OLD | NEW |
1 <!doctype html> | 1 <!doctype html> |
2 <title>Origin check in document.open() - same origin-domain (but not same origin
) documents</title> | 2 <title>Origin check in document.open() - same origin-domain (but not same origin
) documents</title> |
3 <link rel="author" title="Jochen Eisinger" href="mailto:jochen@chromium.org"> | 3 <link rel="author" title="Jochen Eisinger" href="mailto:jochen@chromium.org"> |
4 <link rel="help" href="https://html.spec.whatwg.org/multipage/#opening-the-input
-stream"> | 4 <link rel="help" href="https://html.spec.whatwg.org/multipage/#opening-the-input
-stream"> |
5 <script src="/resources/testharness.js"></script> | 5 <script src="/resources/testharness.js"></script> |
6 <script src="/resources/testharnessreport.js"></script> | 6 <script src="/resources/testharnessreport.js"></script> |
7 <script src="/html/resources/common.js"></script> | 7 <script src="/html/resources/common.js"></script> |
8 <body> | 8 <body> |
9 <script> | 9 <script> |
10 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup-
insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) =>
{ | 10 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup-
insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) =>
{ |
11 document.domain = document.domain; | 11 document.domain = document.domain; |
12 var doc = ctx.iframes[0].contentDocument; | 12 var doc = ctx.iframes[0].contentDocument; |
13 assert_throws("SecurityError", doc.open.bind(doc), "Opening a same origin-doma
in (but not same origin) document doesn't throw."); | 13 assert_throws("SecurityError", doc.open.bind(doc), "Opening a same origin-doma
in (but not same origin) document doesn't throw."); |
14 }, "It should not be possible to open same origin-domain (but not same origin) d
ocuments."); | 14 }, "It should not be possible to open same origin-domain (but not same origin) d
ocuments."); |
| 15 |
| 16 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup-
insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) =>
{ |
| 17 document.domain = document.domain; |
| 18 var doc = ctx.iframes[0].contentDocument; |
| 19 assert_throws("SecurityError", doc.write.bind(doc, ""), "Implicitly opening a
same origin-domain (but not same origin) document doesn't throw."); |
| 20 }, "It should not be possible to implicitly open same origin-domain (but not sam
e origin) documents."); |
15 </script> | 21 </script> |
16 </body> | 22 </body> |
OLD | NEW |