Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(786)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt

Issue 494343003: Eliminate globalFlag usage from http security layout tests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: consistify Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html ('k') | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CONSOLE ERROR: line 1: Uncaught SecurityError: Blocked a frame with origin "http ://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". P rotocols, domains, and ports must match. 1 CONSOLE ERROR: line 1: Uncaught SecurityError: Blocked a frame with origin "http ://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". P rotocols, domains, and ports must match.
2 This page opens a window to "", injects malicious code, and then navigates its o pener to the victim. The opened window then tries to scripts its opener after re loading itself as a javascript URL. 2 This page opens a window to "", injects malicious code, and then navigates its o pener to the victim. The opened window then tries to scripts its opener after re loading itself as a javascript URL.
3 Code injected into window: 3 Code injected into window:
4 <script>window.location = 'javascript:\'<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window .opener, \\\'FAIL: XSS was allowed.\\\');}, 100);setTimeout(function() {write(wi ndow.opener.top.frames[1], \\\'SUCCESS: Window remained in original SecurityOrig in.\\\');}, 200);setTimeout(function() { if (window.testRunner) testRunner.globa lFlag = true; }, 300);<\\\/script>\''</script> 4 <script>window.location = 'javascript:\'<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window .opener, \\\'FAIL: XSS was allowed.\\\');}, 100);setTimeout(function() {write(wi ndow.opener.top.frames[1], \\\'SUCCESS: Window remained in original SecurityOrig in.\\\');}, 200);setTimeout(function() { window.opener.top.postMessage(\\\'done\ \\', \\\'*\\\'); }, 300);<\\\/script>\''</script>
5 5
6 6
7 -------- 7 --------
8 Frame: '<!--framePath //<!--frame0-->-->' 8 Frame: '<!--framePath //<!--frame0-->-->'
9 -------- 9 --------
10 This page doesn't do anything special (except signal that it has finished loadin g). 10 This page doesn't do anything special.
11 11
12 -------- 12 --------
13 Frame: '<!--framePath //<!--frame1-->-->' 13 Frame: '<!--framePath //<!--frame1-->-->'
14 -------- 14 --------
15 SUCCESS: Window remained in original SecurityOrigin. 15 SUCCESS: Window remained in original SecurityOrigin.
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html ('k') | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698