Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt

Issue 19932002: Throw exceptions on all failed cross-origin access checks. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: test. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html ('k') | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from access ing a frame with origin "http://localhost:8000". Protocols, domains, and ports m ust match. 1 CONSOLE MESSAGE: line 1: Uncaught SecurityError: Blocked a frame with origin "ht tp://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
2 CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of unde fined
3 This page opens a window to "", injects malicious code, and then navigates its o pener to the victim. The opened window then tries to scripts its opener after do cument.writeing a new document. 2 This page opens a window to "", injects malicious code, and then navigates its o pener to the victim. The opened window then tries to scripts its opener after do cument.writeing a new document.
4 Code injected into window: 3 Code injected into window:
5 <script>document.write('<script>function write(target, message) { target.documen t.body.innerHTML = message; }setTimeout(function() {write(window.opener, \'FAIL: XSS was allowed.\');}, 100);setTimeout(function() {write(window.opener.top.fram es[1], \'SUCCESS: Window remained in original SecurityOrigin.\');}, 200);setTime out(function() { if (window.testRunner) testRunner.globalFlag = true; }, 300);<\ /script>');</script> 4 <script>document.write('<script>function write(target, message) { target.documen t.body.innerHTML = message; }setTimeout(function() {write(window.opener, \'FAIL: XSS was allowed.\');}, 100);setTimeout(function() {write(window.opener.top.fram es[1], \'SUCCESS: Window remained in original SecurityOrigin.\');}, 200);setTime out(function() { if (window.testRunner) testRunner.globalFlag = true; }, 300);<\ /script>');</script>
6 5
7 6
8 -------- 7 --------
9 Frame: '<!--framePath //<!--frame0-->-->' 8 Frame: '<!--framePath //<!--frame0-->-->'
10 -------- 9 --------
11 This page doesn't do anything special (except signal that it has finished loadin g). 10 This page doesn't do anything special (except signal that it has finished loadin g).
12 11
13 -------- 12 --------
14 Frame: '<!--framePath //<!--frame1-->-->' 13 Frame: '<!--framePath //<!--frame1-->-->'
15 -------- 14 --------
16 SUCCESS: Window remained in original SecurityOrigin. 15 SUCCESS: Window remained in original SecurityOrigin.
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html ('k') | LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698