Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(314)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/external/wpt/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/origin-check-in-document-open-same-origin-domain.sub.html

Issue 2707113005: The security check in document.write should test for same-origin (Closed)
Patch Set: updates Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/origin-check-in-document-open-basic.html ('k') | third_party/WebKit/Source/core/dom/Document.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!doctype html> 1 <!doctype html>
2 <title>Origin check in document.open() - same origin-domain (but not same origin ) documents</title> 2 <title>Origin check in document.open() - same origin-domain (but not same origin ) documents</title>
3 <link rel="author" title="Jochen Eisinger" href="mailto:jochen@chromium.org"> 3 <link rel="author" title="Jochen Eisinger" href="mailto:jochen@chromium.org">
4 <link rel="help" href="https://html.spec.whatwg.org/multipage/#opening-the-input -stream"> 4 <link rel="help" href="https://html.spec.whatwg.org/multipage/#opening-the-input -stream">
5 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharness.js"></script>
6 <script src="/resources/testharnessreport.js"></script> 6 <script src="/resources/testharnessreport.js"></script>
7 <script src="/html/resources/common.js"></script> 7 <script src="/html/resources/common.js"></script>
8 <body> 8 <body>
9 <script> 9 <script>
10 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup- insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) => { 10 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup- insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) => {
11 document.domain = document.domain; 11 document.domain = document.domain;
12 var doc = ctx.iframes[0].contentDocument; 12 var doc = ctx.iframes[0].contentDocument;
13 assert_throws("SecurityError", doc.open.bind(doc), "Opening a same origin-doma in (but not same origin) document doesn't throw."); 13 assert_throws("SecurityError", doc.open.bind(doc), "Opening a same origin-doma in (but not same origin) document doesn't throw.");
14 }, "It should not be possible to open same origin-domain (but not same origin) d ocuments."); 14 }, "It should not be possible to open same origin-domain (but not same origin) d ocuments.");
15
16 testInIFrame("http://{{host}}:{{ports[http][1]}}/html/webappapis/dynamic-markup- insertion/opening-the-input-stream/resources/set-document-domain.html", (ctx) => {
17 document.domain = document.domain;
18 var doc = ctx.iframes[0].contentDocument;
19 assert_throws("SecurityError", doc.write.bind(doc, ""), "Implicitly opening a same origin-domain (but not same origin) document doesn't throw.");
20 }, "It should not be possible to implicitly open same origin-domain (but not sam e origin) documents.");
15 </script> 21 </script>
16 </body> 22 </body>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/origin-check-in-document-open-basic.html ('k') | third_party/WebKit/Source/core/dom/Document.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698