Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url.html

Issue 494343003: Eliminate globalFlag usage from http security layout tests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: consistify Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt ('k') | LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="../resources/cross-frame-access.js"></script> 3 <script src="../resources/cross-frame-access.js"></script>
4 <script> 4 <script>
5 if (window.testRunner) { 5 if (window.testRunner) {
6 testRunner.dumpAsText(); 6 testRunner.dumpAsText();
7 testRunner.dumpChildFramesAsText(); 7 testRunner.dumpChildFramesAsText();
8 testRunner.waitUntilDone(); 8 testRunner.waitUntilDone();
9 } 9 }
10 10
11 function loaded() { 11 function loaded() {
12 // This has to be broken into parts so that when it is included belo w the <script> tags 12 // This has to be broken into parts so that when it is included belo w the <script> tags
13 // are not interpreted as closing the current script context. 13 // are not interpreted as closing the current script context.
14 var innerURLFirstPart = "data:text/html,<html>" 14 var innerURLFirstPart = "data:text/html,<html>"
15 + "<head>" 15 + "<head>"
16 + "<scr"; 16 + "<scr";
17 17
18 var innerURLSecondPart = "ipt>" 18 var innerURLSecondPart = "ipt>"
19 + "function fireSentinel() {" 19 + "function fireSentinel() {"
20 + "if (window.testRunner)" 20 + "window.parent.postMessage(\"perform test\", \"*\" );"
21 + "testRunner.globalFlag = true;"
22 + "}" 21 + "}"
23 + "</scr"; 22 + "</scr";
24 23
25 var innerURLThirdPart = "ipt>" 24 var innerURLThirdPart = "ipt>"
26 + "</head>" 25 + "</head>"
27 + "<body onload=\"fireSentinel();\">" 26 + "<body onload=\"fireSentinel();\">"
28 + "<p id=\"accessMe\">PASS: Cross frame access from a data: URL was denied.</p>" 27 + "<p id=\"accessMe\">PASS: Cross frame access from a data: URL was denied.</p>"
29 + "<p>Inner-inner iframe.</p>" 28 + "<p>Inner-inner iframe.</p>"
30 + "</body>" 29 + "</body>"
31 + "</html>"; 30 + "</html>";
32 31
33 var url = "data:text/html,<html>" 32 var url = "data:text/html,<html>"
34 + "<head>" 33 + "<head>"
35 + "<scr" + "ipt>" 34 + "<scr" + "ipt>"
36 + "function loaded() {" 35 + "function loaded() {"
36 + "window.addEventListener('message', performTest);"
37 + "var iframe = document.getElementById('inner');" 37 + "var iframe = document.getElementById('inner');"
38 + "iframe.src = '" + innerURLFirstPart + "' + '" + i nnerURLSecondPart + "' + '" + innerURLThirdPart + "';" 38 + "iframe.src = '" + innerURLFirstPart + "' + '" + i nnerURLSecondPart + "' + '" + innerURLThirdPart + "';"
39 + "if (window.testRunner) {"
40 + "setTimeout(waitForFlag, 1);"
41 + "function waitForFlag() {"
42 + "if (!testRunner.globalFlag) {"
43 + "setTimeout(waitForFlag, 1);"
44 + "return;"
45 + "}"
46 + "performTest();"
47 + "}"
48 + "} else {"
49 + "document.getElementById('console').innerHTML = 'Click the button when all the subframes have finished loading.';"
50 + "}"
51 + "}" 39 + "}"
52 + "function performTest() {" 40 + "function performTest() {"
53 + "try {" 41 + "try {"
54 + "frames[0].document.getElementById('accessMe') .innerHTML = 'FAIL: Cross frame access from a data: URL was allowed.';" 42 + "frames[0].document.getElementById('accessMe') .innerHTML = 'FAIL: Cross frame access from a data: URL was allowed.';"
55 + "} catch (e) {" 43 + "} catch (e) {"
56 + "}" 44 + "}"
57 + "if (window.testRunner)" 45 + "if (window.testRunner)"
58 + "testRunner.notifyDone();" 46 + "testRunner.notifyDone();"
59 + "}" 47 + "}"
60 + "</scr" + "ipt>" 48 + "</scr" + "ipt>"
61 + "</head>" 49 + "</head>"
62 + "<body onload='loaded();'>" 50 + "<body onload='loaded();'>"
63 + "<iframe id='inner' name='inner'></iframe>" 51 + "<iframe id='inner' name='inner'></iframe>"
64 + "<p>Inner iframe.</p>" 52 + "<p>Inner iframe.</p>"
65 + "<button onclick='performTest();'>Test</button>"
66 + "<pre id='console'></pre>" 53 + "<pre id='console'></pre>"
67 + "</body>" 54 + "</body>"
68 + "</html>"; 55 + "</html>";
69 56
70 var iframe = document.getElementById("aFrame"); 57 var iframe = document.getElementById("aFrame");
71 iframe.src = url; 58 iframe.src = url;
72 } 59 }
73 </script> 60 </script>
74 </head> 61 </head>
75 <body onload="loaded();"> 62 <body onload="loaded();">
76 <p>This tests that a data: URL subframe can't access a child data: URL subfr ame of itself.</p> 63 <p>This tests that a data: URL subframe can't access a child data: URL subfr ame of itself.</p>
77 <iframe name="aFrame" id="aFrame" style="width: 500px; height: 300px;"></ifr ame> 64 <iframe name="aFrame" id="aFrame" style="width: 500px; height: 300px;"></ifr ame>
78 </body> 65 </body>
79 </html> 66 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt ('k') | LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698