Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(19)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/cross-frame-access-enumeration.html

Issue 19932002: Throw exceptions on all failed cross-origin access checks. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: test. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/cross-frame-access-document-direct-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="resources/cross-frame-access.js"></script> 3 <script src="resources/cross-frame-access.js"></script>
4 <script> 4 <script>
5 window.onload = function() 5 window.onload = function()
6 { 6 {
7 if (window.testRunner) { 7 if (window.testRunner) {
8 testRunner.dumpAsText(); 8 testRunner.dumpAsText();
9 testRunner.waitUntilDone(); 9 testRunner.waitUntilDone();
10 } 10 }
(...skipping 27 matching lines...) Expand all
38 for (var k in b_win) { 38 for (var k in b_win) {
39 if (k == "customWindowProperty") { 39 if (k == "customWindowProperty") {
40 log("FAIL: Cross frame access by enumerating the window object was allowed."); 40 log("FAIL: Cross frame access by enumerating the window object was allowed.");
41 return; 41 return;
42 } 42 }
43 } 43 }
44 } catch (e) { 44 } catch (e) {
45 } 45 }
46 log("PASS: Cross frame access by enumerating the window object was d enied."); 46 log("PASS: Cross frame access by enumerating the window object was d enied.");
47 47
48 var b_winKeys = Object.keys(b_win); 48 try {
49 if (b_winKeys.indexOf("customWindowProperty") != -1) { 49 var b_winKeys = Object.keys(b_win);
50 log("FAIL: Cross frame access by getting the keys of the window object was allowed."); 50 if (b_winKeys.indexOf("customWindowProperty") != -1) {
51 return; 51 log("FAIL: Cross frame access by getting the keys of the win dow object was allowed.");
52 return;
53 }
54 } catch (e) {
52 } 55 }
53 log("PASS: Cross frame access by getting the keys of the window obje ct was denied."); 56 log("PASS: Cross frame access by getting the keys of the window obje ct was denied.");
54 57
55 var b_winPropertyNames = Object.getOwnPropertyNames(b_win); 58 try {
56 if (b_winPropertyNames.indexOf("customWindowProperty") != -1) { 59 var b_winPropertyNames = Object.getOwnPropertyNames(b_win);
57 log("FAIL: Cross frame access by getting the property names of t he window object was allowed."); 60 if (b_winPropertyNames.indexOf("customWindowProperty") != -1) {
58 return; 61 log("FAIL: Cross frame access by getting the property names of the window object was allowed.");
62 return;
63 }
64 } catch (e) {
59 } 65 }
60 log("PASS: Cross frame access by getting the property names of the w indow object was denied."); 66 log("PASS: Cross frame access by getting the property names of the w indow object was denied.");
61 67
62 // Test enumerating the Location object 68 // Test enumerating the Location object
63 var b_win_location = b_win.location; 69 var b_win_location = b_win.location;
64 try { 70 try {
65 for (var k in b_win_location) { 71 for (var k in b_win_location) {
66 if (k == "customLocationProperty") { 72 if (k == "customLocationProperty") {
67 log("FAIL: Cross frame access by enumerating the Locatio n object was allowed."); 73 log("FAIL: Cross frame access by enumerating the Locatio n object was allowed.");
68 return; 74 return;
(...skipping 16 matching lines...) Expand all
85 } 91 }
86 92
87 try { 93 try {
88 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_wi n_location); 94 var b_winLocationPropertyNames = Object.getOwnPropertyNames(b_wi n_location);
89 log("FAIL: Cross frame access to Location object didn't throw an exception."); 95 log("FAIL: Cross frame access to Location object didn't throw an exception.");
90 if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) { 96 if (b_winLocationPropertyNames.indexOf("customLocationProperty") != -1) {
91 log("FAIL: Cross frame access by getting the property names of the Location object was allowed."); 97 log("FAIL: Cross frame access by getting the property names of the Location object was allowed.");
92 return; 98 return;
93 } 99 }
94 } catch (e) { 100 } catch (e) {
95 log("PASS: Cross frame access by getting the keys of the Locatio n object was denied."); 101 log("PASS: Cross frame access by getting the property names of t he Location object was denied.");
96 } 102 }
97 log("PASS: Cross frame access by getting the property names of the L ocation object was denied.");
98 } 103 }
99 </script> 104 </script>
100 </head> 105 </head>
101 <body> 106 <body>
102 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p> 107 <p>This tests that variable names can't be enumerated cross domain (see http ://bugs.webkit.org/show_bug.cgi?id=16387)</p>
103 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe> 108 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for -enumeration-test.html"></iframe>
104 <pre id="console"></pre> 109 <pre id="console"></pre>
105 </body> 110 </body>
106 </html> 111 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/cross-frame-access-document-direct-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698