LayoutTests/http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml - Issue 19932002: Throw exceptions on all failed cross-origin access checks.

Side by Side Diff: LayoutTests/http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml

Issue 19932002: Throw exceptions on all failed cross-origin access checks. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: test. Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « LayoutTests/http/tests/security/xss-DENIED-window-name-navigator-expected.txt ('k') | LayoutTests/http/tests/security/xss-DENIED-xsl-document-securityOrigin-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 <?xml-stylesheet type="text/xsl" href="xss-DENIED-xsl-document-securityOrigin.xm l"?>	1 <?xml-stylesheet type="text/xsl" href="xss-DENIED-xsl-document-securityOrigin.xm l"?>

2 <xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">	2 <xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

3 <xsl:template match="/">	3 <xsl:template match="/">

4 <html>	4 <html>

5 <head>	5 <head>

6 <script>	6 <script>

7 <![CDATA[	7 <![CDATA[

8 if (window.testRunner) {	8 if (window.testRunner) {

9 testRunner.dumpAsText();	9 testRunner.dumpAsText();

10 testRunner.waitUntilDone();	10 testRunner.waitUntilDone();

11 testRunner.setCanOpenWindows();	11 testRunner.setCanOpenWindows();

12 testRunner.setCloseRemainingWindowsWhenComplete(true);	12 testRunner.setCloseRemainingWindowsWhenComplete(true);

13 }	13 }

14	14

15 window.onload = function()	15 window.onload = function()

16 {	16 {

17 if (!opener) {	17 if (!opener) {

18 victim = document.body.appendChild(document.createElement("ifram e"));	18 victim = document.body.appendChild(document.createElement("ifram e"));

19 wnd = victim.contentWindow.open();	19 wnd = victim.contentWindow.open();

20 victim.src = "http://localhost:8080/security/resources/innocent- victim.html";	20 victim.src = "http://localhost:8080/security/resources/innocent- victim.html";

21 victim.onload = function() { wnd.eval("location = '" + location + "'"); }	21 victim.onload = function() { wnd.eval("location = '" + location + "'"); }

22 } else if (location != "about:blank") {	22 } else if (location != "about:blank") {

23 url = location.href;	23 url = location.href;

24 blank = document.body.appendChild(document.createElement("iframe "));	24 blank = document.body.appendChild(document.createElement("iframe "));

25 blank.contentWindow.eval("parent.document.open()");	25 blank.contentWindow.eval("parent.document.open()");

26 location = "javascript:(\"\x3C?xml-stylesheet type='text/xsl' hr ef='" + url + "'?\x3E\x3Croot/\x3E\")";	26 location = "javascript:(\"\x3C?xml-stylesheet type='text/xsl' hr ef='" + url + "'?\x3E\x3Croot/\x3E\")";

27 } else {	27 } else {

28 victim = opener;	28 victim = opener;

29 » » open("javascript:void(0)", "_self");	29 open("javascript:void(0)", "_self");

30 » » if (victim.eval)	30 try {

31 » » » victim.eval("alert(document.body.innerHTML)");	31 if (victim.eval)

	32 victim.eval("alert(document.body.innerHTML)");

	33 } catch (e) {

	34 console.log("PASS: Caught exception while trying to access victim's properties.");

	35 }

32	36

33 if (window.testRunner)	37 if (window.testRunner)

34 testRunner.notifyDone();	38 testRunner.notifyDone();

35 }	39 }

36 }	40 }

37 ]]>	41 ]]>

38 </script>	42 </script>

39 </head>	43 </head>

40 <body>	44 <body>

41 This test passes if it doesn't alert the contents of innocent-victim.html.	45 This test passes if it doesn't alert the contents of innocent-victim.html.

42 </body>	46 </body>

43 </html>	47 </html>

44 </xsl:template>	48 </xsl:template>

45 </xsl:stylesheet>	49 </xsl:stylesheet>

OLD	NEW