Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(177)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt

Issue 494343003: Eliminate globalFlag usage from http security layout tests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: consistify Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener.html ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CONSOLE ERROR: line 1: Uncaught SecurityError: Blocked a frame with origin "http ://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". P rotocols, domains, and ports must match. 1 CONSOLE ERROR: line 1: Uncaught SecurityError: Blocked a frame with origin "http ://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". P rotocols, domains, and ports must match.
2 This page opens a window to "", injects malicious code, and then uses window.ope n.call to set its opener to the victim. The opened window then tries to scripts its opener. 2 This page opens a window to "", injects malicious code, and then uses window.ope n.call to set its opener to the victim. The opened window then tries to scripts its opener.
3 Code injected into window: 3 Code injected into window:
4 <script>function write(target, message) { target.document.body.innerHTML = messa ge; } 4 <script>function write(target, message) { target.document.body.innerHTML = messa ge; }
5 setTimeout(function() {write(window.opener.top.frames[0], 'FAIL: XSS was allowed .');}, 100); 5 setTimeout(function() {write(window.opener.top.frames[0], 'FAIL: XSS was allowed .');}, 100);
6 setTimeout(function() {write(window.opener.top.frames[1], 'SUCCESS: Window remai ned in original SecurityOrigin.');}, 200); 6 setTimeout(function() {write(window.opener.top.frames[1], 'SUCCESS: Window remai ned in original SecurityOrigin.');}, 200);
7 setTimeout(function() { if (window.testRunner) testRunner.globalFlag = true; }, 300);</script> 7 setTimeout(function() { window.opener.top.postMessage('done', '*'); }, 300);</sc ript>
8 PASS: 'window.open' called on another frame threw: SecurityError: Failed to exec ute 'open' on 'Window': Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. 8 PASS: 'window.open' called on another frame threw: SecurityError: Failed to exec ute 'open' on 'Window': Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame.
9 9
10 10
11 -------- 11 --------
12 Frame: '<!--framePath //<!--frame0-->-->' 12 Frame: '<!--framePath //<!--frame0-->-->'
13 -------- 13 --------
14 This page doesn't do anything special. 14 This page doesn't do anything special.
15 15
16 -------- 16 --------
17 Frame: '<!--framePath //<!--frame1-->-->' 17 Frame: '<!--framePath //<!--frame1-->-->'
18 -------- 18 --------
19 SUCCESS: Window remained in original SecurityOrigin. 19 SUCCESS: Window remained in original SecurityOrigin.
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener.html ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698