Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(511)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt

Issue 494343003: Eliminate globalFlag usage from http security layout tests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: consistify Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html ('k') | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CONSOLE ERROR: line 1: Uncaught SecurityError: Blocked a frame with origin "http ://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". P rotocols, domains, and ports must match. 1 CONSOLE ERROR: line 1: Uncaught SecurityError: Blocked a frame with origin "http ://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". P rotocols, domains, and ports must match.
2 This page opens a window to "", injects malicious code, and then navigates its o pener to the victim. The opened window then tries to scripts its opener after do cument.writeing a new document. 2 This page opens a window to "", injects malicious code, and then navigates its o pener to the victim. The opened window then tries to scripts its opener after do cument.writeing a new document.
3 Code injected into window: 3 Code injected into window:
4 <script>document.write('<script>function write(target, message) { target.documen t.body.innerHTML = message; }setTimeout(function() {write(window.opener, \'FAIL: XSS was allowed.\');}, 100);setTimeout(function() {write(window.opener.top.fram es[1], \'SUCCESS: Window remained in original SecurityOrigin.\');}, 200);setTime out(function() { if (window.testRunner) testRunner.globalFlag = true; }, 300);<\ /script>');</script> 4 <script>document.write('<script>function write(target, message) { target.documen t.body.innerHTML = message; }setTimeout(function() {write(window.opener, \'FAIL: XSS was allowed.\');}, 100);setTimeout(function() {write(window.opener.top.fram es[1], \'SUCCESS: Window remained in original SecurityOrigin.\');}, 200);setTime out(function() { window.opener.top.postMessage(\'done\', \'*\'); }, 300);<\/scri pt>');</script>
5 5
6 6
7 -------- 7 --------
8 Frame: '<!--framePath //<!--frame0-->-->' 8 Frame: '<!--framePath //<!--frame0-->-->'
9 -------- 9 --------
10 This page doesn't do anything special (except signal that it has finished loadin g). 10 This page doesn't do anything special.
11 11
12 -------- 12 --------
13 Frame: '<!--framePath //<!--frame1-->-->' 13 Frame: '<!--framePath //<!--frame1-->-->'
14 -------- 14 --------
15 SUCCESS: Window remained in original SecurityOrigin. 15 SUCCESS: Window remained in original SecurityOrigin.
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html ('k') | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698