LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html - WebKit - Git at Google

 <html>
 <head>
     <script src="/js-test-resources/js-test-pre.js"></script>
     <script src="resources/cross-frame-access.js"></script>
     <script>
         jsTestIsAsync = true;

         // Set up listener for message from iframe
         addEventListener('message', function(event) {
             if (event.data == "finishedLoad")
                 doTest();
         }, false);


         doTest = function()
         {
             targetWindow = document.getElementById("target").contentWindow;

             shouldBeNull("Object.getPrototypeOf(targetWindow)");
             shouldBeNull("Object.getPrototypeOf(targetWindow.location)");
             protoGetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').get;
             shouldBeNull("protoGetter.call(targetWindow)");
             shouldBeNull("protoGetter.call(targetWindow.location)");

             shouldThrowErrorName("targetWindow.history", "SecurityError");

             finishJSTest();
         }
     </script>
 </head>
 <body>
     <div>This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().</div>
     <iframe id="target" src="http://localhost:8000/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html"></iframe>
     <pre id="console"></pre>
     <script src="/js-test-resources/js-test-post.js"></script>
 </body>
 </html>
	<html>
	<head>
	<script src="/js-test-resources/js-test-pre.js"></script>
	<script src="resources/cross-frame-access.js"></script>
	<script>
	jsTestIsAsync = true;

	// Set up listener for message from iframe
	addEventListener('message', function(event) {
	if (event.data == "finishedLoad")
	doTest();
	}, false);


	doTest = function()
	{
	targetWindow = document.getElementById("target").contentWindow;

	shouldBeNull("Object.getPrototypeOf(targetWindow)");
	shouldBeNull("Object.getPrototypeOf(targetWindow.location)");
	protoGetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').get;
	shouldBeNull("protoGetter.call(targetWindow)");
	shouldBeNull("protoGetter.call(targetWindow.location)");

	shouldThrowErrorName("targetWindow.history", "SecurityError");

	finishJSTest();
	}
	</script>
	</head>
	<body>
	<div>This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().</div>
	<iframe id="target" src="http://localhost:8000/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html"></iframe>
	<pre id="console"></pre>
	<script src="/js-test-resources/js-test-post.js"></script>
	</body>
	</html>