| |
| <p>This test checks cross-frame access security of window attribute setters (rdar://problem/5326791).</p> |
| <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html" style=""></iframe> |
| <pre id="console"></pre> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| function log(s) |
| { |
| document.getElementById("console").appendChild(document.createTextNode(s + "\n")); |
| } |
| |
| function setForbiddenProperty(obj, prop) |
| { |
| try { |
| obj[prop] = "FAIL!! CUSTOM " + prop; |
| } catch (ex) { |
| log("PASS: Unable to set property " + prop + ": " + ex); |
| } |
| } |
| |
| window.targetWindow = window.frames[0]; |
| |
| window.addEventListener("message", test, false); |
| |
| function test(message) { |
| alert(message.data); |
| // FIXME: This test should use fast/window/resources/window-properties.js instead of a custom list. |
| // Constructors |
| setForbiddenProperty(targetWindow, "Attr"); |
| setForbiddenProperty(targetWindow, "CDATASection"); |
| setForbiddenProperty(targetWindow, "CharacterData"); |
| setForbiddenProperty(targetWindow, "Comment"); |
| setForbiddenProperty(targetWindow, "CSSPrimitiveValue"); |
| setForbiddenProperty(targetWindow, "CSSRule"); |
| setForbiddenProperty(targetWindow, "CSSStyleDeclaration"); |
| setForbiddenProperty(targetWindow, "CSSValue"); |
| setForbiddenProperty(targetWindow, "Document"); |
| setForbiddenProperty(targetWindow, "DocumentFragment"); |
| setForbiddenProperty(targetWindow, "DocumentType"); |
| setForbiddenProperty(targetWindow, "DOMException"); |
| setForbiddenProperty(targetWindow, "DOMImplementation"); |
| setForbiddenProperty(targetWindow, "DOMParser"); |
| setForbiddenProperty(targetWindow, "Element"); |
| setForbiddenProperty(targetWindow, "EvalError"); |
| setForbiddenProperty(targetWindow, "Event"); |
| setForbiddenProperty(targetWindow, "HTMLAnchorElement"); |
| setForbiddenProperty(targetWindow, "HTMLAppletElement"); |
| setForbiddenProperty(targetWindow, "HTMLAreaElement"); |
| setForbiddenProperty(targetWindow, "HTMLBaseElement"); |
| setForbiddenProperty(targetWindow, "HTMLBodyElement"); |
| setForbiddenProperty(targetWindow, "HTMLBRElement"); |
| setForbiddenProperty(targetWindow, "HTMLButtonElement"); |
| setForbiddenProperty(targetWindow, "HTMLCanvasElement"); |
| setForbiddenProperty(targetWindow, "HTMLDirectoryElement"); |
| setForbiddenProperty(targetWindow, "HTMLDivElement"); |
| setForbiddenProperty(targetWindow, "HTMLDListElement"); |
| setForbiddenProperty(targetWindow, "HTMLDocument"); |
| setForbiddenProperty(targetWindow, "HTMLElement"); |
| setForbiddenProperty(targetWindow, "HTMLFieldSetElement"); |
| setForbiddenProperty(targetWindow, "HTMLFontElement"); |
| setForbiddenProperty(targetWindow, "HTMLFormElement"); |
| setForbiddenProperty(targetWindow, "HTMLFrameElement"); |
| setForbiddenProperty(targetWindow, "HTMLFrameSetElement"); |
| setForbiddenProperty(targetWindow, "HTMLHeadElement"); |
| setForbiddenProperty(targetWindow, "HTMLHeadingElement"); |
| setForbiddenProperty(targetWindow, "HTMLHRElement"); |
| setForbiddenProperty(targetWindow, "HTMLHtmlElement"); |
| setForbiddenProperty(targetWindow, "HTMLIFrameElement"); |
| setForbiddenProperty(targetWindow, "HTMLImageElement"); |
| setForbiddenProperty(targetWindow, "HTMLInputElement"); |
| setForbiddenProperty(targetWindow, "HTMLLabelElement"); |
| setForbiddenProperty(targetWindow, "HTMLLegendElement"); |
| setForbiddenProperty(targetWindow, "HTMLLIElement"); |
| setForbiddenProperty(targetWindow, "HTMLLinkElement"); |
| setForbiddenProperty(targetWindow, "HTMLMapElement"); |
| setForbiddenProperty(targetWindow, "HTMLMarqueeElement"); |
| setForbiddenProperty(targetWindow, "HTMLMenuElement"); |
| setForbiddenProperty(targetWindow, "HTMLMetaElement"); |
| setForbiddenProperty(targetWindow, "HTMLModElement"); |
| setForbiddenProperty(targetWindow, "HTMLOListElement"); |
