = "data:text/html,<html>"

15 + "<head>"

16 + "<scr" + "ipt>"

17 + "function fireSentinel() {"

18 + "window.opener.postMessage('done', '*');"

19 + "}"

20 + "</scr" + "ipt>"

21 + "</head>"

22 + "<body onload=\"fireSentinel();\">"

23 + "<p>Opened Frame</p>"

24 + "<p id='accessMe'>PASS: Cross frame access from an opener frame was denied</p>"

25 + "</body>"

26 + "</html>";

27

28 window.addEventListener('message', performTest);

29 openedWindow = window.open(url);

30 }

31

32 function performTest() {

33 try {

34 openedWindow.document.getElementById('accessMe').innerHTML = 'FA IL: Access to a window opened with a data: URL was allowed.';

35 } catch (e) {

36 }

37

38 if (window.testRunner)

39 closeWindowAndNotifyDone(openedWindow);

40 }

41 </script>

42 </head>

43 <body onload="loaded();">

44 <p>Opener Frame</p>

45 <pre id="console"></pre>

46 </body>

47 </html>

OLD	NEW