Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(546)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html

Issue 494343003: Eliminate globalFlag usage from http security layout tests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: consistify Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="../resources/libwrapjs.js"></script> 3 <script src="../resources/libwrapjs.js"></script>
4 <script src="../resources/cross-frame-access.js"></script> 4 <script src="../resources/cross-frame-access.js"></script>
5 <script> 5 <script>
6 var code; 6 var code;
7 var openedWindow; 7 var openedWindow;
8 8
9 window.onload = function() 9 window.onload = function()
10 { 10 {
11 if (window.testRunner) { 11 if (window.testRunner) {
12 testRunner.waitUntilDone(); 12 testRunner.waitUntilDone();
13 testRunner.setCanOpenWindows(); 13 testRunner.setCanOpenWindows();
14 testRunner.dumpAsText(); 14 testRunner.dumpAsText();
15 testRunner.dumpChildFramesAsText(); 15 testRunner.dumpChildFramesAsText();
16 } 16 }
17 17
18 var message_fail = 'FAIL: XSS was allowed.'; 18 var message_fail = 'FAIL: XSS was allowed.';
19 var message_success = 'SUCCESS: Window remained in original SecurityOrig in.'; 19 var message_success = 'SUCCESS: Window remained in original SecurityOrig in.';
20 20
21 var write_func = 'function write(target, message) { target.document.body .innerHTML = message; }'; 21 var write_func = 'function write(target, message) { target.document.body .innerHTML = message; }';
22 22
23 var try_attack = 'write(window.opener, ' + libwrapjs.in_string(message_f ail) + ');'; 23 var try_attack = 'write(window.opener, ' + libwrapjs.in_string(message_f ail) + ');';
24 var attack = 'setTimeout(function() {' + try_attack + '}, 100);'; 24 var attack = 'setTimeout(function() {' + try_attack + '}, 100);';
25 25
26 var try_control = 'write(window.opener.top.frames[1], ' + libwrapjs.in_s tring(message_success) + ');'; 26 var try_control = 'write(window.opener.top.frames[1], ' + libwrapjs.in_s tring(message_success) + ');';
27 var control = 'setTimeout(function() {' + try_control + '}, 200);'; 27 var control = 'setTimeout(function() {' + try_control + '}, 200);';
28 28
29 var sigDone = 'setTimeout(function() { if (window.testRunner) testRunner .globalFlag = true; }, 300);'; 29 var sigDone = 'setTimeout(function() { window.opener.top.postMessage(\'d one\', \'*\'); }, 300);';
30 30
31 var payload = 'document.write(' + libwrapjs.in_string(libwrapjs.in_scrip t_tag(write_func + attack + control + sigDone)) + ');'; 31 var payload = 'document.write(' + libwrapjs.in_string(libwrapjs.in_scrip t_tag(write_func + attack + control + sigDone)) + ');';
32 code = libwrapjs.in_script_tag(payload); 32 code = libwrapjs.in_script_tag(payload);
33 log("Code injected into window:"); 33 log("Code injected into window:");
34 log(code); 34 log(code);
35 35
36 if (window.testRunner) {
37 setTimeout(pollForTest1, 1);
38 } else {
39 log("To run the test, click the button below when the frames finish loading.");
40 var button = document.createElement("button");
41 button.appendChild(document.createTextNode("Run Test"));
42 button.onclick = runTest1;
43 document.body.appendChild(button);
44 }
45 }
46
47 pollForTest1 = function()
48 {
49 if (window.testRunner && !testRunner.globalFlag) {
50 setTimeout(pollForTest1, 1);
51 return;
52 }
53 runTest1();
54 }
55
56 runTest1 = function() {
57 frames[0].openWindow(); 36 frames[0].openWindow();
58 openedWindow = frames[0].openedWindow; 37 openedWindow = frames[0].openedWindow;
59 38
60 if (window.testRunner) 39 document.getElementById('targetFrame').onload = runTest;
61 testRunner.globalFlag = false; 40 frames[0].location = 'http://localhost:8000/security/resources/innocent- victim.html';
62
63 frames[0].location = 'http://localhost:8000/security/resources/innocent- victim-with-notify.html';
64
65 setTimeout(pollForTest2, 1);
66 } 41 }
67 42
68 pollForTest2 = function() 43 runTest = function()
69 { 44 {
70 if (window.testRunner && !testRunner.globalFlag) { 45 window.addEventListener('message', function () { closeWindowAndNotifyDon e(openedWindow); });
71 setTimeout(pollForTest2, 1);
72 return;
73 }
74 runTest2();
75 }
76
77 runTest2 = function()
78 {
79 openedWindow.document.write(code); 46 openedWindow.document.write(code);
80 openedWindow.document.close(); 47 openedWindow.document.close();
81 if (window.testRunner) {
82 testRunner.globalFlag = false;
83 setTimeout(pollForDone, 1);
84 }
85 }
86
87 pollForDone = function()
88 {
89 if (window.testRunner && !testRunner.globalFlag) {
90 setTimeout(pollForDone, 1);
91 return;
92 }
93 closeWindowAndNotifyDone(openedWindow);
94 } 48 }
95 </script> 49 </script>
96 </head> 50 </head>
97 <body> 51 <body>
98 <div>This page opens a window to &quot;&quot;, injects malicious code, and 52 <div>This page opens a window to &quot;&quot;, injects malicious code, and
99 then navigates its opener to the victim. The opened window then tries to 53 then navigates its opener to the victim. The opened window then tries to
100 scripts its opener after <code>document.write</code>ing a new document.</div> 54 scripts its opener after <code>document.write</code>ing a new document.</div>
101 <pre id="console"></pre> 55 <pre id="console"></pre>
102 <iframe style="border: solid 3px red;" src="../resources/open-window.html"></ifr ame> 56 <iframe id="targetFrame" style="border: solid 3px red;" src="../resources/open-w indow.html"></iframe>
103 <iframe style="border: solid 3px green;" src="../resources/innocent-victim.html" ></iframe> 57 <iframe style="border: solid 3px green;" src="../resources/innocent-victim.html" ></iframe>
104 </body> 58 </body>
105 </html> 59 </html>
OLDNEW
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698