Index: LayoutTests/http/tests/security/xss-DENIED-window-index-assign.html |
diff --git a/LayoutTests/http/tests/security/xss-DENIED-window-index-assign.html b/LayoutTests/http/tests/security/xss-DENIED-window-index-assign.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..a6b54a1fe164a474f4e2257260378346bec97179 |
--- /dev/null |
+++ b/LayoutTests/http/tests/security/xss-DENIED-window-index-assign.html |
@@ -0,0 +1,13 @@ |
+<script> |
+if (window.testRunner) |
+ testRunner.dumpAsText(); |
+ |
+window[0] = { |
+ a: "1", |
+ f: function() { |
+ alert("FAIL: Child called parent.f()"); |
+ } |
+}; |
+</script> |
+<iframe src="data:text/html,<script>alert(parent[0].a);</script><script>parent[0].f();</script>"></iframe><br> |
adamk
2013/07/22 23:19:28
Does this load synchronously? If not, you may need
abarth-chromium
2013/07/22 23:24:52
Nope. The only frames that load synchronously are
|
+This test passes if the access is forbidden. |