| setForbiddenProperty(targetWindow, "HTMLOptGroupElement"); |
| setForbiddenProperty(targetWindow, "HTMLOptionElement"); |
| setForbiddenProperty(targetWindow, "HTMLParagraphElement"); |
| setForbiddenProperty(targetWindow, "HTMLParamElement"); |
| setForbiddenProperty(targetWindow, "HTMLPreElement"); |
| setForbiddenProperty(targetWindow, "HTMLQuoteElement"); |
| setForbiddenProperty(targetWindow, "HTMLScriptElement"); |
| setForbiddenProperty(targetWindow, "HTMLSelectElement"); |
| setForbiddenProperty(targetWindow, "HTMLStyleElement"); |
| setForbiddenProperty(targetWindow, "HTMLTableCaptionElement"); |
| setForbiddenProperty(targetWindow, "HTMLTableCellElement"); |
| setForbiddenProperty(targetWindow, "HTMLTableColElement"); |
| setForbiddenProperty(targetWindow, "HTMLTableElement"); |
| setForbiddenProperty(targetWindow, "HTMLTableRowElement"); |
| setForbiddenProperty(targetWindow, "HTMLTableSectionElement"); |
| setForbiddenProperty(targetWindow, "HTMLTextAreaElement"); |
| setForbiddenProperty(targetWindow, "HTMLTitleElement"); |
| setForbiddenProperty(targetWindow, "HTMLUListElement"); |
| setForbiddenProperty(targetWindow, "MutationEvent"); |
| setForbiddenProperty(targetWindow, "Node"); |
| setForbiddenProperty(targetWindow, "NodeFilter"); |
| setForbiddenProperty(targetWindow, "ProcessingInstruction"); |
| setForbiddenProperty(targetWindow, "Range"); |
| setForbiddenProperty(targetWindow, "RangeError"); |
| setForbiddenProperty(targetWindow, "ReferenceError"); |
| setForbiddenProperty(targetWindow, "SyntaxError"); |
| setForbiddenProperty(targetWindow, "Text"); |
| setForbiddenProperty(targetWindow, "TypeError"); |
| setForbiddenProperty(targetWindow, "URIError"); |
| setForbiddenProperty(targetWindow, "XMLDocument"); |
| setForbiddenProperty(targetWindow, "XMLSerializer"); |
| setForbiddenProperty(targetWindow, "XPathEvaluator"); |
| setForbiddenProperty(targetWindow, "XPathResult"); |
| |
| // FIXME: find a way to test these Constructors |
| // setForbiddenProperty(targetWindow, "Image"); |
| // setForbiddenProperty(targetWindow, "Option"); |
| // setForbiddenProperty(targetWindow, "XMLHttpRequest"); |
| // setForbiddenProperty(targetWindow, "XSLTProcessor"); |
| |
| // Attributes |
| setForbiddenProperty(targetWindow, "clientInformation"); |
| setForbiddenProperty(targetWindow, "closed"); |
| setForbiddenProperty(targetWindow, "console"); |
| setForbiddenProperty(targetWindow, "crypto"); |
| setForbiddenProperty(targetWindow, "defaultStatus"); |
| setForbiddenProperty(targetWindow, "defaultstatus"); |
| setForbiddenProperty(targetWindow, "devicePixelRatio"); |
| setForbiddenProperty(targetWindow, "document"); |
| setForbiddenProperty(targetWindow, "embeds"); |
| setForbiddenProperty(targetWindow, "event"); |
| setForbiddenProperty(targetWindow, "frameElement"); |
| setForbiddenProperty(targetWindow, "frames"); |
| setForbiddenProperty(targetWindow, "history"); |
| setForbiddenProperty(targetWindow, "images"); |
| setForbiddenProperty(targetWindow, "innerHeight"); |
| setForbiddenProperty(targetWindow, "innerWidth"); |
| setForbiddenProperty(targetWindow, "length"); |
| setForbiddenProperty(targetWindow, "locationbar"); |
| setForbiddenProperty(targetWindow, "menubar"); |
| setForbiddenProperty(targetWindow, "name"); |
| setForbiddenProperty(targetWindow, "navigator"); |
| setForbiddenProperty(targetWindow, "offscreenBuffering"); |
| setForbiddenProperty(targetWindow, "onabort"); |
| setForbiddenProperty(targetWindow, "onbeforeunload"); |
| setForbiddenProperty(targetWindow, "onblur"); |
| setForbiddenProperty(targetWindow, "onchange"); |
| setForbiddenProperty(targetWindow, "onclick"); |
| setForbiddenProperty(targetWindow, "ondblclick"); |
| setForbiddenProperty(targetWindow, "onerror"); |
| setForbiddenProperty(targetWindow, "onfocus"); |
| setForbiddenProperty(targetWindow, "onkeydown"); |
