| OLD | NEW |
|---|
| 1 <html> | 1 <html> |
| 2 <head> | 2 <head> |
| 3 <script src="../resources/cross-frame-access.js"></script> | 3 <script src="../resources/cross-frame-access.js"></script> |
| 4 <script> | 4 <script> |
| 5 window.onload = function() | 5 window.onload = function() |
| 6 { | 6 { |
| 7 if (window.testRunner) { | 7 if (window.testRunner) { |
| 8 testRunner.dumpAsText(); | 8 testRunner.dumpAsText(); |
| 9 testRunner.dumpChildFramesAsText(); | 9 testRunner.dumpChildFramesAsText(); |
| 10 testRunner.waitUntilDone(); | 10 testRunner.waitUntilDone(); |
| 11 } | 11 } |
| 12 | 12 |
| 13 if (window.testRunner) { | 13 window.addEventListener('message', function () |
| 14 setTimeout(pollForTest, 1); | 14 { |
| 15 } else { | 15 runTest(); |
| 16 log("To run the test, click the button below when the opened win
dow finishes loading."); | 16 if (window.testRunner) |
| 17 var button = document.createElement("button"); | 17 testRunner.notifyDone(); |
| 18 button.appendChild(document.createTextNode("Run Test")); | 18 }); |
| 19 button.onclick = runTest; | |
| 20 document.body.appendChild(button); | |
| 21 } | |
| 22 } | |
| 23 | |
| 24 pollForTest = function() | |
| 25 { | |
| 26 if (!testRunner.globalFlag) { | |
| 27 setTimeout(pollForTest, 1); | |
| 28 return; | |
| 29 } | |
| 30 runTest(); | |
| 31 testRunner.notifyDone(); | |
| 32 } | 19 } |
| 33 | 20 |
| 34 runTest = function() | 21 runTest = function() |
| 35 { | 22 { |
| 36 try { | 23 try { |
| 37 window[0][0].document.getElementById('accessMe').innerHTML = "FA
IL: Cross frame access to a javascript: URL embed in a frame on a foreign domain
allowed."; | 24 window[0][0].document.getElementById('accessMe').innerHTML = "FA
IL: Cross frame access to a javascript: URL embed in a frame on a foreign domain
allowed."; |
| 38 log("FAIL: Cross frame access to a javascript: URL embed in a fr
ame on a foreign domain allowed."); | 25 log("FAIL: Cross frame access to a javascript: URL embed in a fr
ame on a foreign domain allowed."); |
| 39 return; | 26 return; |
| 40 } catch (e) { | 27 } catch (e) { |
| 41 } | 28 } |
| 42 | 29 |
| 43 log("PASS: Cross frame access to a javascript: URL embed in a frame
on a foreign domain denied!"); | 30 log("PASS: Cross frame access to a javascript: URL embed in a frame
on a foreign domain denied!"); |
| 44 } | 31 } |
| 45 </script> | 32 </script> |
| 46 </head> | 33 </head> |
| 47 <body> | 34 <body> |
| 48 <p>The scenario for this test is that you have an iframe with content from a
foreign domain. In that foreign content | 35 <p>The scenario for this test is that you have an iframe with content from a
foreign domain. In that foreign content |
| 49 is an iframe which loads a javascript: URL. This tests that this main d
ocument does not have access to that | 36 is an iframe which loads a javascript: URL. This tests that this main d
ocument does not have access to that |
| 50 javascript: URL loaded iframe.</p> | 37 javascript: URL loaded iframe.</p> |
| 51 <iframe src="http://localhost:8000/security/javascriptURL/resources/foreign-
domain-javascript-url-accessee-iframe.html" style="width: 400px; height:200px;">
</iframe> | 38 <iframe src="http://localhost:8000/security/javascriptURL/resources/foreign-
domain-javascript-url-accessee-iframe.html" style="width: 400px; height:200px;">
</iframe> |
| 52 <pre id="console"></pre> | 39 <pre id="console"></pre> |
| 53 </body> | 40 </body> |
| 54 </html> | 41 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 494343003:
Eliminate globalFlag usage from http security layout tests. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk