blob: dfaac0ee6e2a101db67dbdc71fbf5aad2c177191 [file] [log] [blame]
<html>
<head>
<script src="/js-test-resources/js-test-pre.js"></script>
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html" style=""></iframe>
<pre id="console"></pre>
<script>
description("Tests for calling methods of another frame using Function.call");
jsTestIsAsync = true;
window.targetWindow = frames[0];
window.onload = function()
{
// Allowed
// void focus();
// void blur();
// void close();
// void postMessage(in DOMString message);
// - Tests for the Window object -
// undefined value indicates failure
shouldThrowErrorName("window.setTimeout.call(targetWindow, 'void(0);', 0)", "SecurityError");
shouldThrowErrorName("window.setInterval.call(targetWindow, 'void(0);', 0)", "SecurityError");
shouldThrowErrorName("window.getSelection.call(targetWindow)", "SecurityError");
shouldThrowErrorName("window.find.call(targetWindow, 'string', false, false, false, false, false, false)", "SecurityError");
shouldThrowErrorName("window.confirm.call(targetWindow, 'message')", "SecurityError");
shouldThrowErrorName("window.prompt.call(targetWindow, 'message', 'defaultValue')", "SecurityError");
shouldThrowErrorName("window.getComputedStyle.call(targetWindow, document.body, '')", "SecurityError");
shouldThrowErrorName("window.getMatchedCSSRules.call(targetWindow, document.body, '')", "SecurityError");
shouldThrowErrorName("window.atob.call(targetWindow, 'string')", "SecurityError");
shouldThrowErrorName("window.btoa.call(targetWindow, 'string')", "SecurityError");
shouldThrowErrorName("window.open.call(targetWindow, '')", "SecurityError");
// These always return undefined so we use the error console to detect failure
shouldThrowErrorName("window.addEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
shouldThrowErrorName("window.removeEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
shouldThrowErrorName("window.dispatchEvent.call(targetWindow, new Event('click'));", "SecurityError");
shouldThrowErrorName("window.clearTimeout.call(targetWindow, 0);", "SecurityError");
shouldThrowErrorName("window.clearInterval.call(targetWindow, 0);", "SecurityError");
shouldThrowErrorName("window.print.call(targetWindow);", "SecurityError");
shouldThrowErrorName("window.stop.call(targetWindow);", "SecurityError");
shouldThrowErrorName("window.alert.call(targetWindow, 'message');", "SecurityError");
shouldThrowErrorName("window.scrollBy.call(targetWindow, 0, 0);", "SecurityError");
shouldThrowErrorName("window.scrollTo.call(targetWindow, 0, 0);", "SecurityError");
shouldThrowErrorName("window.scroll.call(targetWindow, 0, 0);", "SecurityError");
shouldThrowErrorName("window.moveBy.call(targetWindow, 0, 0);", "SecurityError");
shouldThrowErrorName("window.moveTo.call(targetWindow, 0, 0);", "SecurityError");
shouldThrowErrorName("window.resizeBy.call(targetWindow, 0, 0);", "SecurityError");
shouldThrowErrorName("window.resizeTo.call(targetWindow, 0, 0);", "SecurityError");
shouldThrowErrorName("window.showModalDialog.call(targetWindow);", "SecurityError");
// Throws an EvalError and logs to the error console
shouldBe("window.eval.call(targetWindow, '1+2');", '3');
// - Tests for the Location object -
// undefined value indicates failure
shouldThrowErrorName("window.location.toString.call(targetWindow.location)", "SecurityError");
// - Tests for the History object -
shouldThrowErrorName("targetWindow.history", "SecurityError");
// Work around DRT bug that causes subsequent tests to fail.
window.stop();
finishJSTest();
}
</script>
<script src="/js-test-resources/js-test-post.js"></script>
</body>
</html>