| <html> |
| <head> |
| <script src="../resources/cross-frame-access.js"></script> |
| <script> |
| window.onload = function() |
| { |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.dumpChildFramesAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| if (window.testRunner) { |
| setTimeout(pollForTest, 1); |
| } else { |
| log("To run the test, click the button below when the opened window finishes loading."); |
| var button = document.createElement("button"); |
| button.appendChild(document.createTextNode("Run Test")); |
| button.onclick = runTest; |
| document.body.appendChild(button); |
| } |
| } |
| |
| pollForTest = function() |
| { |
| if (!testRunner.globalFlag) { |
| setTimeout(pollForTest, 1); |
| return; |
| } |
| runTest(); |
| testRunner.notifyDone(); |
| } |
| |
| runTest = function() |
| { |
| try { |
| window[0][0].document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed."; |
| log("FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed."); |
| return; |
| } catch (e) { |
| console.log(e); |
| } |
| log("PASS: Cross frame access to a data: URL embed in a frame on a foreign domain denied!"); |
| } |
| </script> |
| </head> |
| <body> |
| <p>The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content |
| is an iframe which loads a data: URL. This tests that this main document does not have access to that |
| data: URL loaded iframe.</p> |
| <iframe src="http://localhost:8000/security/dataURL/resources/foreign-domain-data-url-accessee-iframe.html" style="width: 400px; height:200px;"></iframe> |
| <pre id="console"></pre> |
| </body> |
| </html> |
