Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level.html

Issue 494343003: Eliminate globalFlag usage from http security layout tests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: consistify Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open.html ('k') | LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="../resources/cross-frame-access.js"></script> 3 <script src="../resources/cross-frame-access.js"></script>
4 <script> 4 <script>
5 if (window.testRunner) { 5 if (window.testRunner) {
6 testRunner.dumpAsText(); 6 testRunner.dumpAsText();
7 testRunner.dumpChildFramesAsText(); 7 testRunner.dumpChildFramesAsText();
8 testRunner.waitUntilDone(); 8 testRunner.waitUntilDone();
9 } 9 }
10 10
11 function loaded() { 11 function loaded() {
12 var innerURL = 'data:text/html,<html>' 12 var innerURL = 'data:text/html,<html>'
13 + "<head>" 13 + "<head>"
14 + "<scr" + "ipt>" 14 + "<scr" + "ipt>"
15 + "function fireSentinel() {" 15 + "function fireSentinel() {"
16 + "if (window.testRunner)" 16 + "window.top.postMessage(\"perform test\", \"*\");"
17 + "testRunner.globalFlag = true;"
18 + "}" 17 + "}"
19 + "</scr" + "ipt>" 18 + "</scr" + "ipt>"
20 + "</head>" 19 + "</head>"
21 + "<body onload=\"fireSentinel();\">" 20 + "<body onload=\"fireSentinel();\">"
22 + "<p id=\"accessMe\">PASS: Cross frame access to a data: UR L 2 levels deep was denied.</p>" 21 + "<p id=\"accessMe\">PASS: Cross frame access to a data: UR L 2 levels deep was denied.</p>"
23 + "<p>Inner-inner iframe.</p>" 22 + "<p>Inner-inner iframe.</p>"
24 + "</body>" 23 + "</body>"
25 + '</html>'; 24 + '</html>';
26 25
27 var url = "data:text/html,<html>" 26 var url = "data:text/html,<html>"
28 + "<body>" 27 + "<body>"
29 + "<p>Inner iframe.</p>" 28 + "<p>Inner iframe.</p>"
30 + "<iframe src='" + innerURL + "'></iframe>" 29 + "<iframe src='" + innerURL + "'></iframe>"
31 + "</body>" 30 + "</body>"
32 + "</html>"; 31 + "</html>";
33 32
33 window.addEventListener('message', performTest);
34 var iframe = document.getElementById("aFrame"); 34 var iframe = document.getElementById("aFrame");
35 iframe.src = url; 35 iframe.src = url;
36
37 if (window.testRunner) {
38 setTimeout(waitForFlag, 1);
39 function waitForFlag() {
40 if (!testRunner.globalFlag) {
41 setTimeout(waitForFlag, 1);
42 return;
43 }
44 performTest();
45 }
46 } else {
47 log("Click the button when all the subframes have finished loadi ng.");
48 }
49 } 36 }
50 37
51 function performTest() { 38 function performTest() {
52 try { 39 try {
53 var innerInnerFrame = window.frames[0].frames[0]; 40 var innerInnerFrame = window.frames[0].frames[0];
54 if (innerInnerFrame.document.getElementById('accessMe')) { 41 if (innerInnerFrame.document.getElementById('accessMe')) {
55 innerInnerFrame.document.getElementById('accessMe').innerHTM L = 'FAIL: Cross frame access to a data: URL 2 levels deep was allowed.'; 42 innerInnerFrame.document.getElementById('accessMe').innerHTM L = 'FAIL: Cross frame access to a data: URL 2 levels deep was allowed.';
56 log('FAIL: Cross frame access to a data: URL 2 levels deep w as allowed.'); 43 log('FAIL: Cross frame access to a data: URL 2 levels deep w as allowed.');
57 if (window.testRunner) 44 if (window.testRunner)
58 testRunner.notifyDone(); 45 testRunner.notifyDone();
59 return; 46 return;
60 } 47 }
61 } catch (e) { 48 } catch (e) {
62 } 49 }
63 50
64 log('PASS: Cross frame access to a data: URL 2 levels deep was denie d.'); 51 log('PASS: Cross frame access to a data: URL 2 levels deep was denie d.');
65 if (window.testRunner) 52 if (window.testRunner)
66 testRunner.notifyDone(); 53 testRunner.notifyDone();
67 } 54 }
68 55
69 </script> 56 </script>
70 </head> 57 </head>
71 <body onload="loaded();"> 58 <body onload="loaded();">
72 <p>This tests that the main frame doesn't have access to a data: URL loaded in an iframe inside another data: URL loaded iframe.</p> 59 <p>This tests that the main frame doesn't have access to a data: URL loaded in an iframe inside another data: URL loaded iframe.</p>
73 <button onclick="performTest()">Test</button>
74 <iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></ifr ame> 60 <iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></ifr ame>
75 <pre id='console'></pre> 61 <pre id='console'></pre>
76 </body> 62 </body>
77 </html> 63 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open.html ('k') | LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698