Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Side by Side Diff: LayoutTests/http/tests/security/script-onerror-crossorigin-same-origin.html

Issue 47923008: Block execution of failed 'crossorigin' <script>s. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Rebased Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <head> 2 <head>
3 </head> 3 </head>
4 <body> 4 <body>
5 <script src="../../js-test-resources/js-test.js"></script> 5 <script src="/js-test-resources/js-test.js"></script>
6 <script> 6 <script>
7 window.jsTestIsAsync = true; 7 window.jsTestIsAsync = true;
8 description("The test passes if 'window.onerror' gets unsanitized inform ation about an exception thrown in a script loaded with a 'crossorigin' attribut e, and delivered with valid CORS headers."); 8 description("The test passes if 'window.onerror' is invoked with unsanit ized information on a script loaded with a 'crossorigin' attribute, but loads fr om same-origin and without valid CORS headers.");
9 9
10 window.onerror = function(msg, url, line, column, error) { 10 window.onerror = function(msg, url, line, column, error) {
11 window.msg = msg; 11 window.msg = msg;
12 window.url = url; 12 window.url = url;
13 window.line = line; 13 window.line = line;
14 window.column = column; 14 window.column = column;
15 window.errorObject = error; 15 window.errorObject = error;
16 shouldBeTrue("/SomeError/.test(msg)"); 16 shouldBeTrue("/SomeError/.test(msg)");
17 shouldBeEqualToString("url", "http://localhost:8000/security/resourc es/cors-script.php?fail=true&cors=true"); 17 shouldBeEqualToString("url", "http://127.0.0.1:8000/security/resourc es/cors-script.php?fail=true&cors=false");
18 shouldBe("line", "1"); 18 shouldBe("line", "1");
19 shouldBe("column", "1"); 19 shouldBe("column", "1");
20 shouldNotBe("window.errorObject", "null"); 20 shouldNotBe("window.errorObject", "null");
21 finishJSTest(); 21 finishJSTest();
22 } 22 }
23 </script> 23 </script>
24 <script crossorigin="anonymous" src="http://localhost:8000/security/resource s/cors-script.php?fail=true&cors=true"></script> 24 <script crossorigin="anonymous" src="resources/cors-script.php?fail=true&cor s=false"></script>
25 </body> 25 </body>
26 </html> 26 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698