| setForbiddenProperty(targetWindow, "onkeypress"); |
| setForbiddenProperty(targetWindow, "onkeyup"); |
| setForbiddenProperty(targetWindow, "onload"); |
| setForbiddenProperty(targetWindow, "onmousedown"); |
| setForbiddenProperty(targetWindow, "onmousemove"); |
| setForbiddenProperty(targetWindow, "onmouseout"); |
| setForbiddenProperty(targetWindow, "onmouseover"); |
| setForbiddenProperty(targetWindow, "onmouseup"); |
| setForbiddenProperty(targetWindow, "onmousewheel"); |
| setForbiddenProperty(targetWindow, "onreset"); |
| setForbiddenProperty(targetWindow, "onresize"); |
| setForbiddenProperty(targetWindow, "onscroll"); |
| setForbiddenProperty(targetWindow, "onsearch"); |
| setForbiddenProperty(targetWindow, "onselect"); |
| setForbiddenProperty(targetWindow, "onsubmit"); |
| setForbiddenProperty(targetWindow, "onunload"); |
| setForbiddenProperty(targetWindow, "opener"); |
| setForbiddenProperty(targetWindow, "outerHeight"); |
| setForbiddenProperty(targetWindow, "outerWidth"); |
| setForbiddenProperty(targetWindow, "pageXOffset"); |
| setForbiddenProperty(targetWindow, "pageYOffset"); |
| setForbiddenProperty(targetWindow, "personalbar"); |
| setForbiddenProperty(targetWindow, "plugins"); |
| setForbiddenProperty(targetWindow, "screen"); |
| setForbiddenProperty(targetWindow, "screenLeft"); |
| setForbiddenProperty(targetWindow, "screenTop"); |
| setForbiddenProperty(targetWindow, "screenX"); |
| setForbiddenProperty(targetWindow, "screenY"); |
| setForbiddenProperty(targetWindow, "scrollbars"); |
| setForbiddenProperty(targetWindow, "scrollX"); |
| setForbiddenProperty(targetWindow, "scrollY"); |
| setForbiddenProperty(targetWindow, "self"); |
| setForbiddenProperty(targetWindow, "status"); |
| setForbiddenProperty(targetWindow, "statusbar"); |
| setForbiddenProperty(targetWindow, "toolbar"); |
| setForbiddenProperty(targetWindow, "window"); |
| setForbiddenProperty(targetWindow, "parent"); |
| |
| // Functions |
| setForbiddenProperty(targetWindow, "addEventListener"); |
| setForbiddenProperty(targetWindow, "alert"); |
| setForbiddenProperty(targetWindow, "atob"); |
| setForbiddenProperty(targetWindow, "blur"); |
| setForbiddenProperty(targetWindow, "btoa"); |
| setForbiddenProperty(targetWindow, "captureEvents"); |
| setForbiddenProperty(targetWindow, "clearInterval"); |
| setForbiddenProperty(targetWindow, "clearTimeout"); |
| setForbiddenProperty(targetWindow, "close"); |
| setForbiddenProperty(targetWindow, "confirm"); |
| setForbiddenProperty(targetWindow, "constructor"); |
| setForbiddenProperty(targetWindow, "eval"); |
| setForbiddenProperty(targetWindow, "find"); |
| setForbiddenProperty(targetWindow, "focus"); |
| setForbiddenProperty(targetWindow, "getComputedStyle"); |
| setForbiddenProperty(targetWindow, "getMatchedCSSRules"); |
| setForbiddenProperty(targetWindow, "getSelection"); |
| setForbiddenProperty(targetWindow, "moveBy"); |
| setForbiddenProperty(targetWindow, "moveTo"); |
| setForbiddenProperty(targetWindow, "open"); |
| setForbiddenProperty(targetWindow, "print"); |
| setForbiddenProperty(targetWindow, "prompt"); |
| setForbiddenProperty(targetWindow, "releaseEvents"); |
| setForbiddenProperty(targetWindow, "removeEventListener"); |
| setForbiddenProperty(targetWindow, "resizeBy"); |
| setForbiddenProperty(targetWindow, "resizeTo"); |
| setForbiddenProperty(targetWindow, "scroll"); |
| setForbiddenProperty(targetWindow, "scrollBy"); |
| setForbiddenProperty(targetWindow, "scrollTo"); |
| setForbiddenProperty(targetWindow, "setInterval"); |
| setForbiddenProperty(targetWindow, "setTimeout"); |
| setForbiddenProperty(targetWindow, "showModalDialog"); |
| setForbiddenProperty(targetWindow, "stop"); |
| |
| // log(targetWindow.focus.__proto__); |
| log("MAIN WINDOW: !!-- Test ended--!!"); |
| |
| window.stop(); |
| |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| </script> |
