Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(172)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/cross-frame-access-object-prototype.html

Issue 19932002: Throw exceptions on all failed cross-origin access checks. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: test. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-object-prototype-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <head> 2 <head>
3 <script src="resources/cross-frame-access.js"></script> 3 <script src="resources/cross-frame-access.js"></script>
4 <script> 4 <script>
5 if (window.testRunner) { 5 if (window.testRunner) {
6 testRunner.dumpAsText(); 6 testRunner.dumpAsText();
7 testRunner.dumpChildFramesAsText(); 7 testRunner.dumpChildFramesAsText();
8 testRunner.waitUntilDone(); 8 testRunner.waitUntilDone();
9 } 9 }
10 10
(...skipping 24 matching lines...) Expand all
35 { 35 {
36 targetFrame = frames[0]; 36 targetFrame = frames[0];
37 37
38 // Attempt to inject functions into the target frame. These will be checked in the final step. 38 // Attempt to inject functions into the target frame. These will be checked in the final step.
39 try { Object.prototype.__defineSetter__.call(targetFrame, 'injectedS etter', function() { alert("Set injected setter in: " + document.URL); return "c ustomSetter"; }); } catch(e) { log(e); } 39 try { Object.prototype.__defineSetter__.call(targetFrame, 'injectedS etter', function() { alert("Set injected setter in: " + document.URL); return "c ustomSetter"; }); } catch(e) { log(e); }
40 try { Object.prototype.__defineGetter__.call(targetFrame, 'injectedG etter', function() { return "customGetter"; }); } catch(e) { log(e); } 40 try { Object.prototype.__defineGetter__.call(targetFrame, 'injectedG etter', function() { return "customGetter"; }); } catch(e) { log(e); }
41 41
42 log("\n----- test getting values cross-frame using Object.prototype -----\n"); 42 log("\n----- test getting values cross-frame using Object.prototype -----\n");
43 43
44 // Attempt to detect values set on the target frame. 44 // Attempt to detect values set on the target frame.
45 try { shouldBe("Object.prototype.__lookupGetter__.call(targetFrame, 'myGetter');", "undefined"); } catch(e) { log(e); } 45 try { shouldThrowException("Object.prototype.__lookupGetter__.call(t argetFrame, 'myGetter');"); } catch(e) { log(e); }
46 try { shouldBe("Object.prototype.__lookupSetter__.call(targetFrame, 'mySetter');", "undefined"); } catch(e) { log(e); } 46 try { shouldThrowException("Object.prototype.__lookupSetter__.call(t argetFrame, 'mySetter');"); } catch(e) { log(e); }
47 47 try { shouldThrowException("Object.prototype.propertyIsEnumerable.ca ll(targetFrame, 'myProp');"); } catch(e) { log(e); }
48 try { shouldBe("Object.prototype.propertyIsEnumerable.call(targetFra me, 'myProp');", "false"); } catch(e) { log(e); }
49 // FIXME: Unfortunatly, all cross-cross frame calls hasOwnProperty w ill return true so there is no way to test this right now. 48 // FIXME: Unfortunatly, all cross-cross frame calls hasOwnProperty w ill return true so there is no way to test this right now.
50 // try { shouldBe("Object.prototype.hasOwnProperty.call(targetFrame, 'myProp');", "false"); } catch(e) { log(e); } 49 // try { shouldBe("Object.prototype.hasOwnProperty.call(targetFrame, 'myProp');", "false"); } catch(e) { log(e); }
51 50
52 if (window.postMessage) 51 if (window.postMessage)
53 targetFrame.postMessage("settingValuesComplete", "*"); 52 targetFrame.postMessage("settingValuesComplete", "*");
54 else 53 else
55 log("\nSet Test complete! Click button entitled 'Step 2 - Set C heck' to finish the test."); 54 log("\nSet Test complete! Click button entitled 'Step 2 - Set C heck' to finish the test.");
56 } 55 }
57 </script> 56 </script>
58 </head> 57 </head>
59 <body> 58 <body>
60 <iframe name="target" src="http://localhost:8000/security/resources/cross-fr ame-iframe-for-object-prototype-test.html"></iframe> 59 <iframe name="target" src="http://localhost:8000/security/resources/cross-fr ame-iframe-for-object-prototype-test.html"></iframe>
61 <pre id="console"></pre> 60 <pre id="console"></pre>
62 </body> 61 </body>
63 </html> 62 </html>
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt ('k') | LayoutTests/http/tests/security/cross-frame-access-object-prototype-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698